Data Collected by Patient Watch
For a summary of our processing activities (consistent with UK GDPR Article 30 expectations), see Records of processing (summary).
At Patient Watch, our data strategy is centered on two key principles: Data Minimization and Access Controls.
We prioritize collecting only the necessary personal data to fulfill our purpose, reducing any associated risks. Simultaneously, we implement role-based access controls, ensuring that patient data access is tailored to specific user roles. This dual approach enables us to secure and GDPR compliant data environment, reinforcing the trust and confidentiality of the information we handle.
- Data Minimization: - Collect and process only the minimum amount of personal data necessary for the intended purpose, reducing the risk associated with handling excessive or irrelevant information.
- Data Encryption: - Encrypt all data transmitted between the web app and servers using state-of-the-art encryption protocols to ensure confidentiality during transmission.
- Access Controls: - Implement role-based access controls to restrict access to patient data based on user roles, enhancing overall data security.
Access to a Patient Diary
The follow data is collected from patients in electronic diaries within the app. All information is used to improve the standard of patient care.
| Patient | Clinician | Admin | |
|---|---|---|---|
| Comments | Edit | View | Edit* |
| Photos | Edit | View | Edit* |
| Pain Scores | Edit | View | Edit* |
| Clinical Actions | View | Edit | View* |
- In special circumstances, an administrator could be given access to view or edit a diary on behalf of the provider.
Personal Data Stored by Patient Watch
To minimise collection, different users must provide different data. If data is collected it is for one or more of the following reasons:
- Improve app experience (e.g. Phone number for sending SMS diary reminders)
- Support direct care, service delivery, clinical audit, service evaluation, registry activity, research, post-market surveillance, and clinical trials.
- Produce appropriately governed pseudonymised or aggregated reporting, analytics, and evidence outputs for healthcare and life sciences organisations where permitted by law and contract.
| Data | Clinician | Patient |
|---|---|---|
| Name | 1 | 1 |
| 1 | 1 | |
| Phone Number | - | 1 |
| GMC | 1 | - |
| NHS Number | - | 1 |
| Hospital Number | - | 1 |
| Date of Birth | - | 1 |
| Time Zone | 1 | 1 |
| Patient Images | 2 | 1 |
| Patient Pain Scores | 2 | 1 |
| Patient Blood Results | 2 | 1 |
Diaries linked to providers and patients contain additional data required for staff decisions and for audit, service evaluation, research, registry, post-market surveillance, and clinical trial purposes.
Patient Watch does not sell directly identifiable patient personal data. Where permitted by law, contract, and applicable governance requirements, appropriately pseudonymised datasets or aggregated outputs may be shared or licensed for audit, research, trials, and commercial healthcare or life sciences use.
For any inquiries or concerns, contact us at info@patient-watch.com.