The privacy and security of your personal information and the personal information of patients are of utmost importance to us. This Privacy Notice explains how we collect, use, and protect personal information when you and your patient’s consent to the recording of consultations for the purpose of medical education.
Clinitalk is dedicated to helping patients through improvements in the training of health professionals.
The purpose of our data collection is the provision of post consultation feedback to health professionals and the improvement of medical education. We provide information to health professionals about their consultation skills to help them reflect upon and develop their skills and capitalise on their learning opportunities.
Once explicit consent has been obtained for consultation analysis, data is collected by secure and encrypted audio recording. Recordings are accessible to the health professional and their mentor and cannot be accessed by Clinitalk itself or third parties. All encrypted recordings are deleted after 21 days or earlier if deleted by the user. Our terms require a user to delete an audio record if requested to do so by a patient. No patient demographic details are collected, excluding those incidentally surfacing as part of the consultation audio. A user’s (healthcare professional) demographic, professional and personal details may be stored during the registration process for the purpose of creating a user account and serving up relevant consulting feedback. Data collected includes GMC number, email, ethnicity, prior exam attempts, country of graduation, sex.
We will process data on the basis of explicit consent which means a user may not record a consultation without asking and receiving for permission to do so. Patients have the right to withdraw consent at any time. Upon being informed of a withdrawal of consent the relevant consultation data must be deleted
We retain encrypted audio and transcripts for a period of up to 21 days. We adhere to all UK laws and regulations regarding the processing and storage of data.
Recordings are accessible to the health professional and their professional mentor and cannot be accessed by Clinitalk itself or third parties.
We take appropriate measures to protect your personal data which include technical, physical and administrative safeguards to prevent unauthorised access. Your data remains encrypted during transit and storage and is deleted within 21 days.
Before processing, we ask users to ensure that no personal identifiers, such as names or dates of birth, have been recorded. Once confirmed, we proceed with data processing, which complies with UK GDPR regulations and is governed by UK law under jurisdiction of the UK courts. Processing takes only seconds and includes an automated redaction to remove any personal identifiers from the transcript. Following processing, data held by the processor is irretrievably deleted. Data is processed by Clinitalk in the UK and our sub-processor Assembly AI (Ireland), in accordance with GDPR standards and best practice.
OpenAI api a second sub processor is used to process anonymised data and as such is not provided with data containing patient identifiable information such as name, date of birth, dates or addresses, time of recording or location. The OpenAI data sharing agreement incorporates the standard GDPR regulation binding contract clauses supervised under UK law. OpenAI processing is based in Ireland and the US. Clinitalk has requested data to be processed in Ireland. OpenAI is certified compliant with CSA STAR, SOC2,SOC3 GDPR. Clinitalk’s servers are managed by Microsoft Azure which has been certified against the following security standards ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, FedRAMP, HITRUST, MTCS, IRAP, and ENS.
You have the following rights to your data.
Access: You can request access to the personal information we hold about you.
Correction: You can request corrections to any inaccuracies in your personal information.
Erasure: You can request the deletion of your personal information under certain circumstances.
Data Portability: You can request to receive your personal information in a structured, commonly used, and machine-readable format.
Withdrawal of Consent: You can withdraw your consent for the recording of your consultations.
If you have any questions, concerns, or requests related to your personal information or this Privacy Notice, please contact us at: info@clinitalk.co.uk
We may update this Privacy Notice from time to time to reflect changes in our practices or for legal and regulatory reasons. Please review this notice periodically for any updates.
