Here at MyClinic we take security and information governance seriously. We want to ensure that the right clinician can communicate with the right patient at the right time, safely, and securely.
We act as a Data Processor for you, the Data Controller, when you are consulting with your patients using our service. As a data controller is it up to you as to whether you complete a Data Protection Impact Assessment (DPIA). As a data processor on your behalf, we unfortunately cannot complete a DPIA for you. If you require help filling in a DPIA, please e-mail [email protected] and we can share a template with you.
By agreeing to participate in a video consultation, and opening up the MyClinic website, and entering their 6 digit-code, the patient is indicating their consent to proceed with a video consultation. At any point throughout the process a patient can dissent by either leaving the video consultation, or not participating in any of the steps above.
NHSX have released a statement to this effect here
"We encourage the use of videoconferencing to carry out consultations with patients and service users. This could help to reduce the spread of COVID 19. It is fine to use video conferencing tools such as Skype, WhatsApp, Facetime as well as commercial products designed specifically for this purpose.
The consent of the patient or service user is implied by them accepting the invite and entering the consultation. But you should safeguard personal/confidential patient information in the same way you would with any other consultation." - NHSX
Personal device use
MyClinic does not store any patient information on any device you use. Therefore, according to NHSX guidance, personal devices may be used to carry out Video Consultations
"You can use your own devices to support video conferencing for consultations, mobile messaging and home working where there is no practical alternative.
Reasonable steps to ensure this is safe include: setting a strong password; using secure channels to communicate e.g. tools/apps that use encryption; and not storing personal/confidential patient information on the device unless absolutely necessary and appropriate security is in place.
Information should be safely transferred to the appropriate health and care record as soon as it is practical to do so." - NHSX
Is MyClinic NHS approved?
Medicalchain.com Ltd (owners of MyClinic) is registered on the NHS Dynamic Purchasing System (DPS) framework and have completed the NHS Data Security and Protection Toolkit (Organisation Code: 8JX30). The company adheres to all GDPR regulations and is registered with the UK Information Commissioner's Office (ICO). We have completed the Cyber Security Essentials certifications run by the UK Government National Cyber Security Centre.
Our primary IT infrastructure and servers are based within the European Union (EU). All communication between the patient's browser, MyClinic’s service, and the clinicians’ browser is transmitted over an encrypted connection. In addition, our video service will always attempt to create a ‘peer-to-peer’ connection between the clinician and the patient first. In a small number of cases where this is not possible (due to firewall restrictions) the encrypted traffic is relayed through relay servers based on the region the clinician is in or has selected.