Last Updated: Complete redraft Sept 21
This Privacy Statement may be updated from time to time – the “last updated” date is included at the top of the Privacy Statement. We encourage you to review this Privacy Statement periodically to stay informed about how we may use and disclose your Personal Information. Any ‘material’ changes – those that affect the way your data is processed – will be notified to you directly.
Ortus Solutions and Your Information
Ortus Solutions takes your privacy very seriously.
We are registered with the Information Commissioner as a Data Controller and our registration number can be found by searching at https://ico.org.uk/ESDWebPages/Search under reference ZB183626.
If you have any questions or wish to make a request in relation to your information, please contact the Data Protection Officer at: firstname.lastname@example.org.
Ortus Solutions providing a system to healthcare providers that allows them to upload patient information and take it with them when they are working remotely – this might mean they are visiting the wards or perhaps visiting a nursing home.
To provide this system, Ortus Solutions collect, use, store and share information about you on the instructions of your healthcare provider.
When the healthcare provider creates an account for you on the system, they may invite their patients to have access to it as well. The system that you see is called Manage My Health.
How Does Ortus Solutions Collect my Information?
Ortus Solutions will collect through three main routes;
- From your healthcare provider when they create an account about you
It is the responsibility of the healthcare provider to ensure that they have a lawful basis for collecting and uploading your information to the system. It is likely that they are lawfully able to do this because it is ‘necessary’ for your health or care and you have not raised any objections.
- From you when you register your account and add or amend your details
When you provide us with your initial account information, you are providing your explicit consent for the data to be processed by Ortus Solutions and this means we will share it with your healthcare provider.
- Indirectly when we collect cookies or device information about your use of Manage My Health
Ortus Solutions collect only the device or cookie information necessary to allow the system to run properly and ensure we can investigate any security issues. We can do this lawfully because these reasons form the ‘legitimate interests’ of a system provider.
The information we collect will be stored on computer and electronic systems. The information includes Personal Data;
- basic details about you, such as address, date of birth, and next of kin
as well as Sensitive Personal Data, where it is relevant to your health and care or you have provided it;
- notes and reports about your health, conditions, medication and treatment
- information about your family life such as next of kin
- Biometric information such as a photograph if you choose to upload it
How Does Ortus Solutions Use my Information?
- Ortus Solutions will use your information in the following ways;
- Your healthcare provider will add your personal data to the system as a new patient
- The data entered is (Starred are mandatory);
|Clinic / Hospital||Date of Birth*||Post Town||Emergency Contact Name|
|Title||Hospital No*||Mobile Phone Number*||Emergency Contact No|
|First Name*||Occupation||Emergency Contact Relationship|
|Last Name*||NHS No*||Postcode||Insurance Carrier|
|Insurance Group No||Insurance Group Name||Blood Group||Organ Donor|
|Insurance Company Name||Insurance ID No||Ethnicity||Patient Current Condition – Normal or Critical|
- If the healthcare provider wishes to allow you to have access, a text is then sent to you for activation of the account
- You will receive a text that says “Message from [hospital name]. You have been registered to ORTUS patient portal. Click the following link to complete your registration.
- You will need to click the link in the text and then enter your date of birth and if not correct, you will not able to proceed.
- You can then access the information that has been entered by your healthcare provider
- You can choose to share your information with friends or family, for example. Please take care to ensure that you do this securely and that you trust the recipient with your information.
- If you submit or allow Health Information to be uploaded to Ortus-iHealth Patient Portal on behalf of another individual, you must be authorized to do or have their permission – where appropriate. Where the individual has capacity, you should have provided them access to this Privacy Statement and noted any objections or concerns.
- Ortus-iHealth is not responsible for the accuracy of the information uploaded by your or your healthcare provider. You must take reasonable steps in the circumstances to ensure the accuracy of Health Information you upload to the system. You should not upload any Health Information to your Ortus-iHealth account unless the accuracy of such information can be verified by your Healthcare Provider.
- You must not use or rely on Health Information provided to you via Ortus-iHealth Patient Portal if the information appears incorrect.
- It is important for you to maintain the accuracy of your contact information so that you can be contacted at any time.
- The data is displayed by the software online, but it is stored in the UK by a company called UK Cloud
- Your healthcare provider is able to securely log in to the system and view your information
- Your healthcare provider is able to amend your information, enter new diagnosis, results and medications, including uploading attachments like hospital letters
- Your healthcare provider is able to send you a video link.
