MEDSMINDER App Privacy Policy (Pilot Phase)

The medsminder App is being piloted in Liverpool by Liverpool CCG.

This privacy policy explains how the information you enter into the app during the pilot will be used.

Topics

  • What information do we collect about you?
  • How will we use the information about you?
  • Access to your information and corrections
  • How to contact us

What information do we collect about you?

We collect your name and email address to set-up your account.

We collect any information that you enter into the app (e.g. your medication routines, logs of when you take your medication), and any information about you that your clinician enters into their portal.

We collect the internet (IP) address of the mobile device on which the app is installed.

We collect diagnostic information about how you are using the app.

How will we use the information about you?

During the pilot, the development team will periodically look at the usage statistics. Only if there is a problem will a PHR administrator need to access the database. The wider project team will not have any access to personal information or data you have submitted.

Most information that you enter into the app is shared with your clinician [your clinician may be your doctor or your pharmacist].

Information your clinician can read?
Logs: When you took your medication yes
Your planned routines yes
Your planned events within your planned routines yes
Your doses within your planned events yes
How many doses are left in your possession yes
Drug nicknames (used by you) yes
Your measurements (e.g. blood pressure etc.) yes
Your notes (e.g. side effects etc.) yes
Your medication re-ordering contacts yes
Password no
Locations where you take your medications no

Your clinician will use the information you submit in the same way they treat information they collect through paper forms and discussions with you.

They will use their professional judgement as to whether they think it is appropriate and suitable to add information from medsminder to your formal NHS medical record. Any information that is added to your NHS medical record is stored and used according to normal NHS standards and codes or practice. If you tell your clinician, through the app, about a risk to you or someone else, they will need to take action to keep people safe. In this case, they will always try and talk to you about this first. As part of the pilot, your clinician will be asked by members of the wider project team about their experience of using the system, but they will not share any personal information about you.

Information about how you use the app will be used to analyse the extent to which the app is being used, how well it is meeting our original aims for the app, and how we can best improve the app.

The app is developed by Advanced Digital Innovation (UK) Ltd (ADI), and communicates with a secure Personal Health Record (PHR) platform also developed by ADI.

The app stores an encrypted cache of your PHR on the mobile device on which it is installed. If you use a screen lock, on most devices the encryption key is stored in a highly-secure hardware key store. If you choose not to use a screen lock, the cache of your PHR data is still encrypted, but the encryption key is not stored as securely by your mobile device; this is a risk you accept by not using a screen lock.

The servers on which the PHR Platform runs are in a secure, NHS-accredited data centre in Liverpool run by Aimes Grid Services CIC. All communications between the app on your device and the PHR Platform are encrypted (using the same https protocol as you use to access secure websites).

A small number of system administrators at ADI will have the ability to access your information stored in the PHR Platform; they will not do so except at Liverpool CCG request, or to fix a technical problem. The wider project team will not have access to your information. All access to your information, by clinicians, and by system administrators, is recorded.

At the end of the pilot, all the information on the servers will be archived and deleted from the servers. Usage information will be anonymised and aggregated before being used to assist ADI to improve the app. The archive will be deleted after 15 business days.

Other than as explained above, no personal information about you or your use of the app will be disclosed to anyone outside the project team.

Access to your information and corrections

You have the right to request a copy of the information that we hold about you as a result of participating in this pilot. If you would like a copy of some or all of your personal information, or would like us to correct any incorrect information, please email or write to us at the addresses below.

If you decide you no longer want to take part in the pilot, you need to contact your medsminder service and explain to them that you no longer want to be involved and you want all your data to be deleted. We will then process this request and inform your medsminder service once all your information has been deleted.

How to contact us