This policy is updated from time to time. The latest version is published on this web page. This policy was last updated on 5 May 2017.
If you have any questions about this policy, please send them by email using the Contact address at the foot of the page.
The purpose of the Collegium system is to facilitate case discussions between registered users. These users are healthcare professionals, usually medical practitioners. Account registration is controlled by the manager of the appropriate telemedicine network.
In the course of providing telemedicine services through the web site, we gather certain information about people, i.e. healthcare staff and their patients. We also collect some limited information to better understand how registered account-holders use the website, in order to improve its functionality and performance.
What data we gather
If you create an account, you or your network manager will provide us with certain information that can be used to identify you, such as your name, email address and phone number (“Personally Identifiable Information” or PII). We may also collect non-identifying demographic information (such as your gender, city and country of residence, brief details of professional qualifications). This is not considered PII because it cannot be used by itself to identify you.
When initiating a case discussion, registered users may collect the following information about their patients:
- name or hospital ID number
- age and sex
- location of the Hospital/Clinic where the patient is being treated.
In addition to the above, certain privacy-relevant Android permissions are requested by the Collegium app. These include:
- CAMERA. This permission allows the application to upload images or video chosen by the user in order for them to form part of a case discussion
- STORAGE. This permission allows the application to store encrypted data for the user's cases.
Other permissions, such as CALENDAR, CONTACTS, LOCATION, MICROPHONE, PHONE, SENSORS, SMS, are not used by the app. The app does not collect precise real-time information about the location of your mobile device.
Modifying your Personal Information
Registered users can access their PII and can modify certain data items, such as their email addresses. Other information in the user profile can be modified by the network manager.
If you cease to use the system, e.g. because your job changes, your network manager will inactivate your account. For reasons of medical audit, your past case discussions must be maintained, but logging into your account will be disabled and no further case discussion will be possible.
How we use this data
Collecting this data allows the network manager(s) to provide a telemedicine service based on expertise that is carefully tailored to the patient's environment. For similar reasons, other registered users may view your profile information.
The data also help us understand how well the service is working, as part of a continuing improvement programme, i.e. quality assurance. Specifically, we may use the data:
- for our own internal records
- to improve the services we provide, e.g. by conducting research
- to contact you via email for research reasons
- to contact you in response to a specific enquiry, e.g. about a telemedicine case
- to customise the website for you
- to send you information that we think might be relevant to you.
We do not provide personally-identifiable information to third parties. We may provide aggregated data (non-personally-identifiable information) to healthcare or academic organisations, but only for research purposes.
Cookies and how we use them
What is a cookie?
A cookie is a small file placed on your computer's hard drive. It enables our website to identify your computer as you view different pages on our website. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
- analyse our web traffic using an analytics package. Aggregated usage data help us to improve the website structure, design, content and functions
- identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site
- test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content
- store information about your preferences. The website can then present you with information you will find more relevant, e.g. by storing your language preference, the user interface will appear automatically in that language
- recognise when you return to our website. We may show your relevant content, or provide functionality you used previously.
Cookies do not provide us with access to your computer or any information about you, other than that which you have already chosen to share with us.
Sharing your data
We will not lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to. Specifically, we will not share your data with other apps, resellers, social networks or advertisers. Any personal information that we hold about you is stored and processed under our data protection policy, in line with the UK Data Protection Act 1998.
We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. We also follow stringent procedures to ensure that we work with all personal data in line with the UK Data Protection Act 1998.
How we protect your information
We take protecting your information seriously and have appropriate physical and technological security measures in place to keep it safe. All of the forms which gather or display personal information on our site are protected by a mechanism called Secure Socket Layer (SSL). This provides a secure, encrypted connection between internet browsers and websites, allowing you to transmit private data online. Firewalls are used to block unauthorised access to our servers, which are themselves located in a secure location. Within our organisation, we restrict access to personal information. Only employees who need the information in order to do their jobs have access to it.
The data stored in the CT system represent patient-identifiable information. Legislation about the length of time that such data must be stored varies around the world, and also varies depending on the patient's age. To be on the safe side, the data in the CT system are archived onto storage media with a 30-year guaranteed lifetime.
We take a lot of time and trouble (and expense) to ensure that data security is as good as reasonably practicable. We believe that the security is better than is required by the HIPAA legislation in the US, for example.
Links from our site
Our website contains a small number of links to other websites. Please note that we have no control of websites outside the Collegium domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy.
Always be wary when submitting data to websites. Read the site’s data protection and privacy policies carefully.