The Department of Health and Social Care published on 19/2/2019 its Code of Conduct for data-driven health and care technology.
Our response to the ten principles follows:
- Understand users, their needs and the context. askmyGP users are broadly two groups, patients and providers which includes all GP practice staff. Our design principles are for simplicity and ease of use, a difficult task when appealing to patients of all ages and abilities, both in general education and familiarity with online tools. We cater equally for proxies (parents and carers), all gender expressions, and keep language simple to help those with limited English. To assess our effectiveness we monitor age specific adoption by patients in each practice, and feedback from patients informs our development process.
- Define the outcome and how the technology will contribute to it. Our mission is to make it easier for patients to get help from their own GP, and easier for GPs to provide that help. We measure attainment against this outcome by volumes, response and completion times, and measures of efficiency through resolution mode by providers. We also collect and monitor patient feedback and present all measures to the provider organisations.
- Use data that is in line with appropriate guidelines for the purpose for which it is being used. We comply with all relevant legislation including GDPR, Data Protection Act 2018 and collect data only for necessary purposes. Personal data is processed on behalf of providers (the data controllers), stored and transmitted encrypted and over the secure N3/HSCN network. Anonymous data may be used for research and marketing purposes as allowed under the same principles.
- Be fair, transparent and accountable about what data is being used. All data is used in accordance with Caldicott principles, and the conditions are agreed by patients and providers.
- Make use of open standards. We support the use of open standards and wherever technically possible provide open links to others for legitimate interoperability reasons. We use standard NHS number coding for any authorised data transfers.
- Be transparent about the limitations of the data used and algorithms deployed. We collect and transmit plain text and other file formats between patients and providers, but we do not use algorithms to produce triage decisions or advice to patients.
- Show what type of algorithm is being developed or deployed, the ethical examination of how the data is used, how its performance will be validated and how it will be integrated into health and care provision. We do not develop algorithms. We do offer a third party service with Isabel Healthcare, which uses a machine learning approach. Our users may enter any number of symptoms, and be shown a range of possible conditions.
- Generate evidence of effectiveness for the intended use and value for money. Integral to our offer to all customers is standard reporting on usage, patient service, timeliness and efficiency through the use of askmyGP. We provide an economic model (Loadmaster), configurable by each customer, which demonstrates their value for money. We also conduct our own analysis of performance and value and may publish on this site and in other media from time to time.
- Make security integral to the design. From the outset of design, security has been built into askmyGP. Key features include:
- N3/HSCN access required for all live patient data by providers.
- Encryption of all patient data in transit and at rest
- Strength checked passwords required for all users.
- Separate code and database for live and demo systems
- Independent penetration testing and fulfillment of all comments raised.
- Define the commercial strategy. Our strategy is that self-funding customers should see a high rate of return from their investment, and do so from the date of launch (typically four weeks from engagement). Growth is therefore not dependent on taxpayer funding, but on efficiency and financial savings generated through the use of our services.
Harry Longman, 21 February 2019