PRIVACY POLICY FOR ALPHA MD

Welcome to ALPHA MD

This page explains how and why we use your personal information, what your rights are and how you can exercise your rights in relation to this use of your personal information.
We provide this information so that you can decide whether or not to create your ALPHA MD Health Account, through which you can share your information with the professionals who provide your care and make some decisions about how they share your personal information.
We are committed to protecting the privacy and security of our users. This Privacy Policy explains how we collect, use, and disclose your personal information when you use our mobile application called Alpha MD Health.
Alpha MD Health App’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.


1. The terms we use
• “You” This means you, the user and the person controlling who can see or share their record
• “ALPHA MD Account” is the online account that shows you your personal health information shared by your care providers and gives you some control over who can see it, including what you may choose to add about yourself
• “ALPHA MD Record” is the information about you provided by your care providers and is shared between themselves to provide you with safe care before you create your ALPHA MD Account
• “Patient Contributed Data” means the information you add to your ALPHA MD Account and choose to make visible to professionals providing your care and anyone else you choose
• “Provider Contributed Data” means the information professionals have recorded and shared between themselves through the ALPHA MD Record and with you in your ALPHA MD Account
• “The Service” is the IT platform and software ALPHA MD use to provide your online ALPHA MD Account and ALPHA MD Record
• “Carers” are friends, family or anyone you choose to give access to your ALPHA MD Account
• “Professionals” are the people working for organisations who have been given access to ALPHA MD Records because they help to deliver your care. These people have had their identity and qualifications verified, for example, doctors and nurses, and have been trained in handling confidential patient information
• “Organisations” are customers of ALPHA MD that have information about you and that you can choose to trust to see your records, for example, hospitals or GPs.
• “Encryption” is a method of securing your information so that only those with the correct credentials can access it


2. Types of ALPHA MD Service Users
As well as patients, the ALPHA MD Service can be used by three other types of users:
1. Carers
2. Professionals
3. Organisations

Information on these roles is found in the ALPHA HEALTH manual:https://manual.alphahealth/alphamd.com/

3. Purpose of ALPHA MD
We aim to bring you your health records from anywhere, and for you to control who sees these records.
After creating your ALPHA MD Account, you can decide who can see what, e.g., you may want your doctor to see everything but your family to only see your general health. You can also ask others to decide on your behalf, e.g., your doctor can share with other doctors for you. If an Organisation has information about you, the Organisation can send that information via ALPHA MD to you, e.g., automatically sending discharge letters to your ALPHA MD Account.
The ALPHA MD Service will search other databases to show you information that may be relevant to you. You decide how to make use of this information, e.g., if we tell you about a clinical trial, you decide whether or not to take part. Your information is not shared with anyone until you decide.

4. Information disclosure and further use We do not use or disclose your information to anyone except as described in this Privacy Notice.
If you send us a request for help (details below) you are likely to tell us your name and email address. We will only use this information to provide the help you have requested.
ALPHA MD may further use your information:
• To provide you with important information about the Service, such as updates and notifications (e.g., changes in this privacy notice)
• To send you the ALPHA MD email newsletter (if you have chosen to receive it)
• To identify your age and location to help determine whether you meet the criteria for an ALPHA MD Account
ALPHA MD may contract companies to provide services on our behalf, such as our support desk or to answer queries about the Service. We give those organisations access only to the minimum personal information to help you with your queries, such as your IP address (your computer’s location) or e-mail address. They are bound by a contract and a duty of confidentiality. These companies cannot access your health information, which is encrypted.

5. Confidentiality
ALPHA MD fulfils its duty of confidentiality through clauses in employment contracts, corporate policies covering confidentiality and security, providing ongoing training to all employees and requiring the same of any company we contract to support us.
Please ensure when providing information about other people, for example, including Personal Data about a family member, that you have permission to do so.

