| Page Properties | ||||
|---|---|---|---|---|
| ||||
|
How we use your information
...
To learn how to use your Account, the user manual is at: https://manualwiki.patientsknowbest.com/space/MAN
1. The terms we use
...
“You” This means you, the user and the person controlling who can see or share their
...
record.
...
“Patients Know Best (PKB) Account” is the online account that shows you your personal health information shared by your care providers and gives you some control over who can see it, including what you may choose to add about
...
yourself.
...
“Patients Know Best (PKB) Record” is the information about you provided by your care providers and is shared between themselves to provide you with safe care before you create your PKB
...
Account.
...
“Patient Contributed Data” means the information you add to your PKB Account and choose to make visible to professionals providing your care and anyone else you
...
choose.
...
“Provider Contributed Data” means the information professionals have recorded and shared between themselves through the PKB Record and with you in your PKB Account.
...
“The Service” is the IT platform and software PKB use to provide your online PKB Account and PKB
...
Record.
...
“Carers” are friends, family or anyone you choose to give access to your PKB
...
Account.
...
“Professionals” are the people working for
...
Organisations who have been given access to PKB Records because they help to deliver your care. These people have had their identity and qualifications verified, for example, doctors and nurses, and have been trained in handling confidential patient
...
information.
...
“Organisations” are customers of PKB that have information about you and that you can choose to trust to see your records, for example, hospitals or GPs.
...
“Encryption” is a method of securing your information so that only those with the correct credentials can access
...
it.
2. Types of PKB Service Users
As well as patients, the PKB Service can be used by three other types of users:
...
Carers
...
Professionals
...
Organisations
Information on these roles is found in the PKB manual: https://manualwiki.patientsknowbest.com/ space/MAN
3. Purpose of PKB
We aim to bring you your health records from anywhere, and for you to control who sees these records.
In your PKB Account your information is divided into four areas:
...
General health (e.g. diabetes)
...
Sexual health (e.g. sexually transmitted infections)
...
Mental health (e.g. depression)
...
Social care information (e.g. day centres)
After creating your PKB Account, you can decide who can see what, e.g. you may want your doctor to see everything but your family to only see your general health. You can also ask others to decide on your behalf, e.g. your doctor can share with other doctors for you. If an Organisation has information about you, the Organisation can send that information via PKB to you, e.g. automatically sending discharge letters to your PKB Account.
...
PKB may further use your information:
...
To provide you with important information about the Service, such as updates and notifications (e.g. changes in this privacy notice).
...
To send you the PKB email newsletter (if you have chosen to receive it).
...
To identify your age and location to help determine whether you meet the criteria for a PKB
...
Account.
PKB may contract companies to provide services on our behalf, such as our support desk or to answer queries about the Service. We give those organisations access only to the minimum personal information to help you with your queries, such as your IP address (your computer’s location) or e-mail address. They are bound by a contract and a duty of confidentiality. These companies cannot access your health information, which is encrypted.
NHS services
...
Please note that if you access our service using your NHS login details, the identity verification services are managed by
...
NHS
...
England.
...
NHS
...
England is the controller for any personal information you
...
provided to
...
NHS
...
England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose.
...
For this personal information, our role is a
...
“processor” only and we must act under the instructions provided by
...
NHS
...
England (as the “controller”) when verifying your identity.
...
To see NHS login’s privacy notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to
...
us separately.
...
We use the notifications and messaging service provided by the NHS Transformation Directorate for sending you information. To do this we will only send a minimal amount of information necessary. Further information about the service can be found in the privacy notice for the NHS App managed by NHS Transformation Directorate.
5. Confidentiality
PKB fulfils its duty of confidentiality through clauses in employment contracts, corporate policies covering confidentiality and security, providing ongoing training to all employees and requiring the same of any company we contract to support us.
...
This is a complex area of data protection law. In general, to comply with the legal obligations of Professionals and Organisations in maintaining accurate health records, the following occurs:
...
PKB does not delete PKB Records unless an Organisation asks, normally 8 years after it was last accessed by the
...
