GDPR COMPLIANCE STATEMENT
Flynotes and MyFTC (Acea Health Ltd) treats your privacy and confidentiality with the highest importance. The following outlines the key areas of compliance of MyFTC with GDPR to ensure legitimate use of patient data, for clinicians using the MyFTC system.
A full privacy notice is available here: (https://www.flynotes.co.uk/privacy-policy-1.pdf)
WHAT INFORMATION WILL BE PROCESSED?
The information that is processed for MyFTC is separated into three categories:
1. Patient data
2. User or clinician data
3. Statistical data
WHY WILL THIS INFORMATION BE PROCESSED?
Patient data may be entered directly into MyFTC by your clinician. Patient data may also be transferred from external systems into MyFTC with clinician approval. This is limited to name, date of birth, address (optional), treatment and equipment used in the treatment room.
The reasons behind entering the patient data are to ensure that a full clinical audit trail is available for the patient which can be linked back to the main medical record, by a unique code which is entered onto the record. The clinician will need to input the name of the treatment then select the equipment which is used to carry out procedure. The calculations in MyFTC are based on the equipment used and the audit trail against the treatment undertaken must be available to ensure the appropriate equipment has been entered against the appropriate treatment, otherwise the calculations may not be accurate. Inaccurate calculations could put both the clinical and the patient at risk of Coronavirus.
The data processed will also include an audit trail of user (clinician) access which is linked to the patient being treated at the time. The audit trail may also be used in the event that the fallow times were contested or there was a need to demonstrate compliance to the guidance, to help ensure clinical safety for the patient.
User or clinician data is needed for registration to use MyFTC and maintain a complete audit trail of user access. The location and treatment room details, including ventilation data, are important to ensure that the calculations provided by MyFTC are accurate, to ensure that the clinical and the patient are not at increased risk of Coronavirus.
Statistical data is, by its nature, not identifiable data and therefore not under GDPR. This anonymised, aggregate data may be shared with partners of Acea Health in order to improve the services that are provided to you.
HOW IS THIS INFORMATION KEPT SECURE?
The personal and special category data that is entered into Flynotes and/or MyFTC is hosted securely by Amazon Web Services (AWS). This is data held 'in the cloud'. This data is not shared with any party outside of the data controller (the treating clinician), unless an exemption under GDPR applies. Acea Health act as a data processor on behalf of the data controller. All data is hosted and encrypted within Amazon Web Services (AWS) in Dublin, with the data back up on servers in London. For detail on AWS privacy follow this link: https://aws.amazon.com/privacy/