Privacy

Digital Health Passport privacy notice

(Version 1.5 – Last Updated: 20th June 2019)

Digital Health Passport is a personal health record funded by NHS Healthy London Partnership and produced by Tiny Medical Apps Ltd.

This privacy notice explains how information is stored and used within the Digital Health Passport. The information below should help users understand how their data is processed and their rights when they use the Digital Health Passport.

In relation to Data Protection laws: Tiny Medical Apps are Data Processors and Lewisham CCG on behalf of Healthy London Partnership are Data Controllers of the Digital Health Passport. The legal basis for processing is the explicit consent of users.

In this privacy notice we will cover the following topics in relation to the Digital Health Passport for more information on a topic select more to be taken to a more detailed explanation:

1. What is the Digital Health Passport?

The Digital Health Passport is a mobile app that allows users to keep a personal health record with them wherever they go. The app is designed to allow users to keep information about their health with them. The app currently focuses on Asthma.

More…

2. What information do we collect from you?

We collect personal information such as your name, phone and email in addition to sensitive information for example the health conditions you may have such as asthma.

More…

3. Why do we collect this information?

We store your personal and sensitive information so that we can provide you with an electronic copy of your care plan and emergency plan. The aim is that with access to this information you will be better able to manage your health on a day to day basis.

More…

4. Who might we share your information with?

We do not share your data without your consent. We do use anonymised data which cannot be linked to you individually to help evaluate the value of this service.

More…

5. What do we do with your information?

We store your information securely on computers linked to the Internet called servers.
This means your data is preserved if you reinstall the app or login from a new device.
In the future this will also allow you to share your information securely with those involved in your care.

More…

6. How is it collected?

Some of the data within the app will be entered by you directly (via the health tracker). Other information is entered within the NHS (mainly your Care Plan and Emergency Plan).

More…

7. How long do we keep hold of your information?

If you are part of a pilot phase data will be stored within the Digital Health Passport for the length of the pilot. You may be asked if you would like to use the app after the pilot. If that is the case data will be stored until you become an inactive user (no access for greater than 18 months). You can also request deletion at any time. We may be required to sunrise (terminate) the service and will give no less than two months notice.

More…

8. How can I access the information you hold about me?

You can contact Tiny Medical Apps Ltd to request a copy of the personal data that Tiny Medical Apps Ltd has stored about you. To do so email [email protected] or write to us at the address below:

Tiny Medical Apps Ltd
HEALTH FOUNDRY
Canterbury House,
1 Royal St, Lambeth,
London
SE1 7LL
0207 859 4169
More…

9. How do you keep my information secure?

Information recorded or imported into Digital Health Passport is encrypted end to end.
This means that the data is not readable without a secure key while on your mobile device, while being sent over the Internet or during storage on the servers.

*One exception to this rule is the emergency plans.

More…

1. What is the Digital Health Passport App

The purpose of the Digital Health Passport is to provide patients with a copy of their personal health record that they can carry with them in the form of a mobile application.

Tiny Medical Apps Ltd. were appointed by NHS Healthy London Partnership to design and produce the software that powers Digital Health Passport. Tiny Medical Apps Ltd. is a private company which designs and supplies software in the form of mobile applications for use in the NHS and to help people manage their healthcare.

In order for Tiny Medical Apps Ltd to be able to deliver Digital Health Passport, it is necessary to collect and process sensitive and personal identifiable information. By collecting this information we are able to re-create a personal health record for each user who signs up to the Digital Health Passport giving users improved access to their medical data and supporting increased self management of illnesses.

Use of the Digital Health Passport is completely voluntary and users can opt to delete their account at any time without prejudice to their rights or health care.
Return to to summary

2. What information do we collect?

Tiny Medical Apps Ltd will hold data that is both personal and sensitive in nature.

Personal information is defined as information about an individual that would enable them to be identifiable in one way or another.

Sensitive information is defined as information that if lost could affect individuals, groups or the wider community.

A list of the types of personal and sensitive data held by Tiny Medical Apps Ltd to deliver Digital Health Passport are detailed below.

Personal Sensitive Other
  • Name
  • Date of birth
  • NHS number
  • GP address
  • IP address where Digital Health Passport is accessed from
  • DeviceID – Information about the devices used to access Digital Health Passport – in order to lock access to device.
  • Email
  • Phone number
The information contained within your asthma action plan and Emergency Plan including:
Physical health conditions
Details of health care appointments
Details of clinical management plans relates to physical health conditions
Scores and measures relevant to specific illnesses used to monitor progress – Peak Flow, Asthma Symptoms (e.g. cough, days off school)
Names and contact details for people part of your team (professional and peer support)
  • Analytic activity in the app. So we can see what parts of the app are most valued.
  • Audit access. We monitor access to view or edit data consistent with our legal requirements and Information Security best practices.
  • Crash reporting to ensure stability of the app.


