DOC Health Ltd Privacy Policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY AND RETAIN A COPY FOR YOUR RECORDS. THIS PRIVACY POLICY MAKES UP AND INTRINSIC PART OF DOC Health LIMITED’S (THAT IS REGISTERED IN ENGLAND 09102059) TERMS AND CONDITIONS.

DOC Health Ltd (DOC) respects the privacy of every person and is committed to protecting all of your Personal Information and Personal Health Information (PHI). This Privacy Policy applies all DOC Platforms (including but not limited to DOC.com and the DOC Mobile Applications) which are owned and/or owned and operated by DOC.


This notice describes how Personal Information and Personal Health Information about you may be used, how it may be disclosed and how you can obtain access to this information. This Privacy Policy will serve as a summary of your privacy rights. The law (Data Protection Act 1998) requires that your PHI be kept private, unless there is a legal obligation or legal requirement for disclosure by us to authorised parties including but not limited to the UK Government or Department of Health, then we will make such a disclosure as we are legally bound to. We must give you this Notice about our privacy practices and follow the terms of this Notice while it is in effect. Your use of DOC's Platform and the Services (‘Platform’ and ‘Services’ are as defined in our Terms and Conditions) indicates your acceptance of the terms of this Notice.


Introduction:

DOC is a connective platform, enabling individual members of the public in the UK (“Customer”, “Customers”, “you”, “your”, “yourself”) to connect in real time, via streaming video, chat, instant messaging and picture messaging to participating registered UK (registered with the UK General Medical Council: www.gmc-uk-org the “GMC”) doctors (family doctors known as the “Practitioners”) via DOC’s Platform where Customers can purchase and experience the Services.


Information That May Be Collected:

In order to use the Services, you are asked to enter an email address, mobile telephone number and password, which we refer to as your DOC Account Details. After you create your Account, you can use the same details to log in to DOC's Platform and use the Services. This log in process will allow you to manage your Account, it will allow you to connect with Practitioners, be in consultation, as well as purchase and experience a range of other elements of the Services.


The first time you log in to DOC's Platform to utilise the Services, you will be asked to create an Account. To create an Account, you must provide Personal Information such as full name, title, postal address, mobile telephone number, your date of birth, email address, and other pertinent data (including your gender) that will be shared with your Practitioner and members of the DOC team (from time to time, as required) who have been appropriately checked to ensure they meet the requirements to access such information (in accordance with UK law).


DOC will use the email address and mobile telephone number you provide when you create your account to send you a text message requesting that you validate your account. Your email address, mobile telephone number and other contact information that you provide via your Account may also be used by DOC to assist you in your use of the Services and the Platform including enhancing your usage and increasing it, on Health related Programmes as described in this Notice and the Terms and Conditions. DOC will use your email address and mobile telephone number as the joint primary means to reset your username and password. Your email address and mobile telephone numbers will be shared with third parties working with DOC in the delivery and development of the Services and the Platform to users, to track usage of the Services and the Platform and these details will be used to advertise new DOC services to you from time to time.

DOC creates a record of the consultations, the care/advice and Services you receive on the Platform. Some examples of the information collected or created through this process are Electronic Medical Records that may be uploaded by you or created as a result of consultations under your Account on the Platform/through your use of the Services.

When you use DOC to consult with Practitioners we will collect debit and/or credit card information which is maintained by our billing processing partner in a secure and PCI Compliant Vault for use when you decide to utilise the Services on the Platform.

In order to participate in the Services, you will need to provide Personal Health Information about yourself to DOC and the Practitioner(s). Here are examples of the types of Personal Health Information we gather: Information that you may provide to us can include: your NHS or other medical records (medical history), measurements, such as weight, blood pressure or glucose levels, test results, medications, health history, family history, and other health or PHI, such as prescription medication information. We will gather and process data resulting from your interactions on the Platform such as visit time, frequency, visit length, log-in times, consultation length(s), recurrence of visits and other interaction information which we will use for a range of planning, Service evolution, new product development, Services delivery, marketing, internal and external performance indicators and a range of other business intelligence functions. If you grant us access we may be able to feed information from 3rd party services when you use them such as mobile health applications, Microsoft HealthVault or Google Health and any other data storage connection points that you provide us with access to. Information that Practitioners on the platform record about you in your consultation notes collectively your Electronic Medical Records (“EMRs”), which we hold and may contain relevant and pertinent information that you have discussed with Practitioners on the Platform. Such EMRs may also include Practitioners comments, diagnoses and commentary as well as factual information, medical advice and the symptoms that you have presented with in a session. We will also collect and process demographic information about you when available from you such as you age, location, gender and income.


