ADVERTISEMENT: Services or products are not endorsed by the Trust.

E-consent

To improve our consent process so that the Trust meets the National standards for obtaining patient’s consent as well as supporting patient decision making about their treatment, The Dudley Group are using a new digital consent application by Concentric Health.

We expect to see the following benefits from E-Consent:

  • Accessible and convenient – can be used remotely, saves time and effort
  • Quicker to process and reduces delays in obtaining consent
  • Facilitates General Medical Council recommended two stage consenting
  • Improves patient engagement – multi-media and interactive features can enhance comprehension and patient engagement with a better experience
  • Eco-friendly – no paper usage so it contributes to environmental conversation and aligns with sustainability goals, highlighting the Trust’s commitment to ecological footprint
  • Helps maintain a reliable audit trail for the Trust to see how consent was given

Frequently asked questions

Who are Concentric Health?

Concentric Health are a UK based company with headquarters in Cardiff, Wales.

Concentric Health Ltd.

Registration number: 10733991

Address: Tramshed Tech, Pendyris Street, Cardiff, CF11 6BH

You can find out more information on the Concentric website.

How does the process work?

Within the clinic, data is entered into the Concentric application by a Doctor or other appropriately qualified Healthcare Professional to share information with patients about proposed treatments or procedures. They modify the consent information to meet the needs of the individual patient and then either share it with the patient immediately or send it to them to via e-mail or SMS to review later.

After reviewing the information provided, the patient can digitally sign their consent to the proposed treatment or ask their Healthcare professional for further information.

How will I be contacted by Concentric?

You may receive genuine communication from your clinician via Concentric, either as an email from the email address notifications@concentric.health, or as an SMS from a mobile contact named ‘Concentric’.

Where is my data stored?

Concentric Health uses Google Cloud Platform (GCP) for all hosting and data processing, within a data centre in the UK. GCP is compliant with all healthcare information governance requirements.

Once the consent episode is completed, a pdf version of the consent form is automatically transferred into the Trust’s electronic patient record system.

How is my data protected?

All data is protected following industry best practice with regard to access controls and encryption.

The Trust manages clinician’s access and password strengths rules are enforced. Patients are sent an email with a unique link and enter their date of birth in order to verify their identity.

All data is stored using leading encryption methods and is transferred securely.

What data is collected and processed?

GDPR defines different types of data (See this link).

Concentric uses ‘Personal data’ which is data that can be used to directly identify someone and ‘Special category data’ which is sensitive data that usually requires more protection.

The following personal data is processed: title, given name, family name, date of birth, gender, patient identification number (e.g. NHS number), mobile phone number and email address. This data is required for clinical safety purposes, as (with the exception of email address) it needs to be displayed on-screen during all clinical interactions. It is best practice to share consent information with patients, and therefore an email address and mobile phone number is stored to allow communication of the consent process.

The following special category data, i.e. data relating to health, is also processed: name of treatment, indication and purpose of treatment, alternatives and risks discussed, and name and job title of clinicians who have been involved in providing care. This information is required as it is documented on the consent form.

Under the General Data Protection Regulation (GDPR), organisations can only process personal data if there is a lawful basis for doing so. Where Concentric is used, the Dudley Group NHS Foundation Trust is the data controller, and Concentric Health is the data processor for the Trust.

The legal basis for processing is that of ‘direct care’. Healthcare organisations have a requirement to receive and record procedural consent as part of providing care. The contract between the healthcare organisation and Concentric Health to deliver a digital consent platform provides Concentric Health’s ‘direct care’ legal basis for processing.

What will the data be used for?

The data will only ever be used by the Dudley Group NHS Foundation Trust to manage the consent process as part of your treatment. It will not be used for any other purposes, such as research or population health management, unless we contact you and specifically ask for permission to do so.