How we use your data

Summary

The purpose of Medli is twofold:

• To provide patients and carers with an app which:
• supports them in managing multiple conditions in a single app, 
• gives them access to insights derived from the data they input & national datasets relevant to their conditions, and 
• allows them to share their data in a secure, anonymised format with researchers, life science companies and the Charities with whom they are affiliated  
• To use the data gathered from our users and other external organisations to power research into new treatments and improve outcomes for patients

As such, we treat your data with utmost confidence and care.

Data collection & protection

• Our data policies were written to be in line with the GDPR and the Data Protection Act 2018
• More information about data collection and processing can be found in our privacy policy
• We collect data from you directly (details below)
• We exchange data about you with our data partners (details below)
• We combine and link these data sources where possible, using information you provide
• We use this data to:
• allow you to use the app
• support and guide patients
• perform analysis to guide future development of the app
• share – in anonymised and pseudonymised formats (see below) – with researchers, whether commercial, non-profit, or academic, for the purposes of developing new treatments and improving patient outcomes
• Please note: any researchers wanting to access pseudonymised data go through a strict vetting and approval process, and have to commit to legal terms which define the ways in which they may use the data.
• We keep this data on servers accredited to ISO 27001 standards, located in the UK
• We retain this data for as long as is necessary to meet contractual, legal and regulatory requirements
• Should you pass away, we would retain your data and continue to include it in the data we would make available to researchers. However, if you do not wish this to be the case, a carer or family member can contact us and instruct us to remove the data.
• Please note, that if there is a concern that you are at risk of harm to yourself or others, we may need to break confidentiality to take appropriate action

Anonymisation & pseudonymisation

Anonymisation and pseudonymisation are de-identification processes that maintain your privacy while allowing us to share just enough data that is valuable to research. 

In both cases, all direct identifiers are removed; this means information such as name, full date of birth, detailed location, etc.  This information is never shared with anyone outside of the app, and is only visible to administrative staff. 

Anonymous data is data that has had all information that could identify an individual removed.  Identifiable data is broad in scope, and includes anything that could be used to identify you amongst a set of data.  This means things like name, age, hospitals visited, and health conditions. In the context of Medli and the data it shares for research, we provide anonymised data in the format of grouped / aggregated data.  We apply controls recommended by the NHS, the ICO, and the ONS to the data, which make it very difficult for people to use the data to identify an individual. 

Pseudonymised data removes direct identifiers like patient ID or NHS number and replaces them with an arbitrary ID or pseudonym. In the context of Medli and the data it shares for research, we take further measures like removing the day from date of birth (i.e. month & year only). We provide pseudonymised data in row-level format, which is more useful for research.  Pseudonymised data would include things useful to research, like information about your condition, treatments, and so on, but where non-relevant, other information about you is withheld or abstracted as much as is possible. 

Opting out

If you’ve been using Medli and would like to be removed from our database:

• To be removed from the Medli – contact us
• To be removed from one of our partners’ datasets – contact our data partners
• You may need to provide us with a small amount of personal data (e.g. full name, date of birth and NHS number) so that we can find and remove you from Medli
• To request removal on someone’s behalf, e.g. if you are a parent or carer, please contact us and we’ll do our best to help

What happens after you opt out

• Your personally identifiable data and Medli account will be completely removed from the Medli database
• We will keep a small amount of information about you relating to your request to be removed for auditing purposes
• We will retain anonymised copies of your health information for research purposes
• Please note: we have no control over the data our partners hold in their data sets.  If you’d like to be removed from those datasets too, please contact our partners directly (details below)

How to reach our data partners

• NHS – National data opt-out
• NHS (Previously PHE) – Cancer registry opt-out

 

What happens when you opt out of our partner data sets:

• Once your request has been processed, we will no longer receive your data from the relevant data partner(s)

Data Medli gathers from you

• User information (e.g. email, name, date of birth, geographic location)
• Patient information (when not the same as the user, e.g. name, date of birth, NHS number, geographic location)
• Medical information (e.g. condition details, appointments, medications)
• Patient-reported information (e.g. questionnaire responses, quality of life journals, tracker information, etc.)
• Full details are available on request

Data our partners provide about you

• NHSD
• Hospital Episode Statistics (brain tumour patients), 2016-2021
• Diagnostic Imaging Datasets, 2016-2021
• Civil Registration Dataset, 2016-2021
• NCRAS data (formerly from PHE), 2016-2021

Your GDPR rights

You are of course permitted to exercise any of your rights under GDPR.  In the context of Medli, these are:

• Right of access – request a copy of the data we hold on you
• Right of rectification – request that we correct or complete any data we hold on you
• Right to erasure – request we remove your data from our systems
• Right to restrict processing – request we temporarily prevent your data from being used in some circumstances
• Right to portability – request a copy of the data we hold on you in a standardised format
• Right to object to processing – request we stop processing your data, though this right is not absolute in all circumstances

In all instances, please contact us and we will address your request within 1 calendar month.