6. Can I delete or hide my ALPHA MD account if I change my mind? This is a complex area of data protection law. In general, to comply with the legal obligations of Professionals and Organisations in maintaining accurate health records, the following occurs:
• ALPHA MD does not delete ALPHA HEALTH Records unless an Organisation asks, normally 8 years after it was last accessed by the Organisation
• Where an Organisation ceases the contract with ALPHA MD, unregistered ALPHA MD Records that have not been accessed by an Organisation will be deleted within 30 days of contract cessation
• Where an Organisation ceases the contract with ALPHA MD, registered ALPHA MD Records will be retained or deleted at the discretion of the Organisation. Where ALPHA MD Records are retained, a retention-only contract will be established.
• ALPHA MD does not delete your ALPHA MD Account unless you ask, and then we can only delete information that you have added that has not been viewed by a Professional
We explain in more detail below:

ALPHA MD Accounts
Once you create an ALPHA MD Account, you are in control of who can access your record and what they can see. The law may override your wishes, e.g., a court order stipulates access by another individual or authority, or in other very rare exceptional circumstances.
You can edit or hide information you have added until it has been viewed by a health or social care professional. After a Professional has viewed information in your ALPHA MD Account it may be retained by the Organisation. In most cases, this retention period will typically be 8 years as outlined in the Records Management Code of Practice.
You cannot edit or hide information others have added. If you would like to change or hide information that has been added by an Organisation about you, for example, if it is incorrect, you must contact that Organisation to request this. All of your ALPHA MD health data is held securely and is encrypted in storage and in transit.

Children’s records
The only exception to the above function is for children’s records. Professionals have control to ensure the safety of the child’s care. Full control of your record is possible from 13 years old, except in special circumstances e.g., to protect your health.
ALPHA MD Records
Your ALPHA MD Record will only be deleted if the Organisations provide this instruction to ALPHA MD. This is because Professionals may make decisions about your care based on information in your ALPHA MD
Record. This is a similar case to your doctor maintaining records about you for the future safety of your care.
Typically, adult health records are deleted 8 years after last access by the Organisation, but ALPHA MD will only delete your record once an Organisation asks us to. Where multiple Organisations contribute to your ALPHA MD Record, each Organisation will need to provide a deletion instruction for data where they are a controller of e.g., Organisation A cannot request deletion of data contributed by Organisation B.
An organisation may provide a deletion instruction to ALPHA MD at any point during their contract. After the Service contract has ceased an Organisation may request the ALPHA MD Record to be deleted or retained (in line with the Records Management Code of Practice) within ALPHA MD or in a different system. Where the Organisation provides a retention instruction to ALPHA MD after the Service contract has ceased, a retention only contract will be established.

Emergency care
In an emergency, Professionals may override the limitation you have put on access to your information. This is called ‘Break the Glass’. When they do this, they must declare the reason they have for accessing your record. ALPHA MD records this action, and the Organisation reviews it. Break the Glass is only for emergencies when you may lack the capacity to consent (e.g., if you are unconscious) and when (in the Professional's clinical judgement) it is in your vital interest that the Professional sees your record.

Your rights
You may ask your Organisation to ‘Disable Sharing’ if you do not wish to share your record with any Professional, and to prevent Professionals from being able to Break the Glass. You should think carefully before asking for this and review your decision periodically. With Disable Sharing, Professionals can only see the information about you they have added to your record, and no other data from any other party. More information on Disable Sharing is available here

7. How is my information protected?
ALPHA MD is committed to protecting your privacy.
We cannot see your health record and have no direct control over your information. We store all of your information on secure servers and encrypt all of your information. Our security measures are tested at least annually to standards set by the UK National Cyber Security Centre.

8. Lawful Basis Organisation-contributed information (ALPHA MD Record)
To find out the legal bases for an Organisation that provided your information, you should check their privacy notice.

Organisations providing data are responsible for:
The quality of the information uploaded to ALPHA MD including ensuring the correct privacy labels are with the associated information
• Providing access to those in the Organisation who require it

Patient-contributed information (ALPHA MD Account)

Once you create your ALPHA MD Account, ALPHA MD is the controller for the information you contribute and relies on the following legal bases:

• Processing under legitimate interests. Processing occurs only after you have voluntarily registered and you have added information to your ALPHA MD Account. Your interests, rights and freedoms continue to be protected.
• Processing that is necessary for the provision of care. ALPHA MD ensures patient information is available to providers, relatives and/or carers to support the delivery of care, as well as assisting the patient to access care services.

ALPHA MD Data Protection Officer (DPO)

You can write to our DPO: dpo@alphamd.com

ALPHA MD Contact Routes

To contact ALPHA MD’s Support Team: https://www.alphamd.com/contact-us

Further information about ALPHA MD is available via our website:https://alphamd.com/

9. Agreement and Further Information
A Users continued use of the Service constitutes the Users agreement to this privacy notice. If you feel you need further information, please refer to The ALPHA MD Manual and the ALPHA MD Information Governance Wiki below or contact us through alphahealth.com/contact-us .