I have some questions about digital consent.

A doctor or other healthcare professional enters data into the digital consent application.

They update it with your details before sharing it with you at the time or sending it by email or text message to look at later.

After checking it, you can either consent to the treatment or ask for more information.

All hosting and data processing is through the Google Cloud Platform (GCP), in a data centre in the UK. GCP is compliant with all healthcare information governance requirements.

Once completed, a pdf version of the consent form transfers to our Electronic Patient Record (EPR) systems.

We protect all data following industry best practice on access controls and encryption. We have strict requirements on clinician access and password strengths.

We send you a unique link. You then enter your date of birth to verify your identity.

We store all data using leading encryption methods and transfer it securely.

We will only use your data to manage the consent process for your treatment.

We will not use it for any other purposes, such as research or population health management. The only exception is if we contact you and specifically ask for permission to do so.

Yes. When shared by your clinician, you can sign your consent at home using your smartphone or computer.

You will need internet access. You can sign using your finger or an accessory which can capture an electronic signature.

Yes. Our process remains the same. If you are a parent, guardian, person with legal responsibility for another, you can still sign on behalf of the patient.

For more information, please talk to your clinician.

I have some issues or want to change my mind and need help.

The most common reason is when the consent is for a family member, but we have your mobile phone number or email address. For example, for a child. You need to use their date of birth to verify and not your own.

If you still cannot log in with your details, please use the contact details provided in the communications we sent to you.

Your text message will come from ‘Concentric’.

It will read ‘Dear [Name]’ and will provide a secure, randomly generated link. You can only open this link with the date of birth you have confirmed with us.

Your email message will come from ‘Northumbria Healthcare NHS Foundation Trust (via Concentric)’ and the address notifications@concentric.health

The subject will be ‘Important information about your upcoming treatment’. It will include the Northumbria NHS logo and will read ‘Dear [Name]’. You can only open the ‘View my information’ link with the date of birth you have confirmed with us.

No, this service is free to our patients.

You will need internet access to open the link.

Yes, please see our privacy notice for more information.

Paper consents will still be available. Please talk to the clinician in charge of your care.

Yes, you can revoke your consent if you wish. Use the contact details provided in the communications we sent to you. They will liaise with the clinician in charge of your care.

More about the organisation we have partnered with to run digital patient consent.

We lead and manage the digital patient consent process in partnership with Concentric Health.

Concentric Health is a UK-based company with headquarters in Cardiff, Wales.

Concentric Health Ltd. Registration number: 10733991.

Address:
Concentric Health
sbarc | spark
Maindy Road
Cardiff
CF24 4HQ

Find out more on the Concentric website.

We may contact you after you have signed your consent to ask you to complete a short survey about your experience of the consent process.

This helps us improve our services. However, it is entirely your choice if you wish to respond or not. You cannot opt out of receiving the survey, but you can opt out of completing it.

Please note the survey is to help us understand your experience using Concentric. It is not about the care you have received.

Contact will come either as an email from notifications@concentric.health or a text message from a mobile contact named ‘Concentric’.

Yes. Please click here for further information.

GDPR and data protection legislation defines different types of data. This system uses your personal data, which is data used to directly identify someone, and special category data, which is sensitive data that usually requires more protection.

We process the following personal data:

  • Title
  • Given name
  • Family name
  • Date of birth
  • Gender
  • Patient identification number (e.g. NHS number),
  • Mobile phone number
  • Email address

We need this data for clinical safety purposes, as (apart from email address) it needs to be on screen during all clinical interactions. It is best practice to share consent information with patients. Therefore, we store an email address and mobile phone number to allow communication of the consent process.

We process the following special category data, i.e. data relating to health:

  • Name of treatment
  • Indication and purpose of treatment
  • Alternatives and risks discussed
  • Name and job title of clinicians involved in providing care

We need this information as it is a requirement of the consent form.

Under the General Data Protection Regulation (GDPR), organisations can only process personal data if there is a lawful basis for doing so. Where we use Concentric, Northumbria Healthcare is the data controller, and Concentric Health is the data processor for the trust.

The legal basis for processing is that of direct care. Healthcare organisations have a requirement to receive and record procedural consent as part of providing care. The contract between Northumbria Healthcare and Concentric Health to deliver a digital consent platform provides Concentric Health’s ‘direct care’ legal basis for processing. Click here for further information.