Return to to summary

3. Why do we collect this information?

Digital Health Passport is an app that displays user health data in a portable format so that individuals can have easy access to the information to support them in making choices about how to manage their health. Users do not have to use the Digital Health Passport and no data will be collected or stored without user consent and authorisation.

Usage statistics are collected so that the commissioning organisation NHS Healthy London Partnership can monitor the uptake of the application by the public. This helps the NHS Healthy London Partnership to evaluate the impact and effectiveness of the platform.

Return to to summary

4. Who might we share your information with?

We will not share identifiable information without your explicit consent.

Summary information describing how many people use the Digital Health Passport and usage statistics will be provided to the commissioner NHS Healthy London Partnership who may store this information. Any such summary information will be aggregated and it will not be possible for individual users to be identified from such reports.

Data submitted to the Digital Health Passport will never be processed for marketing purposes.
The contact information for users of the Digital Health Passport will not be shared with third parties.

Return to to summary

5. What do we do with your information?

The primary use of data held within Digital Health Passport will be to present to the user a personal and portable copy of their health record. To persist data securely such that it can be accessed after a user reinstalls the app.

Return to to summary

6. How is it collected?

There are two ways in which information is collected and added to the Digital Health Passport
Directly entered into the app by the user
During the use of the Digital Health Passport app users will be able enter health data directly into their personal health record using their mobile phone. This may be during sign up when the app will request that the user enters information about themselves or once the app is in use when the user enters health measurements to help monitor their health.

Directly entered into the app by a clinician
Your clinician may enter a Care Plan or Emergency Plan directly into your app via their clinical portal.

Return to to summary

7. How long do we keep hold of your information?

If you are a participant in the East London pilot at Barts Health NHS Trust or Chrisp Street Health Centre we will keep your data for the duration of the 3 month pilot plus 1 month. If the pilot is extended you will be given an opportunity to consent to continue with the pilot. You can request account deletion before the end of the pilot.

Data is stored within the Digital Health Passport permanently as long as the app is used regularly. Tiny Medical Apps Ltd define regular use of the Digital Health Passport as a user successfully logging into the app at least once every 18 months.

Once a user’s account has not been accessed for 6 months electronic reminders to log in to Digital Health Passport will be sent at 6 monthly intervals to both the users device as app notifications and via email. A final reminder will be sent 18 months after a user last successfully logged into Digital Health Passport including a final reminder and a notice that the users account will be deleted from the Tiny Medical Apps Ltd server 72 hours after the timestamp of this final email.

Once a final reminder has been sent and 72 hours has passed, the Tiny Medical Apps Ltd server will automatically delete all data associated with the account from the server including the users credentials and contact information. Once this has taken place it is no longer possible to retrieve the data that a user had uploaded to the Digital Health Passport. Any data imported from NHS records will still be accessible through the original NHS health record system.

Users who allow their accounts to be deleted will be able to sign up again to the Digital Health Passport but will not be able to access any data that they had previously manually uploaded to Digital Health Passport. Links to NHS record imports will be unaffected and remain available if the user again consents to this data sharing.

If at any point a user wishes to revoke their consent for data storage they are able to contact [email protected] and their account and associated data will be deleted within 2 weeks.

Tiny Medical Apps maybe required to terminate the service. We will ensure that there is at least 2 months sunrise period and a way to download your data.

Return to to summary

8. How can I access the information you hold about me?

Under the General Data Protection Regulation (GDPR), you have the right to see or be given a copy of personal data held about you. To gain access to your information you will need to make a Subject Access Request to Tiny Medical Apps.

You may also contact Tiny Medical Apps Ltd to request that your personal information is corrected. To do so email [email protected] or write to:

Tiny Medical Apps Ltd
HEALTH FOUNDRY
Canterbury House,
1 Royal St, Lambeth,
London
SE1 7LL
0207 859 4169

Return to to summary

9. How do you keep my data secure?

All data that is entered into Digital Health Passport is securely stored on UK based servers by Tiny Medical Apps Ltd. Users’ data is also by default encrypted on the user’s device, during transfer to Tiny Medical Apps Ltd servers and while held on the servers.

To protect users’ health data Tiny Medical Apps Ltd use encryption. Encryption protects information while it is being stored on, and transferred between, computers, it is a way of preventing people who have not given permission to from being able to view a user’s personal or sensitive information stored within Digital Health Passport.

There is one exception to the encryption process which is that it is important to have quick access in an emergency to a copy of a personal emergency care plan. Users of the Digital Health Passport with an emergency care plan will have a shortcut on the Digital Health Passport login screen allowing them to quickly access their emergency care plan and show it to other people in order for them to provide help or advice. The emergency care plans will contain very limited identifiable information but will disclose the nature of the health condition which is treated using the emergency care plan.

Return to to summary