Personal Health Record Privacy Notice

Pin It

What is the Personal Health Record?

Personal Health Record is a mobile app and website which will be available to download on your personal device. Part of the One Health and Care programme, the new app and website will give you 24/7 digital access to a summary of your confidential health and social care record held in One Health and Care, as updated by health and social care professionals who are directly involved in your care.

This will enable you to:

  • View a summary of your medical and social care records
  • Record information to self-manage your health and wellbeing
  • Access advice and support for your health and wellbeing

Should you choose to download the App you would be able to view your appointment letters. Some organisations will move to sharing appointment letters electronically, you will be asked if you wish to stop paper letters being posted before any changes are made to the way you currently receive your appointment letters. Viewing appointment letters via your Personal Health Record will improve the time taken to inform you of your appointments, helping you to manage your time and receive your care more efficiently.

If you have had an One Health and Care objection fulfilled you will not be able to view your data in the Personal Health Record service. If you are happy to share your data and wish for your data to be viewable within One Health and Care you will need to contact your GP Practice and inform them of your decision.

How will the information you add to the app be used?

Information you provide within the app maybe used for data analysis under secondary use function of One Health and Care together with information by health and social care providers locally to: 

  • Plan, monitor and adapt the health and care services we provide to you.

The privacy arrangements for the Personal Health Record service are considered satisfactory as:

  • Access for professionals to the data analysis functionality will be limited to few individuals and view data is managed in accordance with carefully designed RBAC (Role Based Access Control) arrangements;

  • One Health and Care includes an audit trail showing which professional users have accessed what data;

  • The One Health and Care data is stored in a data repository housed in a fully accredited and secure Microsoft Azure data centre. Key security aspects include:
    • the physical security of the system servers
    • multi-factor authentication for user access to the system
  • The common law duty of confidentiality is maintained in respect of the data you provide using the Personal Health Record because you will have been presented with this privacy notice on registration and will be prompted to accept as part of the registration process.

  • What information may be collected?

    The Personal Health Record will pull information from the Integrated Care Record One Health and Care; giving you a summary view of your record which will include data from your GP, as well as any Secondary Care, Community Services (including Mental Health) and social care providers involved directly in your care. 

    Another feature of the app and website is the ability to maintain your health diary. You will be able to self-record information such as blood pressure, blood sugar, weight, personal goals and over the counter medication. There is also the ability to link up information from fitness wearables such as Fitbit, Apple and Garmin.

    Please Note - information that you can add to the app will then be available for data analysis under secondary use purposes.  It will not be viewable by individuals involved in your direct care. At no time will the information viewed within the Personal Health Record service be passed to organisations for marketing or sales purposes or for any commercial use.

    Data Shared by Service Users

    The categories of data used in the Personal Health Record service registration process are:

    • Email address;
    • Mobile number;
    • First name; and
    • Surname.

    In addition to data provided during the registration process the categories of Personal Health Record service data that can be added and managed by you as follows.

    Please Remember - information that you can add to the app will then be available for data analysis under secondary use purposes.  At no time will the information viewed within the Personal Health Record service be passed to organisations for marketing or sales purposes or for any commercial use.

     

    • All About Me - For example this could be who to contact in an emergency.

     

    • It’s OK to ask - Opportunity for you to write notes in preparation for your next appointment.

     

    • Self-Recorded Measurements - The recordings you make here will only be available for yourself to view. This data may also then be used for secondary use purposes.

     

    • Goals - The information entered here will only be available for yourself to view. This data may also then be used for secondary use purposes.

     

    • Wearable Information - There is the option for you to upload information from wearable smart watches and fitness trackers, for example FitBit Apple and Garmin. Any information you proactively upload from your device may also then be used for secondary use purposes. 
  • Data available to you
    • Personal details and demographics

     

    • Appointments and Appointment Letters - Future and past appointments together with A&E Attendances and hospital admissions may also be viewed here.  Some partner organisations are working to enable electronic Appointment letters and they will appear here.

