Last Updated: Complete redraft Sept 21
This Privacy Statement may be updated from time to time - the "last updated" date is included at the top of the Privacy Statement. We encourage you to review this Privacy Statement periodically to stay informed about how we may use and disclose your Personal Information. Any ‘material’ changes – those that affect the way your data is processed – will be notified to you directly.
Ortus Solutions takes your privacy very seriously.
We are registered with the Information Commissioner as a Data Controller and our registration number can be found by searching at https://ico.org.uk/ESDWebPages/Search under reference ZB183626.
If you have any questions or wish to make a request in relation to your information, please contact the Data Protection Officer at: firstname.lastname@example.org.
Ortus Solutions providing a system to healthcare providers that allows them to upload patient information and take it with them when they are working remotely – this might mean they are visiting the wards or perhaps visiting a nursing home.
To provide this system, Ortus Solutions collect, use, store and share information about you on the instructions of your healthcare provider.
When the healthcare provider creates an account for you on the system, they may invite their patients to have access to it as well. The system that you see is called Manage My Health.
Ortus Solutions will collect through three main routes;
It is the responsibility of the healthcare provider to ensure that they have a lawful basis for collecting and uploading your information to the system. It is likely that they are lawfully able to do this because it is ‘necessary’ for your health or care and you have not raised any objections.
When you provide us with your initial account information, you are providing your explicit consent for the data to be processed by Ortus Solutions and this means we will share it with your healthcare provider.
Ortus Solutions collect only the device or cookie information necessary to allow the system to run properly and ensure we can investigate any security issues. We can do this lawfully because these reasons form the ‘legitimate interests’ of a system provider.
The information we collect will be stored on computer and electronic systems. The information includes Personal Data;
as well as Sensitive Personal Data, where it is relevant to your health and care or you have provided it;
|Clinic / Hospital||Date of Birth*||Post Town||Emergency Contact Name|
|Title||Hospital No*||Mobile Phone Number*||Emergency Contact No|
|First Name*||Occupation||Emergency Contact Relationship|
|Last Name*||NHS No*||Postcode||Insurance Carrier|
|Insurance Group No||Insurance Group Name||Blood Group||Organ Donor|
|Insurance Company Name||Insurance ID No||Ethnicity||Patient Current Condition – Normal or Critical|
Please be aware that the above information relating to your session, content and device are transferred outside of the UK and to non-EU member states (United States and China). Vonage have safeguards in place that have been approved by the UK Information Commissioner, including EU Model Clauses, to protect your personal data.
|heart rate||oxygen saturation||respiration rate and activity.||Source|
|blood pressure||temperature||Drug name||Status|
|weight||blood glucose||Directions||Origin of data|
|Allergy name||Date given||Vaccine source||Long term? yes or no|
|Source||Planned vaccine description||Diagnosis with date||Total cholesterol
|Lab radiology reports||LDL||HbA1c||Waist size|
|HDL||Blood pressure||Cycling||Water intake|
|Triglycerides||Peak flow PHQ-9||Depression levels.||Other notes|
Ortus Solutions works hard to ensure that only the right people have your information and that they are only given the information they need.
Ortus Solutions uses other companies to help us deliver some of our services such as;
UK Cloud – they provide the storage space for your data and are based in the UK
Vonage – they provide the video conferencing software and the data remains in the UK
We have contracts in place with these organisations that prevent them from using it in any other way that how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality.
Ortus Solutions will also share any information you add to Manage My Health with your healthcare provider so do make sure you are comfortable with this before adding any information.
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.
Examples might be;
Data protection law provides you with a number of rights that Ortus Solutions is committed to supporting you with;
You have the right to obtain:
We collect, use, store and share your information because we are permitted to by law; in order to deliver your support your employment, but you do have a right to object to us doing this.
When we collect, use, store or share your information based on your consent, you have a right to withdraw that consent at any time.
Our Data Protection Officer will be happy to speak with you about any concerns you have.
If information about you is incorrect, you are entitled to request that we correct it.
There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this, and you may request that the information is not used during this time
We will respond to your request within one month of receipt or will tell you when it might take longer.
Right to Portability
You can ask us to send your information to another organisation on your behalf if you wish.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit https://ico.org.uk/for-the-public/.
No, Ortus Solutions does not undertake automatic profiling or automated decision making in relation to your employment information.
Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.
Ortus Solutions are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;
Patient records are kept in the system forever at the moment – this is because the NHSX Record Management Code of Practice recommends it
Your healthcare provider is able to request that your record is made ‘inaccessible’ so it cannot be seen by professional users
However, if you withdraw your consent to having an account, we will delete your account details. Please be aware that any information you have shared with your healthcare provider may have already been added to your main health record.