How Information About You May Be Used by DOC:

DOC may gather PHI primarily to share with Practitioners for the purposes of diagnosis, treatment, and health care operations. However, DOC may also use aggregate data sets of unidentifiable, non-personal information for statistical analysis, improvement of the Services, and customisation of UX-design and content layout or creation.

Uses and Disclosures of PHI:

DOC is permitted to use and disclose your PHI for purposes of (a) Treatment and (b) Enable Medical Service Provision as follows:

Treatment:

DOC may use or disclose your PHI to facilitate treatment or the provision of medical services by a Practitioner for purposes of a consultation. DOC may share your PHI with doctors, technicians or other DOC affiliates, employees, agents or nominated third parties. For example, departments may share your PHI to plan your care. This may include prescriptions, lab work, other digitised / digital health information that you make available to us about you from time to time. DOC may share your PHI with people not at DOC including, but not limited to, referring Practitioners, Specialists, GP Practices, Hospitals, Pharmacists, Pharmacies and health care providers who are treating you or providing you with linked care (directly or indirectly).

Enabling Medical Service Provision:

DOC may use and disclose your PHI to help us in the operating, running and improvement of our current or future Platform. For example, DOC may use PHI to review the treatment and provision of Services by individuals or groups of Practitioners. DOC may also use PHI to measure the performance of its own staff and may share PHI with third parties who DOC engages with to provide various Services on the Platform or to DOC itself, such as Practitioners and other health care workers, research agencies, other clerical providers, marketing agencies and data processing houses. If any such third party requires access to your PHI in order to perform the agreed upon services, DOC will require that third party be bound to the terms outlined in this Privacy Notice.

Video Recordings for Training And Special Incidents:

DOC does not routinely record any of the video interactions on its Platform and would only do so in reaction to a serious training need, a review or other special incident and would never intend to record any patient or doctor’s visual/video/audio interaction unless it was in the strictest conformity with the guidance and guidelines on Visual and Audio Recordings as published by the GMC: a version of which is found & referred to here http://www.gmc-uk.org/static/documents/content/Making_and_using_visual_and__audio_recordings_of_patients_8_May_2013.pdf


Consultation Reminders:

DOC may contact you to remind you about a forthcoming consultation or reasons that you may need a consultation in the future.

As Required By Law:

DOC may use and disclose your PHI when required to do so by parties with the legal authority to request to receive it.

To Prevent Incidents and Protect You:

DOC may use and disclose your PHI to prevent a serious threat to your health and safety and that of others. DOC will only disclose your PHI to persons who can help prevent the identified or possible threat.

To Prevent Public Health Risks:

DOC may share your PHI for public health activities, as required by departments or parties duly authorised by the UK Government. For example, we may share your PHI (this list is not exhaustive):

to prevent or control disease, injury or disability;

to report child abuse or neglect;

to report reactions to medicines or problems with products;

if a Practitioner believes that you may have been exposed to a disease or may be at of spreading a serious disease or condition.

Non-Personal Data/Information:

DOC may use, disclose, and request PHI if the Health Information to be used or disclosed is in aggregate non-personal form. DOC may share your PHI with government agencies or regulators that oversee health care as required to do so by law. These activities include, but are not limited to, audits, investigations and inspections. The government uses these activities to monitor the health care providers both public and private. It also monitors the outbreak of disease, government programmes and compliance. DOC may share PHI with government registries, if required.

Legal Disputes and Cases:

If you are in a legal dispute, DOC may share your PHI in response to a court order, legal demand or other lawful process.

