What we collect about your health and care information

 

Health and care information

 

Information about you and your health (medical records/patient records) is recorded when you receive health care, this is to allow for care and treatment.  Each healthcare institution you interact with will maintain their own records on you.  At Mahiri-Telehealth (HomeCare) the type of information captured includes:

 

  • Your name
  • Date of birth
  • Address and location
  • Contact details
  • Your assigned client number
  • Other, we us a combination of the above information to ensure your records are linked to you and you alone.  We also collect information related to:

 

  • Details of health conditions and illnesses
  • Medicines and other treatments
  • Records of contact you've had with Mahiri-Telehealth/other doctors, nurses and other health and care workers

 

It is essential that this information is recorded to enable us to provide you good service.  This information is confidential and therefore we take great care in providing a secure environment and processes for managing such data, in line with what is required according to the law.

 

Why we collect some information from your health and care records

 

We don't hold your full health and care records.  Each health and care organisation you have contact with holds its own records on you.  We collect and store some information from everyone's health and care records because of our role in health and care.

 

What data services Mahiri-Telehealth manages for its services to clients

 

Mahiri-Telehealth collects, manages and utilises data and information about you by:

 

  • Managing computer systems and databases that support its HomeCare, RemoteCare, Research and Mahiri-Telehealth Professional Network services
  • Managing and storing data for its direct customers via Mahiri HomeCare services and indirectly on behalf of institutional clients for RemoteCare service implementations
  • Collects, managing and analysing “non-sensitive” data for Mahiri Research services
  • Collecting some specific health and care data to check how the health and care service is doing to aid it in improving care services to its clients and partner organisations.

 

To carry out these duties, we need to collect, store, utilise and sometimes share information about you.

 

Consent

 

In some cases, our collections rely on your consent, especially for Mahiri HomeCare services.  This means you would be asked before your details are collected and before you are transferred to a Triage Nurse or Mahiri-Telehealth Doctor.  You can change your mind, 'withdraw your consent', at any time by telling us you wish to withdraw your consent.  

Improving your individual care

 

For Mahiri HomeCare services, some of your health information will be held in our systems to improve your care, e.g.:

 

  • Mahiri-Telehealth Cloud-based systems links your records to your client number and RemoteCare diagnosis session and makes sure this important information is never lost, when you receive care from us

 

  • Vital medical information including vital signs, medicines you take and your allergies is recorded in your Summary Care Record & Report, giving our health professionals important and sometimes life-saving information which will be used for managing your care or referring you to your usual doctor's surgery or hospital

 

  • Your prescriptions can be sent direct to a pharmacy through our HomeCare Electronic Prescription service, or can be collected via our courier partners, saving you time and improving your care

 

  • You can book an appointment on line or by phone at a time to suit you.  This can be done whether you have purchased a care plan through our HomeCare service or you are using our pay-as-you-go model, whereby you book or call for an appointment without a fixed plan.  Equally, you will be provided with quality health care.

 

Improving care for everyone

 

We collect some confidential patient information so that it can be used to improve everyone's health and care by generating reports and evaluations that can be utilised by third-party healthcare provides to improve health solutions.

 

The information we collect is used to:

 

  • improve our HomeCare and RemoteCare health service
  • advise on epidemics
  • plan for the future
  • research health conditions, diseases and treatments

 

Evidence from the confidential patient information of millions of people like you helps healthcare professionals and institutions make the best decisions for everyone.  We ensure we separate information that can identify specific patients, such that this data is stored and classified as 'anonymised data'.  We always collect and store information about you securely and in line with the law.

 

Use of information that could identify you

 

We use confidential patient information within Mahiri-Telehealth and sometimes share it with other organisations such as your doctor or hospital where you have received/are receiving treatment, so that they can use it to improve your health and care.  

 

Most of the time, the information we use and share could not identify you as an individual.  Wherever possible, we make sure that any details that could identify individual people have been removed, before we use data. We call this 'anonymised data'.