     

    • Medication - GP prescribed medication, including repeat prescription and recent GP provided vaccinations. There is also an opportunity to enter self recorded medication within the ‘Over the Counter’ section.

     

    • My Health - GP test results will be shown here. Known allergies, family history, medical problems, lifestyle and measurements such as blood pressure will show here. Please note this will only be applicable if this information exists about you in your GP clinical system.
  • Amending your record in Personal Health Record

    Any information you have entered can be changed. You can delete a value if you have entered and saved it incorrectly; the value can be edited or the field can be left blank and then resaved.

    If you think there is a mistake or something missing in your information shown in the My Health section of the Personal Health Record, please contact the relevant Health or Social Care organisation who provide the information.

    It is important that you make all health and social care organisations that you receive care from aware of any changes to your personal details to ensure communication to you is not hindered.  Please contact each care provider to update your details.

    NB - It is important to note that the Personal Health Record service is not a real-time messaging and alerting system and health and social care professionals cannot view the data you add to it.

    Where you have an urgent or emergency health or social care requirement you should contact the appropriate urgent or emergency service using the normal method.

  • How your personal data will be used

    Personal Health Record will pull information from the Integrated Care Record One Health and Care; giving you a summary view of your record which will include data from your GP, as well as any Secondary Care, Community Services (including Mental Health) and social care providers involved directly in your care. This will allow you to view certain elements of you health and care record independently.

    If you self-record information such as blood pressure, blood sugar, weight, personal goals and over the counter medication or link up information from fitness wearables such as Fitbit, Apple and Garmin you will also be able to view this information in the Personal Health Record.

    It is important you are aware any information that you add to the app will then be available for data analysis under secondary use purposes, for example research or planning, monitoring and adapting the health and care services. At no time will the information viewed within the Personal Health Record service be passed to organisations for marketing or sales purposes or for any commercial use.

    Information sharing will always be used in line with each organisations responsibilities, where there is a legal basis to do so, and in line with your rights under Data Protection Legislation.

    The following types of organisation have committed to use the personal confidential data identified in this document solely for the purposes defined in this notice:

    • A patient’s registered practice or another practice providing care on behalf of the patient’s registered practice;
    • Ambulance and emergency services involved in your care;
    • Community Trusts involved in your care;
    • Hospital Trusts involved in your care;
    • Local authorities involved in your social care;
    • Mental health providers involved in your health care;
    • Specialist service providers involved in your health care; and
    • Voluntary sector providers (when acting on the instructions of Local Authority and NHS organisations).

    The information within Personal Health Record will be used in order to:

    • Deliver health and care services
    • Contact you if necessary
    • Obtain your opinion and feedback about the services provided
    • Ensure that partner legal obligations are fulfilled

    The data viewed within Personal Health Record may be used in an anonymised manner for the purposes of statistics and reviewing healthcare in the participating counties.

  • How your data maybe shared

    One Health and Cares’ Personal Health Record allows you to add additional information to your health and care record, this information may then be available for data analysis under secondary use purposes, for example research or planning, monitoring and adapting the health and care services. An Information Sharing Agreement is in place which commits each partner to appropriate standards of privacy, security and transparency.

    Where necessary information may be shared with other organisations that provide services on the partners behalf, but this will only be as part of your direct care. In such cases, the information provided is only the minimum necessary to enable them to provide services to you. These organisations would be required to retain your information in a secure manner and only use it to undertake the services they provide to you. 

    Your information would not be disclosed to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires the information to be passed on.

    At no time will the information viewed within the Personal Health Record service be passed to organisations for marketing or sales purposes or for any commercial use.

  • How your health and care information is looked after

    All the organisations which contribute data to One Health and Care collect, store and use large amounts of personal data every day and take the duty to protect your personal information and confidentiality very seriously.  Under Data Protection Legislation the partners have a legal duty to protect any information held about you and are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which they are responsible.