The Police:

DOC may share PHI if asked to do so by the police under limited circumstances including:

to report certain types of wounds;

to respond to a court order, warrant, summons or similar process;

to identify or locate a suspect, fugitive, material witness, or missing person;

about the victim of a crime, if under certain limited circumstances, DOC is unable to obtain the victim's agreement.

Decedents:

DOC may, under limited circumstances, disclose your PHI to coroners, medical examiners, funeral directors for the purposes of identification, determining the cause of death and fulfilling duties relating to decedents.

National Security:

DOC may share, if required, your PHI with UK Government Officials for National Security reasons.

Existence:

To ensure the existence of your EMRs that are unique to your use of DOC and that remain unreleased we print hard copies and place these in a Vault environment at regular intervals throughout the year.

SECURITY IS IMPORTANT:

The importance of security for all Personal Information including, but not limited to, PHI associated directly or indirectly with you is of great concern to us. At DOC, we have gone to great lengths to ensure the security and integrity of our Platform and that we use best in class services when providing secure transmission of your information from your PC or mobile device to us. PHI collected by our Platform is stored in secure environments that are not available or accessible to the public. Only those duly authorised people, officers, employees or agents of DOC who need access to your information in order to do their jobs are allowed access. Anyone who violates our privacy or security policies is subject to disciplinary action, including possible termination of the contract with DOC and civil and/or criminal prosecution.

DOC uses the latest technologies to ensure utmost security, including utilising several layers of firewall security and different degrees of encryption for each customer's sensitive PHI to ensure the highest level of security.

DOC is the sole owner of the information collected on its Platform.

Cookies:

Our Platform uses different cookies, why we use them is explained herein. But first let us explain what a cookie is... A cookie is a small text file that may be placed on your device when you visit our Platform. When you next visit our Platform the cookie allows us to distinguish you from other users. There are two categories of cookies; (a) ‘persistent cookies’ that remain on your device until deleted manually or automatically and; (b) ‘session cookies’ which remain on your device until you close your browser when they are automatically deleted.

The cookies DOC uses:

Essential cookies are required for the operation of our Platform and without them the Platform can’t operate properly.

Performance cookies allow us to see and count the number of visitors to our Platform and what they do during their visit. We use the information from these cookies to improve our Platform’s performance. The data from these cookies doesn’t allow us to identify you.

Experience cookies allow our Platform to remember your choices, which means we can personalize your experience of the Platform according to choices. Data collection by experience cookies is used by our analytics systems (including third party systems) to benchmark your choices with other users and/or group your choices to make better sense of them alongside the other Platform users.

You can REFUSE cookies, by activating settings of your chosen browser(s). If you alter your browser settings to refuse cookies you cannot access Services on our Platform and indeed your access to our Platform will be restricted.

Security on the Platform:

When you interact on our Platform, all of your PHI and Personal Information, including but not limited to your debit or credit card number(s) and addresses, are transmitted through the Internet using Secure Socket Layers (SSL) technology. SSL technology causes your browser to encrypt your entered information before transmitting it to our secure server. SSL technology, an industry standard, is designed to prevent someone other than operators of our Platform from capturing and viewing your PHI and Personal Information. DOC also takes the following measures to protect your Personal and Personal Health Information online:

Two-Step Process:

You are required to go through a two-step verification process to create and restore your account and your password. Online access to your Account, where your Personal Information and PHI is stored, is protected with a password that you create. We strongly recommend that you do not disclose your password to anyone. DOC will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls, or email, or text messages). You will only ever be able to reset your password using a two-step process.

Information:

Since any entered information you provide to us on our Platform will be transmitted using a secure connection, if your web browser cannot support this level of security, you will not be able to properly use the Services on our Platform. The most recent versions of Google Chrome, Safari and Firefox can support a secure connection and can be downloaded for free from their respective websites.

No data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your Personal Information and PHI from unauthorised access, use or disclosure, DOC cannot ensure or warrant the security of any information you transmit to us on our Platform from any of your devices.