 

Some of the time, however, we allow the use of data that could potentially identify you, because it needs to be linked to your unique individual patient record.  We call this 'identifiable data'.

 

Information that could potentially identify you is only used if it is:

 

  • used to improve health and care
  • looked after properly and kept safe
  • allowed by law
  • absolutely necessary - where anonymised data would not do the same job

 

We follow very strict rules about who can access confidential patient information, how it is protected and what it can be used for.  For more on ‘Anonymising Data’

 

When information is shared with other organisations, these organisations have to sign an agreement and go through our Data Request Process to make sure they will store it safely and legally, and they have a good reason for using it that will benefit health and care.   Information is never passed to marketing or insurance companies without consent.  Please contact us using the contact form on the website pages to enquire about the process.

 

All of our data releases are maintained on our databases and details of the request, requesting individual and organisation, purpose and more are captured together with the signed legal agreement. 

 

 

What if it isn’t possible to anonymise the data?

 

If it is not possible to anonymise the data, we follow strict controls on how personally identifiable data can be used and stored.  It can only be used if you give your permission (consent) or where required by law, and then only with robust safeguards.

 

An independent review process

 

Any request to use patient data should be assessed by our review committee, who check that the reason for using the data is appropriate.

 

What does a review committee check?

 

We adopt specified review processes to ensure data is only used appropriately.  There are three things that will be checked:

 

  • WHY is the data needed  
  • WHO is accessing the data
  • HOW will the data be protected
  • What other checks are there?
  • Where third-parties seek data for specific research requirements, our expert committee will assess whether the data request is I line with our information protection rules.
  • All standard (The Health Landscape) research reports produced by Mahiri-Telehealth also adhere to the health and care information standard we maintain.
  • There are extra controls to access personally identifiable information where it is not possible to ask consent.  These requests will be reviewed by our advisory team responsible for patient confidentiality.

 

Strict legal contracts

 

A legal contract must be signed before data can be transferred to a third-party.  Internal sign-off processes exist for staff accessing patient information (by need to know basis/profile and password controlled).   All contracts and processes outline strict rules about what an organisation can do with the data, and has clear restrictions on what is not allowed.

 

What does a data sharing contract include?

 

  • what data will be provided, and how
  • the purpose for which the data can be used
  • when and how data must be destroyed after use
  • the data security requirements that must be followed
  • what an organisation must not do with the data:

  • data cannot be used in any way to re-identify an individual
  • data cannot be linked with any other data, unless explicitly approved in the application
  • data cannot be passed to any third parties, unless explicitly approved in the application
  • the organisation can be audited to check data is being used appropriately

 

Robust data security standards

 

All data managed by Mahiri-Telehealth is stored securely, with controlled access and robust IT systems to keep data safe.

 

How is data protected?

 

  • We restrict access various data protection features such as passwords, access profiling to control access to data.  Additionally, we use encryption techniques so the data can only be read with a code.
  • We manage robust IT systems and the latest versions of data and IT security to protect against viruses and hacking.
  • We provide extensive training for members of staff responsible for accessing client data.
  • We maintain system audit trails that record every time that personally identifiable data is viewed or used.

 

Protecting Your Data

It is essential that patient data is kept safe and secure, to protect your confidential information.

 

 

There are four ways that your privacy is shielded: 

 

  • by removing identifying information
  • using an independent review process
  • ensuring strict legal contracts are in place before data is transferred
  • implementing robust data ​security standards.​​​

 

 

Remove identifying information

 

The best way to protect someone’s information is to remove details that identify a person and take further steps to ‘anonymise’ it.  Anyone wanting to use patient data will only be given the minimum amount necessary to answer a question.

 

How is information anonymised?

 

Wherever possible, the data will be anonymised in line with guidance given by the UK Information Commissioner’s Office (ICO Code of anonymisation).  This code sets out what identifying details must be removed or masked, and the safeguards that must be followed to protect data.