Privacy Notice
What is the Know Diabetes Service?
Know Diabetes is a new service for people with, or at risk of, diabetes that provides information, insights, support, and access to educational courses. This is a relatively new concept enabling your GP to provide more specific and directed support. The service includes management of your referral to education and eLearning courses on behalf of and in partnership with your GP. Additionally, you have an option, through our Web Portal, to see your own diabetes-related appointment and test results, whilst also gaining advice and support in planning your own care. Our Website provides a rich mix of information, events and e-Learning. Throughout your engagement with the Know Diabetes Service your own GP Practice always remains in control of your personal and medical care-related information. The Know Diabetes Service will reach out to you predominantly by using email and mobile phone. While the service is a "digital by default" initiative, patients can access learning courses directly from their GP. Our "ReachDeck" functionality provides language translation services.
Your information, what you need to know
Your own GP Practice privacy notice will explain why they collect information about you, how that information may be used, how it is kept safe and confidential and what your rights are in relation to this. However, this shorter notice explains what you need to know about the KnowDiabetes Service.
Why we collect information about you
Healthcare professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare and help us to protect your safety.
We collect and hold data for providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form.
The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments.
Details we collect about you
The KnowDiabetes Service collects and manages records relating to how diabetes might be or is affecting your health. Additionally, we collect information about how well or how much our service has helped you or might help you in the future.
Records which the Know Diabetes Service may hold about you include the following:
- Details about you, such as your name and address
- Any diabetes-related contact the surgery has had with you, such as results, medications, and referrals to Diabetes courses or digital apps,
- Details about your treatment and care as might relate to diabetes
- Results of investigations, such as laboratory tests, x-rays,
- Information relating to your attendance at education courses and how useful you’ve found access to our digital solution set.
Records which the Know Diabetes Service will not have access to include the following:
- IVF treatment
- HIV and AIDS
- Sexually transmitted infections
- Gender reassignment
- Termination of pregnancy
- Free text from your GP record - that is, the notes your GP makes in your record when you visit them - is also not currently shared using the KDS .
How we keep your information confidential and safe
Everyone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient unless there are other circumstances covered by the law. The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure information is kept confidential and receive regular training on how to do this.
The health records we use may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel.
We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
Data processors and sub processors supporting Know Diabetes include:
London North West University Healthcare NHS Trust
Watford Road, Harrow, Middlesex, HA1 3UJ
MyWay Digital Health Limited
Company number SC555751
163 Bath Street, Glasgow, Scotland, G2 4SQ
Rocket CRM
Company Registration 10762262
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Voror Health Technologies Ltd
Company Registration No. 10538396
Registered Office: 13 Hanover Square, Mayfair, London, W1S 1HN
North East London ICB, NHS North East London, 4th Floor – Unex Tower, 5 Station Street, London, E15 1DA
All GP practices in North West London listed on the Data Controller Console.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- General Data Protection Regulation
- Human Rights Act
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
- Health and Social Care Act 2015
- And all applicable legislation
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.
How we use your information
The KnowDiabetes Service processes your information on behalf of doctors in GP Practices. That data is never shared with anyone without your doctor’s direction. The data is seen only by those administrators and health care practitioners to whom your doctor refers you for diabetes-related education and general diabetes-related information provision. This is called “social prescribing”. By holding your data in the KnowDiabetes system we are also able to alert your doctor when things change in your condition. We can inform you when courses become available and when new and relevant diabetes-related support information is posted on our website.
In terms of the data protection laws the service falls under “the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, and processing is necessary for the purposes of preventive or occupational medicine”
This effectively means that we can gather your data for the purposes of your medical care without consent. However, you can opt-out of personal data being used for these purposes. Instructions on how to do this can be found with your own GP.
Improvements in information technology are also making it possible for us to share data with other healthcare organisations in order to provide you, your family and your community with better care. For example, it is possible for healthcare professionals in other services to access your record with your permission when the practice is closed. This can is explained further at your practice or through their own individual privacy notices.
Under the powers of the Health and Social Care Act 2015, NHS Digital can request personal confidential data from GP Practices without seeking patient consent for a number of specific purposes, which are set out in law. These purposes are explained in your GP's own practice privacy notice.
You may choose to opt-out of personal data being shared for these purposes. When we are about to participate in a new data-sharing project we aim to display prominent notices in your Practice and on our website four weeks before the scheme is due to start. While you can opt out of sharing your record and it does not in any way impact your right to care, this may, in some instances, affect your care as important information about your health might not be available to healthcare staff in other organisations.
NHS Log In
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity.
To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you or the data controller, your GP practice, provide to us separately
Need to know more?
As indicated the KnowDiabetes Service is a service provided through your GP and managed by a central team working from NHS NWL Marylebone Road Office. If you need further and more in-depth information in relation to your statutory data protection rights please make the request to your GP practice or check their website.