Accessing Your Personal Information:

We believe that Patients should have access to their PHI information without charge where possible. We believe this because we think it not only promotes but enables patients to take a more positively active role in their own health future. IN order to access your EMRs on DOC you can do this anytime by Signing Into your DOC Account and selecting the option to Release Your Notes. We do not charge Customers for releasing their notes i.e. downloading their EMRs.

Right To Amend:

We do not allow ANY ONE to AMEND EMRs created or held by DOC. We only ever allow authorised contributors to ‘add to’ records, making an update to the information without deletion of the original record. We believe this approach is for everyone’s benefit and best ensures the integrity of the information to hold. If you would like to update your PHI or EMRs please Contact Us in writing and direct your query to a member of our Clerical Team.

DOC may, in circumstances such as these, deny your request for to update your record (this list is by no mean exhaustive whatsoever)...

Your request has not been submitted in writing and does not include a valid reason.

DOC did not create the record or original information, in which case you should contact the creator, author or originator of the records. In the case the creator, author, originator of the record is no longer in legal operation or accessible we may be able to assist you. Please clarify this in your request.

DOC does not hold the record and/or that information may not be updated at your request but requires another parties authorisation to update.

Other Provisions:

If you click on a link to a third party site, you will leave the Platform and go to the site you selected. Because DOC cannot control the activities of third parties, we cannot accept responsibility for any use of your Personal Information and/or PHI by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as DOC. We encourage you to review the privacy policies of any other service provider from whom you request services. If you visit a third party website that is linked to our site, you should read that site's privacy policy before providing any personally identifiable information.

Notices, Amendments and Updates:

DOC may revise this Notice to reflect any changes in our privacy practices. We reserve the right to make the revised Notice effective for Personal Information and PHI we already have about you. It also will be effective for any information we receive in the future. We will post a current version of the Notice on our Platform prior to the change becoming effective. The effective date of this Notice displayed directly under the title of the document. If we make any material changes we will notify you by means of a notice on the Platform prior to the change becoming effective.

As Part of our Platform You can Use The DOC App:

If you use the DOC Application we may collect additional information, like the type of device (mobile or tablet) you are using, the temporary or persistent UDIDs (AKA ‘Unique Device Identifiers’) placed by us or our service providers, the unique identifier assigned by DOC to your device, your location, the IP address of your device, your mobile operating system, the type of mobile Internet browsers you use, and data about the way you use our Platform.

Social Media Sharing:

Our Platform includes some Social Media Features, such as the Facebook button and Widgets, such as the ‘Share This’ button. These Features may collect your IP address, which page you are visiting on our Platform, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Platform. Your interactions with these Features are governed by the privacy policy of the company providing it.

Accessing All The Information Held By Us About You:

If you would like a copy of all of the DATA held by us about you, we do charge for this information (this is not the same as EMRs) because we have to gather, collate and process this data to make it available to you in its entirety. As required by the Data Protection Act you may have a copy of the information we hold on you, in this instance please Contact Us to initiate this request. A fee of £10 must be paid prior to a release occurring and details of how this shall be paid will be provided in our response to your request. Alternatively, you may write to DOC and enclose a cheque payable to DOC Health Ltd in that correspondence. The Data Protection Act allows us up to 40days (from the date instructions and payment have been received – please note payments must clear first) to retrieve, process and provide the information requested.

Complaints:

If you have any complaints please Contact Us

Other Links

Our Platform may contain links to let you to visit other websites or mobile applications easily. Once you have used these links to leave our Platform, you should be aware that we do not have any control over that other website and we are not responsible for any products and/or services featured on any third party website.

Acceptance

By using this Platform and DOC’s Services, you acknowledge your acceptance of this our Privacy Policy and agree to the terms provided for herein. If you do not agree with this policy, you should not use DOC’s Platform or Services. It is recommended that you read this Privacy Policy each time you consider or choose to use the Platform or DOC’s Services to ensure that you have not missed any changes to this Privacy Policy. Your continued use of the Platform and DOC’s Services following any changes to the Privacy Policy signifies your acceptance of those changes.