Introduction
QI Notify-EmLap is a digital audit and feedback tool to support education, learning and quality improvement along the emergency laparotomy pathway at the Dudley Group NHS Foundation Trust (DGNHSFT). It is available for use by approved members of staff who have responsibilities for this pathway and provides them with a narrative and timeline description of each patients care (‘mini case review’) helping staff assess how closely this was aligned with recognised standards. These mini case reviews are used to improve training and provide insight to what constitutes best care. The individual patient reviews become available shortly after the episode of care has occurred and can be securely viewed via the QI Notify-EmLap App on a user’s smart device. Users are notified a new review is available and can chose when and where to view this facilitating personal reflection, educational discussion, and wider pathway learning. The App acts as a portal to view each review, no patient data is stored on the user’s device.
For further information about the use of personal data, please refer to the Trust’s privacy notices via the links below. Further information can be requested from the Trust’s Information Governance team via dgft.info.gov@nhs.net .
- DGNHSFT Overarching Privacy Notice
- DGNHSFT Summary Privacy Notice for Patients
- DGNHSFT Staff Privacy Notice
DGNHSFT has a responsibility to ensure that the information / data managed across our sites and services (which includes your personal data) is processed in accordance with the principles of Data Protection Legislation and, the General Data Protection Regulations (GDPR). DGNHSFT are compliant with these data standards and has also completed the NHS Data Security & Protection Toolkit.
For additional security the QI Notify-EmLap app requires a login to access even after unlocking the phone. In addition, the program will automatically log out after a period of non use to prevent unauthorised access.
Staff personal information
In order to administer the QI Notify-EmLap system, the following personal information is processed for staff eligible for a QI Notify-EmLap account at DGNHSFT:
- First Name
- Surname
- NHS email address (this will be your username)
- NHS Role and grade (eg consultant surgeon, anaesthetic trainee, theatre nurse, general manager etc)
- Date of Birth
- GMC Number (or other professional body registration number if applicable)
- Current expected end date (The date you are expecting to finish working in a role/team at DGNHSFT which includes responsibilities for the care of patients along the emergency laparotomy pathway)
- Operating system(s) on the smart device(s) used to access QI Notify-EmLap.
DGNHSFT will process this type of data under the GDPR legal basis Article 6
- 6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
Users are unable to opt out of the processing of the above information unless they close their account.
How long does QI Notify-EmLap store your personal information?
When you set-up your account you choose an ‘expected end date’ (up to a maximum of 2 years from date of registration). As you approach this date you will receive notifications offering you an option to extend this if you will remain in a role/team with responsibilities for emergency laparotomy pathway patients. If you take no action, your account will automatically be deleted when you reach the ‘expected end date’. You can request the QI Notify-EmLap administrators delete your account at any time.
Sharing of data
We do not share your data beyond those who need to use it for the following purposes
- Administer the system
- Provide you with the service
- Respond to any queries from you related to your account or the use of the QI Notify-EmLap solution, and
- To seek your opinion on the solution and how it may be improved.
We do not use your data for the purpose of marketing nor to provide any information on products and services.
Use of profiling
Profiling is automated processing of personal data to evaluate certain things about an individual. There is no profiling carried out within the QI Notify-EmLap solution.
There is no functionality within QI Notify-EmLap which allows users to share app data with other users.
Patient personal information
QI Notify-EmLap uses patient identifiable data which is already present within a patient’s hospital and NELA (National Emergency Laparotomy Audit) data records to produce the ‘mini reviews’ of care. This data is required so staff can link the review to the correct patient, allowing accurate case by case reflection on both their own and others contribution to care, facilitating training, insight and embedding best care.
We use the minimum amount of information required to inform the people who need to know to provide you care.
As described in the Trusts ‘Privacy Statement for Patients’ this information is used
- To review the care we provide to our patients to ensure it is of the highest standard and quality
- To help train and educate healthcare professionals .
All the data used is already present within existing patient records, no new information is collected. Data collected includes:
- First Name
- Surname
- Gender
- NHS Number
- NELA Identification Number
- Clinical data relating to the admission which included the emergency laparotomy (Source NELA record and clinical record).
Secure transfer and storage of data used in QI Notify-EmLap
All data associated with QI Notify-EmLap is stored securely using Amazon Web Services (AWS) on servers based in the UK complying with appropriate regulatory standards.
All communication transmitted or received by the apps is encrypted. The system uses industry standard Transport Layer Security (TLS) to encrypt all inbound and outbound communications with the QI Notify server over HTTPS. Push notifications to the apps use Google’s Fire-based cloud messaging or Apple’s push notification service to deliver messages. Communications to these services are encrypted in the same manner, as are any push notifications delivered to the device.
Cookies – use of your information
We use cookies and similar technology when you visit our website and use our mobile app. The website cookies merely log general visitor statistics which are collected and used to improve and maintain the website for the benefit of visitors. Cookies used on the mobile app are required to ensure functionality and collect basic usage data. If users do not accept these cookies they would not be able to use QI Notify-EmLap.
Please note, if you follow a link to an external website, DGNHSFT’s policies no longer apply and you will need to make yourself aware of that website’s policy.
Right to rectification
If you are aware of information that we hold about you, that you believe to be incorrect or misleading, you have the right to make a request for rectification under Article 16 of the GDPR. In most cases, you may also be able to request that incomplete personal data be completed. Requests can be made verbally or in writing by contacting QI Notify-EmLap admin via the SUV directorate management team at DGNHSFT. We will respond to all requests for rectification within one month of receipt. Please note that in certain circumstances, we may either extend the response time or refuse a request for rectification based on the complexity of the request.
Unauthorised Access
We have a policy for managing data confidentiality breaches and this can be obtained from our Data Protection Officer using the following email address: dgft.dpo@nhs.net.
No data is added by users in the app and therefore a child is unable to provide or access personal data, however, if there is a concern that a child has accessed the app unintentionally, please contact our Data Protection Officer at the above email address.
The right of restriction of processing
Under Article 18 of the GDPR, in certain circumstances, you have the right to restrict the processing of personal data we hold about you. This means that you can limit the way that we use your data. This is an alternative to requesting the erasure of your data.
You have the right to request the restriction in the processing of your personal data in the following circumstances:
- You contest the accuracy of your personal data and we are verifying the accuracy of the data;
- The data has been unlawfully processed (ie in breach of the lawfulness requirement of the first principle of the GDPR) and you oppose erasure and request restriction instead;
- We no longer require the personal data but you need us to keep it in order to establish, exercise or defend a legal claim; or
- You have objected to us processing your data under Article 21(1), and we are considering whether our legitimate grounds override those of yours.
Requests to restrict processing of your data can be made verbally or in writing by contacting QI Notify-EmLap admin via the SUV directorate management team at DGNHSFT or via email via dgft.qinotify.rhh@nhs.net . We will respond to all requests within one month of receipt.
The Data Controller responsible for keeping your information confidential is:
Dudley Group NHS Foundation Trust
Russells Hall Hospital
Pensnett Road
Dudley
DY1 2HQ
Privacy policy of development partners
Dudley Group NHS Foundation Trust commissioned Exploding Phone to develop the software behind the QI Notify-EmLap solution. Their privacy policy can be accessed via this link: https://www.explodingphone.com/privacy.php .
Dudley Group NHS Foundation Trust also commissioned ORCHA (Organisation for the Review of Care and Health Apps) to support us in delivering this safe and secure digital health solution. Their privacy policy can be accessed via this link: https://orchahealth.com/privacy-policy/ .