Organisation.
...
Where an Organisation ceases the contract with PKB, unregistered PKB Records that have not been accessed by an Organisation will be deleted within 30 days of contract
...
cessation.
...
Where an Organisation ceases the contract with PKB, registered PKB Records will be retained or deleted at the discretion of the Organisation. Where PKB Records are retained, a retention-only contract will be established.
...
PKB does not delete your PKB Account unless you ask, and then we can only delete information that you have added that has not been viewed by a
...
Professional.
We explain in more detail below:
...
Where multiple Organisations contribute to your PKB Record, each Organisation will need to provide a deletion instruction for data where they are a controller of e.g. Organisation A cannot request deletion of data contributed by Organisation B.
An organisation Organisation may provide a deletion instruction to PKB at any point during their contract. After the Service contract has ceased an Organisation may request the PKB Record to be deleted or retained (in line with the Records Management Code of Practice) within PKB or in a different system. Where the Organisation provides a retention instruction to PKB after the Service contract has ceased, a retention-only contract will be established.
...
With Disable Sharing, Professionals can only see the information about you they have added to your record, and no other data from any other party. More information on Disable Sharing is available here: https://manualwiki.patientsknowbest.com/space/patient/sharing#h.p_sGdbVe_KdzdGMAN/3624730683/Sharing
7. How is my information protected?
...
To find out the legal bases for an Organisation that provided your information, you should check their privacy notice.
For all UK Organisations, PKB has a Data Processing Contract (DPC) that sets out the responsibilities of each party. PKB is a Processor processor for all data that forms the PKB Record.
For NHS organisations a Joint Controller Relationship Organisations, a joint controller relationship is established for any data you, as a patient (PKB Account), share with the Organisation.
...
For a breakdown of all
...
Organisations using PKB, please see this map
PKB's responsibilities in the DPC as a Processor processor are:
...
Providing the
...
Service.
...
Providing the security of the
...
Service.
...
Processing on the written instruction of the
...
controller.
Organisations providing data are responsible for:
...
The quality of the information uploaded to PKB including ensuring the correct privacy labels are with the associated
...
information.
...
Providing access to those in the Organisation who require
...
it.
Patient-contributed information (PKB Account)
Once you create your PKB Account, PKB is the controller for the information you contribute and relies on the following legal bases:
...
Processing under legitimate interests. Processing occurs only after you have voluntarily registered and you have added information to your PKB Account. Your interests, rights and freedoms continue to be protected.
...
Processing that is necessary for the provision of care. PKB ensures patient information is available to providers, relatives and/or carers to support the delivery of care, as well as assist the patient to access care
...
services.
For NHS Organisations using PKB, after you share data with them, a Joint Controller joint controller relationship will be formed for this data between PKB and the NHS Organisation – the NHS Organisation may retain this data as part of your healthcare record.
...
PKB’s Data Protection Officer is David Stone.
...
You can write to our DPO: dpo@patientsknowbest.com
Patients Know Best Ltd Contact Routes
...
A User's continued use of the Service constitutes the User’s agreement to this privacy notice. If you feel you need further information please refer to The PKB Manual and the PKB Information Governance Wiki below or contact us through http://patientsknowbest.com/contact-us.
...
PKB Manual: https://
...
...
...
PKB Information Governance Wiki: https://wiki.patientsknowbest.com/space/IG
Please Note: If you registered with PKB prior to 2nd February 2022, please see the previous Privacy Notice related to your registration and consent.
Privacy Notice GDPR Article Matrix
https://drive.google.com/file/d/1bnCG6rAorkpzfG0lrBf319LtLBnonadV/view
...
Approval and review
PKB-PN v5. |
|---|
3 was approved by the DPO, Head of Information Governance and the Executive Board on the |
|---|
24th of |
|---|
August 2022. |
|---|
 | |
|---|---|
Privacy Notice | |
...
- Version 5.3 (UK) - Updated: [24.08.2022] - Reviewed: [19.03.2024] |