Data protection and privacy
We take our responsibility to protect your patients and practice data seriously. Substrakt Health are fully supportive and compliant with the Data Protection Act 2018 and General Data Protection Regulation (GDPR).
Obtaining patient consent for accessing their data and local services in and out of your practice is a key requirement for any digital solution, our app being no exception.
Therefore, our app has an in-built dynamic consent model that enables a patient to control and provide their consent at the point of registering for the app and/or using the services within the app.
Substrakt Health staff and products comply with our Confidentiality Policy as required by the NHS Data Protection and Security Toolkit (DPST). Furthermore, we will follow your practice Confidentiality Policy, if appropriate, to ensure patient’s records and information is always handled in the strictest confidence and with their consent.
Roles and responsibilities
With our app, you remain the Data Controller for the patient’s data as you currently are as the Registered GP. Substrakt Health will become a Data Processor for any patients who have registered to use the app. The patient remains the Data Subject and is provided full rights and control to their data and how it processed under GDPR and within our app.
Data sharing agreements
The app provides a patient access to their own data as the Data Subject, thus no Data Sharing Agreement (DSA) is required for the app itself. However, if you offer services via the app that are either delivered by non-registered practice organisations or staff, a DSA will be required. Substrakt Health can provide support and examples of such an agreement upon require to ensure you are fully compliant.