- When connecting to the video link, the following information is collected;Communications usage information. This includes information about your communications delivered via the Vonage platform such as the time and duration of usage, source and destination identifiers, completion status, location, IP address, and amount of usage.Mobile device camera, microphone. If you use Vonage mobile apps, the software may request your permission to access the camera, microphone on your mobile device, to make and receive voice and video calls and messages. You do not have to allow access these functions of your device, but if you do not, certain features of the mobile apps may not be available to you. You may at any time opt out from allowing this access via the privacy settings on your device.Your location information. If your mobile device is equipped with GPS or can connect with wireless access points or hot spots, or if your mobile device is also a phone that communicates with cell towers or satellites, then your mobile device is able to use these features to determine its precise geographic location. You may use the mobile app to do a one-time share of your precise geographic location through a message in a chat session by pressing the location attachment button within the mobile app (a “Location Share Event”). Vonage will retain the Location Share Event within your chat session on the mobile app until you delete the message. Your precise geographic location, including a Location Share Event, is considered your personal data. To the extent Vonage mobile apps collect precise geographic location, you may at any time opt out from further allowing us to have access to your mobile device’s precise location information via the mobile app’s location settings on your mobile device.
Please be aware that the above information relating to your session, content and device are transferred outside of the UK and to non-EU member states (United States and China). Vonage have safeguards in place that have been approved by the UK Information Commissioner, including EU Model Clauses, to protect your personal data.
- Additional information can be added including;
|heart rate||oxygen saturation||respiration rate and activity.||Source|
|blood pressure||temperature||Drug name||Status|
|weight||blood glucose||Directions||Origin of data|
|Allergy name||Date given||Vaccine source||Long term? yes or no|
|Source||Planned vaccine description||Diagnosis with date||Total cholesterol|
|Lab radiology reports||LDL||HbA1c||Waist size|
|HDL||Blood pressure||Cycling||Water intake|
|Triglycerides||Peak flow PHQ-9||Depression levels.||Other notes|
- The system allows exchange of information between clinicians on the system.
- All communications remain within the secure platform.
- The system allows your healthcare provider to send a video link to you
- The system allows downloading and printing of your records, all of which is auditable
- Patient records are kept in the system forever at the moment – this is because the NHSX Record Management Code of Practice recommends it
Who Does Ortus Solutions Share My Information With?
Ortus Solutions works hard to ensure that only the right people have your information and that they are only given the information they need.
Ortus Solutions uses other companies to help us deliver some of our services such as;
UK Cloud – they provide the storage space for your data and are based in the UK
Vonage – they provide the video conferencing software and the data remains in the UK
We have contracts in place with these organisations that prevent them from using it in any other way that how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality.
Ortus Solutions will also share any information you add to Manage My Health with your healthcare provider so do make sure you are comfortable with this before adding any information.
Will Ortus Solutions Share without Asking Me?
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.
Examples might be;
- Sharing with the police or tax authorities for the detection or prevention of crime
- Where it is in the wider public interest – to keep the public safe, for example
- To safeguard children or vulnerable adults
- Because the court has told us we must share.
What are my Information Rights?
Data protection law provides you with a number of rights that Ortus Solutions is committed to supporting you with;
Right to Access
You have the right to obtain:
- confirmation that your information is being used, stored or shared by Click or tap here to enter text.
- a copy of information held about you
- If you only require a particular part of your record, tell us and this can reduce the time it takes to provide it
- We will respond to your request within one month of receipt or will tell you when it might take longer.
- We are required to validate your identity including the identity of someone making a request on your behalf
Right to Object or Withdraw Consent
We collect, use, store and share your information because we are permitted to by law; in order to deliver your support your employment, but you do have a right to object to us doing this.
When we collect, use, store or share your information based on your consent, you have a right to withdraw that consent at any time.
Our Data Protection Officer will be happy to speak with you about any concerns you have.
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it.
There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this, and you may request that the information is not used during this time
We will respond to your request within one month of receipt or will tell you when it might take longer.
Right to Portability
You can ask us to send your information to another organisation on your behalf if you wish.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit https://ico.org.uk/for-the-public/.
Does Ortus Solutions Use Profiling or Automated Decision Making?
No, Ortus Solutions does not undertake automatic profiling or automated decision making in relation to your employment information.
Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.
How Does Ortus Solutions Protect My Information?
Ortus Solutions are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;
- Staff receive regular training about protecting and using personal data
- Policies are in place for staff to follow and are regularly reviewed
- We check that only the minimum amount of data is shared or accessed
- We use controlled access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
- We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
- We report and manage incidents to make sure we learn from them and improve
- We put in place contracts that require providers and suppliers to protect your data as well
How Long Does Ortus Solutions Store My Information?
Patient records are kept in the system forever at the moment – this is because the NHSX Record Management Code of Practice recommends it
Your healthcare provider is able to request that your record is made ‘inaccessible’ so it cannot be seen by professional users
However, if you withdraw your consent to having an account, we will delete your account details. Please be aware that any information you have shared with your healthcare provider may have already been added to your main health record.