Health Navigator Privacy Notice
Health Navigator
Proactive health coaching is provided by Health Navigator Ltd. who specialize in the provision of innovative health care services to achieve measurably improved outcomes for patients. Health Navigator Ltd. are Controller for the purposes of this service.
Health Navigator Ltd
Foundry Building, 2 Smith Square,
77 Fulham Palace Road,
London,
W6 8AF
0208 080 2233
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 governs the processing of your personal data. The GDPR requires that we give you certain information in respect of our processing of your personal data. Some of this information is listed below and some is listed within our patient information sheet when enrolled on to our service.
We emphasise the need and importance of building algorithms that are effective, but also protect patients’ confidentiality. We train our models using anonymised or strongly pseudonymised data with the minimum possible data to support our prediction algorithms. For example, age – not date of birth and Lower Super Output Areas (a geographical unit in the census that includes approximately 50 postcodes) rather than postcode – this is in order to have access to the minimum personal data necessary to deliver our services.
HN has assembled a core set of data fields that have proven to carry the most predictive power. For each site, the AI model is built on these data items and as part of the fine-tuning and model optimisation process, some of the data fields will be eventually dropped. Only the data fields which carry the most predictive power in the respective health economy will be used in the daily deployment of the prediction model. This minimises the use of patient data at every point in the process. We will use your personal data in a pseudonymised format to support the development of our technology and to demonstrate the effectiveness of our products and services. This will help us to provide health care better suited to the needs of our patients in the future. We also use these products to support the NHS and other healthcare organisations to evaluate their services to understand better health and care support for patients.
Our clinical coaches are registered healthcare practitioners, who have extensive experience in accessing and protecting patient information in their daily duties and a clear understanding of their duty to confidentiality. All HN staff who have access to patient records adhere to strict data protection policies including honorary contracts with the Trust and annual Data Protection training revalidations. Our clinical coaches and analysts will only have access to patient information via secure hospital servers in order to deliver treatment and care to our patients.
HN is compliant with NHS Digital’s Data Security and Protection Toolkit (DSPT) and has achieved “Standards Met” in 2020/21.
During the time you participate in the health coaching programme your health coach would like to collect and process
The reason for collecting and processing your personal data and data from your health records is to enable your health coach to provide the support you need which is only possible when your health coach is informed about your health condition.
Our lawful basis for processing your personal data is that the processing is necessary for the purposes of the legitimate interests pursued by us as the providers of your health coaching programme (per Article 6(1)(f) of the GDPR).
Data from your health records are considered special category data which have extra protections. In order to process this, we rely on an exemption, as the processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services (per Article 9(2)(h) of the GDPR).
We will also be processing your personal data in a pseudonymised format for scientific research purposes to help improve our products to provide better health care to our patients in the future. In respect of processing activities related to scientific research for technological development and demonstration: we do so because this is necessary for the purpose of our legitimate interests in carrying out research under Article 6(2)(f) and, where this personal data is special category data (e.g. your health data), we do so because this is necessary for scientific research purposes under Article 9(2)(j) of the GDPR.
For your care
There will be circumstances where we will need to share or request your information from other providers like your GP or other care providers to support your care and evaluate the health coaching service you are receiving.
This information is related to your medical needs and treatments, as well as information needed to evaluate the health coaching service you will be receiving. This is shared on a need to know basis after appropriate necessity assessments.
For reporting
We will also share or request information, in a pseudonymised format, from your Clinical Commissioning Group (CCG), as well as the hospital trust where you have been referred from, NHS Digital, and any NHS Organizations collecting your patient identifiable data that are related to your medical needs and treatments to provide good care and support, as well as to evaluate the care being provided to you. We are subject to service monitoring by the NHS and will this need to share necessary information with the CCG accordingly.
We only share information with those who need to know in order to provide good quality care and support, and to evaluate the care that has been provided to you.
Health Navigator will only process your personal data for the time you are receiving our health coaching service and will store, on Microsoft Azure cloud based in the UK, the personal data for a period of 8 years after you have completed our programme to meet the requirements of the Records Management Code of Practice for Health and Social Care 2016.
Health Navigator will only process your personal data in an un-identifiable format for research purposes and will be stored on Microsoft Azure cloud based in the UK, for a period of 10 years in accordance with the Medical Research Council’s retention framework.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
However some of these rights are not absolute, but we will write and inform you if this is the case and provide further information.
HN Company has appointed an EEA Representative, if you are based in the EEA, you can contact the representative:
David Stone, Kaleidoscope Data Privacy Consultants Limited, The Black Church, St Mary’s Place, D07P 4AX or [email protected]
In the event that you wish to make a complaint about how your personal data is being processed and/or shared by HN Company, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Health Navigator’s Data Protection Officer. The details for each of these contacts are:
Supervisory authority contact details |
Data Protection Officer contact details |
Information Commissioner’s Office |
Amy Ford |
Wycliffe House |
Kaleidoscope Consultants Ltd East Side Kings Cross London, N1C 4AX |
Water Lane |
|
Cheshire SK9 5AF |
|
United Kingdom |
|
+44 (0)303 123 1113 |
+44 (0)20 3637 1111 |