July 10th 2018
Unless we are required to do so by law or by a regulatory body, we only disclose your information to a third party when we need to do so to provide a service that you have requested. We never use, disclose or sell your personal data for marketing purposes.
If you have any questions about how we process your information, please contact MSKnote by sending an email to firstname.lastname@example.org.
MSKnote Limited ("We") are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Any terms used in this policy shall have the same meaning as those used in the Terms. In the event of any conflict between the Terms and this policy, the Terms shall prevail.
By agreeing to the Terms you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 2018 (the "Act"), the data controller is MSKnote Ltd. Office 7, 24 Liverpool Gardens, Worthing, BN14 7ER. (the “Company”).
Information Privacy & Security
Your MSK assist app/ website communicates with two secure Electronic Health Record (EHR) platforms. One platform is based within the NHS with the other based outside the NHS. This allows your clinician the option to view the data you have recorded on MSK assist.
Information automatically collected by our App.
With regard to each of your visits to our App, we may automatically collect the following information where this is permitted by your device settings:
We use information held about you in the following ways:
Information about how MSK assist is used will be reviewed on a regular basis so we can see how MSK assist is being used and how we may improve it.
The internet (IP) address used by your mobile device to communicate with the EHR Platform server is also recorded by the server. We will only use this to help us diagnose any technical problems.
Communication between MSK assist and the EHR platform is audited so that we know who has made changes and when. This is one of the ways we keep your data secure.
Information that is collected is always ‘soft’ deleted when you delete it in MSK assist. What this means is that MSK assist might show that something has been deleted but it will still be in the database.
(a) provide the products and services;
(b) provide such information to any member of our group, or Affiliates, business partners, suppliers and sub-contractors of the Company where reasonable or necessary in relation to the provision of the products and services including provision of your information to Practitioners (including nurses, GPs, specialists), dispensing chemists, partner diagnostic (testing) providers, and suppliers or subcontractors used in relation to our App;
review and enhance the quality of our services and products, including monitoring compliance with clinical care standards;
make disclosures as required by or in compliance with reasonable requests by regulatory bodies including the General Medical Council or Care Quality Commission, or as otherwise required by law or regulation;
where you request it or have otherwise consented, provide to your insurance company/ies who may contribute to the cost of the products or services you request to use;
where you request it, provide to your other healthcare providers such as your GP; and
assist in the detection of fraud.
Other Uses Of Information We Collect About You.
We may use this information:
(a) to administer our App and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
(b) to improve our App to ensure that content is presented in the most effective manner for you and for mobile phone or other device;
(c) to allow you to participate in interactive features of our service, when you choose to do so;
(d) for purposes including research, and marketing of MSKnote Ltd. services, subject to such data being anonymised;
(e) as part of our efforts to keep our App safe and secure; and
(f) to make suggestions and recommendations to you and other users of our App about services that may interest you or them.
Other uses of information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
By using the App or any of the Services, you consent to us collecting and using technical information about the devices and related software, hardware and peripherals for services that are e-based or wireless to improve our products and to provide any services to you.
If MSKnote Limited or substantially all of its assets are acquired by a third party, personal data held by MSKnote Ltd. about its customers will be one of the transferred assets.
We may disclose your personal information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect the rights, property, or safety of MSKnote Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Who will have access to the information I submit?
Detailed Information will only be available to the clinician(s) and their team who you will see/ have seen for your musculoskeletal problem.
A small number of system administrators look after the MSK assist system. They set-up accounts allowing users and clinicians to access the system. They will have the ability to access your information stored in the both EHR Platforms, but they will not do so except if specific personnel from the clinical team you are seeing request this, or to fix a technical problem.
Your information can only be accessed by people when access has been approved by EHR system administrators. All access to your information is recorded.
Is the information I submit secure?
MSK assist has been developed, and is maintained, by MSKnote Ltd. MSKnote Ltd. works with companies that are accredited to process NHS patient information securely. MSK assist stores information on computer servers located at NHS-accredited data centres in England.
The EHR databases are located in NHS-accredited data centres. Data you have submitted will also be transferred to and stored on the electronic patient record system used by the NHS Trust organisation you are attending for your musculoskeletal problem.
We do not store your personal health data on your mobile device. We store all your personal health data – including your primary care information, secondary care information, medication information and diagnostic information – on secure servers located in the UK. Where you have chosen a password that enables you to access certain parts of our App,
The information on your smartphone or tablet is encrypted and stored on your device so that you have access to it even without an internet connection. If you use a screen lock, on most devices the encryption key is stored in a highly-secure hardware key store. If you do not use a screen lock, the cache of your EHR data is still encrypted, but the encryption key is not stored as securely by your mobile device.you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
How will my information be used?
Your clinicians will use the information you submit in the same way they treat any information you give them. Any information is stored and used according to normal NHS standards and codes of practice. Responsibility for your data lies with the NHS Trust organisation(s) who are using MSK assist to help you with your musculoskeletal problem.
How long will my data be kept?
In line with NHS policies, your information will be retained for 8 years after your last appointment with our service. Please refer to MSKnote Data Retention Policy on our website for more information on data retention.
Can I access the data being held about me or ask for it to be deleted?
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, want us to delete your MSK assist account or would like us to correct any incorrect information, please contact email@example.com or download a Subject Access request form from our website or call 07917341821. More detail on our Subjects Access Rights policy can also be found on our website.
Deleting your MSK assist account will not affect your health record stored in the main the NHS Trust computer systems you are attending for your musculoskeletal problem or the interventions we offer.
Your consent and your rights
By accepting the invitation and signing-in to the MSK assist app, you are consenting to the use of your data as described above.
The App or any Service can contain links to other independent third-party websites or apps (Third-party Sites). Third-party Sites are not under our control, and we are not responsible for and do not endorse their content or their privacy policies (if any). You will need to make your own independent judgement regarding your interaction with any Third-party Sites, including the purchase and use of any products or services accessible through them.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. There is no fee to provide you with details of the information we hold about you. Please refer to MSKnote’s Subjects Access Rights Policy for further information. A Subjects Access Request Form can also be found on the MSKnote website.