Yes. The software and databases that makes up appthealth are all hosted in the UK and personal data transferred out of the EU is only ever to organisations covered by Privacy Shield. In order to be an assured partner of NHS Digital (as we are) a provider must be GDPR compliant.
Yes. No system is ever completely safe, but we follow data minimisation practices (only storing the data we legitimately need to run our service, and then only storing it for as long as is required) and we pseudonomise or anonymise personal data to further reduce the risk of sharing unnecessary data with appthealth. It is our mission to make sure that any patient data shared with us is as safe as possible.
Because you’ll need to share (limited) patient data with appthealth for us to invite and book patients into suitable appointments, it is a legal requirement that there is a data processing agreement between appthealth (the “data processor”) and your practice (the “data controller”) that explains what data is being shared and for what purpose. We make sure that this agreement is in place before we set up your account to ensure we’re fully compliant with all relevant regulation.
We are regulated by the Information Commissioners Office and by NHS Digital, including the completion of the NHS Data Security and Protection Toolkit and the requirements set on appthealth as part of the assurance process for NHS Digital APIs.
You can permanently cancel your account in just a couple of clicks in your account settings when you’re logged in to your management portal. Patient data will still be kept in an encrypted format for GDPR auditing and reporting requirements including subject access requests.
No. appthealth will never sell any patient data on to third-parties. This restriction is clearly stated in the data processing agreement that is put in place with each practice before any data is shared with us.
Personal Information means information that identifies you personally such as your name, photo or contact details or data that can be linked with such information in order to identify you.
You give us your personal information about yourself when you enter your details into any form on this website. The data entered into a form on the Appt Health website will only be used for the purpose agreed upon for that particular form. Information collected across the forms is:
Once the data is collected your information may be transferred into a secure database at Hubspot or MailChimp for storage, and your contact preferences will be recorded.
We may also collect certain information by automated means, such as cookies and web beacons, whenever you visit our Site. This could include IP address, browser type, operating system, referring URLs, information on actions taken on a site, and dates and times of site visits.
We may collect details of your use of the site. This includes page interaction and Online Services site activity, such as if you have clicked through from a notification message, if you have completed specific surveys or how easy or difficult you find the log on process. Where required, this is linked with demographic and appointment information to provide a clearer picture.
We collect personal information about you from health care providers to facilitate your use of the Services. This information includes:
We may use your personal information for the following purposes:
Your personal information is stored until such a time as all the healthcare providers who utilise this information, cease to be Appt clients/partners and will be deleted or anonymised within 30 days of the end of the contractual relationship.
When determining the relevant retention periods, we will take into account factors including:
Otherwise, we securely erase your information once this is no longer needed.
We share your personal information with you as well as doctors and admin staff working at your relevant healthcare providers.
We may pass your personal information to other third-party suppliers, such as technology services firms, in order to enable us to provide the services to you. In particular we share your personal information with third party suppliers in order to send you relevant communications (via email, letter, interactive voice messaging or SMS) about your healthcare provider appointments.
We share your personal information with law enforcement agencies, regulators, courts or other public authorities if we have to, or are authorised to by law.
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity.
We don't sell your personal information to third parties.
We store your personal information on servers located in the UK, which is within the EEA. However, where you complete a survey or assessment on the site, your personal information from such survey or assessment is transferred to the United States. Where your personal information is transferred outside the EEA, security measures and appropriate safeguards are put in place to protect your information and we ensure that all transfers of your information comply with applicable data protection law, and are carried out in accordance with our instructions. We have in place EU Model Clauses with any party your information is transferred to outside the EEA, as an adequate safeguard. To find out more about how we safeguard your information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please contact us via the details provided in the ‘Contact us’ section below.
All the data we collect about you as an individual is held in private networks with multiple levels of security including industry leading encryption and access controls. Our data centres are accredited to the standards set out by the NHS and GCHQ/CESG for protecting the healthcare information of UK citizens.
By law, you have a number of rights (subject to certain conditions) when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country.
In relation to personal information we process for the purposes of providing services to you on behalf of your healthcare provider, you will need to contact your relevant healthcare provider to exercise or enquire about these rights. For personal information you have provided on www.appt-health.co.uk and through other means such as a survey or assessment. you can contact us using the details in the ‘Contact us’ section below to exercise any of these rights (as applicable) or to find out more about the information we hold on you as a Data Controller**:**
The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving emails from us notifying you about other services we have which we think will be of interest to you or being contacted with varying potential opportunities).
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by writing us on the email address below.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information that we hold by writing to us on the email address below.
The right to restrict processing. You have rights to ‘block’ or supress further use of your information. When processing is restricted, we can still store your information, but will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.
The right to data portability. You have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator.
The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your information at any time by contacting us using the contact details below.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
As a patient, you can opt out of Appt in a number of ways depending on what is required:
We're always happy to talk. If you have any questions or concerns, please email firstname.lastname@example.org and we'll do everything we can to help.