Digital consent

Data is entered into the digital consent application by a doctor or an appropriately qualified healthcare professional. They modify the consent information to meet the needs of the individual patient and then either share it with the patient immediately or send it to them via email or text message to review later. After reviewing the information provided, the patient can document their consent to the proposed treatment or ask their healthcare professional for further information.

The Google Cloud Platform (GCP) is used for all hosting and data processing, within a data centre in the UK. GCP is compliant with all healthcare information governance requirements. Once the consent episode is completed, a pdf version of the consent form is automatically transferred into the trust’s Electronic Patient Record (EPR) systems.

All data is protected following industry best practice with regard to access controls and encryption. The trust manages clinician’s access and password strengths rules are enforced. Patients are sent an email with a unique link and enter their date of birth in order to verify their identity. All data is stored using leading encryption methods and is transferred securely.

The Trust manages clinician’s access and password strengths rules are enforced. Patients are sent an email with a unique link and enter their date of birth in order to verify their identity. All data is stored using leading encryption methods and is transferred securely.

The data will only ever be used by Northumbria Healthcare NHS Foundation Trust to manage the consent process as part of your treatment. It will not be used for any other purposes, such as research or population health management, unless we contact you and specifically ask for permission to do so.

Provided your consent has been shared with you by the clinician in charge of your care, you can sign your consent via your smartphone or computer at home if you have access to the internet by using your finger or with an accessory which is capable of capturing an electronic signature.

Yes. Our process remains the same. If you are a parent, guardian, person with legal responsibility for another, you will still be able to sign on behalf of the patient. For more information you can discuss this further with your clinician.

The most common reason is when the communication is for a family member who we have your mobile phone number or email address for (e.g. a child) you need to use their date of birth to verify and not your own. Try this first. If you still cannot log in with your details, please use the contact details provided in the communications we sent to you.

Your text message will be addressed from “Concentric”.
It will read ‘Dear [Name]’ and will provide a secure, randomly generated link which you can only open with the date of birth which you have confirmed with Northumbria Healthcare NHS FT.
Your email message will be addressed from “Northumbria Healthcare NHS Foundation Trust (via Concentric) notifications@concentric.health”
It will be titled “Important information about your upcoming treatment”.
It will include the Northumbria NHS logo and will read ‘Dear [Name]’
The ‘View my information link’ will only be accessible by using the date of birth you have confirmed with Northumbria Healthcare.

No, this service is free to our patients.

Yes, please contact click here for further information.

Paper consents will still be available for a while, and you can discuss this with the clinician in charge of your care at the time.

Yes, your consent can be revoked if you wish. You should use the contact details provided in the communications we sent to you to raise your concerns and they will liaise with the clinician in charge of your care.

Northumbria Healthcare lead and manage the digital patient consent process in partnership with Concentric Health.
Concentric Health are a UK based company with headquarters in Cardiff, Wales.
Concentric Health Ltd.
Registration number: 10733991.
Address:
Concentric Health
sbarc | spark
Maindy Road
Cardiff
CF24 4HQ
You can find out more information on the Concentric website - https://concentric.health/patients/

You may be contacted electronically after you have signed your consent in order to complete a short survey in regards to your experience of the consent process. By completing this survey you are contributing to the potential improvement of our consent services, however it is entirely your choice if you wish to complete this survey or not. Whilst currently you can’t opt out of receiving the survey, you can opt out completing it.

Please note the survey is managed and run by Northumbria Healthcare  to help us understand your experience using Concentric - the survey is not about the care you have received.

You may receive genuine communication from your clinician from Northumbria Healthcare in partnership with Concentric, either as an email from the email address notifications@concentric.health or a text from a mobile contact named ‘Concentric’.

Yes, Concentric are registered with the Information Commissioner (ICO). Please click here for further information.

GDPR and data protection legislation defines different types of data. This system uses your ‘Personal data’ which is data that can be used to directly identify someone and ‘Special category data’ which is sensitive data that usually requires more protection.

The following personal data is processed: title, given name, family name, date of birth, gender, patient identification number (e.g. NHS number), mobile phone number and email address. This data is required for clinical safety purposes, as (with the exception of email address) it needs to be displayed on-screen during all clinical interactions. It is best practice to share consent information with patients, and therefore an email address and mobile phone number is stored to allow communication of the consent process.

The following special category data, i.e. data relating to health, is also processed: name of treatment, indication and purpose of treatment, alternatives and risks discussed, and name and job title of clinicians who have been involved in providing care. This information is required as it is documented on the consent form.

Under the General Data Protection Regulation (GDPR), organisations can only process personal data if there is a lawful basis for doing so. Where Concentric is used, Northumbria Healthcare is the data controller, and Concentric Health is the data processor for the Trust.

The legal basis for processing is that of ‘direct care’. Healthcare organisations have a requirement to receive and record procedural consent as part of providing care. The contract between the healthcare organisation and Concentric Health to deliver a digital consent platform provides Concentric Health’s ‘direct care’ legal basis for processing. Click here for further information.