    Therefore measures are taken to safeguard your data and apply security standards and controls to prevent any unauthorised access. One Health and Care information is stored securely.

    You will need to keep your Personal Health Record credentials and passwords secure. You should consider who can also view your data while you access the app or website. If there is shared access to the device/s used to access the Personal Health Record service you will need to consider what steps you can take to ensure that your data is not visible or accessible to someone who uses the shared device after you. Steps you can take include:

    • Not using shared equipment.
    • When accessing the Personal Health Record service with a web browser doing so by means of “private” browser sessions.
    • Clearing the web-browser “cache” after you log out of the service

    You should remember if you provide others with access to your data the people you give access to will be able to see everything you can see and do everything you can do.

  • What are your rights?

    Under Data Protection Legislation you have various rights regarding your data. In relation to Personal Health Record the following rights could be requested.

    Access - You have the right to request access to information held about you by organisations that are providing your care. Personal Health Record provides you your own access to a summary of your health and care record.

    Rectification – If you think data held about you is factually incorrect that you have provided the data through the Personal Health Record app then will need to correct the data yourself. You can delete a value if you have entered and saved it incorrectly; the value can be edited or the field can be left blank and then resaved.

    If the data came from one of the health and care providers you have the right to ask for it to be corrected. You may be requested to provide evidence of the alleged inaccuracy. Please contact the applicable organisations using the information provided below.

    Restriction - You have the right to request the restricting of processing your data in certain scenarios, for example if you contest the accuracy of the data and the verification of its accuracy requires checking.

    Raise a complaint or concern – regarding how your data is handled to the relevant partner organisation.

    Due to the One Health and Care System viewable data being sourced from varying partners requests will need to go to the relevant originating organisation who can then process your request.  

    • For GP practices please contact your own GP surgery for guidance.
    • For each NHS organisation, please write to the Access to Health Records Department of the organisation that has generated the information.
    • For Staffordshire County Council please write to the Access Team at This email address is being protected from spambots. You need JavaScript enabled to view it.or post to: Access Team -Corporate Services, Staffordshire County Council, 1 Staffordshire Place, Stafford ST16 2DH
    • For Stoke-on-Trent City Council please write to Stoke-on-Trent, Civic Centre, Glebe Street, Stoke-on-Trent, ST4 1HH or 01782 234234

    The organisation should provide your information to you within one month (or two months if the request is deemed complex) following receipt of:

    • Adequate information (for example full name, address, date of birth, NHS number, etc.) so that your identity can be verified and your records located
    • An indication of what information you are requesting to enable the organisation to locate it.
  • Who to contact

    Please contact the respective organisation regarding information held about you, or if you have a complaint about privacy or misuse of data relating to one of the partner organisations. Contact details can be found under Who to Contact here.  

    If you have a specific query around the Personal Health Record please Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

    If you are not satisfied with a response from a partner of the One Health and Care partnership in regards to your above rights or believe your data is not being processed in accordance with the law you can raise this with the Information Commissioner’s Office (ICO).

    The Information Commissioner can be contacted at:

    Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    Or via: https://ico.org.uk/  

    Future updates to the privacy notice statements

    We may change and update this privacy notice at any time so please review it frequently.

    If you continue to use the Personal Health Record service application or website after changes are made you will be agreeing to those changes.

    Use of cookies

    Cookies are small text markers stored on your device that enable the One Health and Care Personal Health Record service to understand how you use the Personal Health Record.

    No personally identifiable information is stored in the Personal Health Record service cookies after the termination of your session. 

    A single cookie is permanently stored to hold your response to the most recent Personal Health Record cookie statement.

    You can control and delete non-essential cookies

    You can do this through your chosen internet browser.

    The browser’s help function will explain how.

    If you delete or restrict Personal Health Record cookies then it is possible that you will not be able to access the full Personal Health Record service and your user experience may suffer as a result.