Who we are?
MyWay Digital Health Ltd (MWDH Ltd) is a medical software company, founded by NHS specialists in diabetes and healthcare management, responsible for the MyWay Clinical (MWC) service.
What data do we collect?
For MWC Users, registered on the system, we may collect data relating to you and how you may use the site (basic user details) and data about your diabetes patients. The data we collect could include demographic and medical data relating to your patients’ diabetes condition, i.e.: name; address; contact details; IP address; date of birth; height; weight; GP practice; type of diabetes; blood pressure; laboratory test results; smoking status; eye and foot screening info; goals; appointment data; and medication. We store any data input directly by patients (e.g.: blood glucose readings, goals, text added to the eLearning chat forum). In addition, general auditable information and bug reporting data are also collected to help improve the service we offer and to fulfil user governance requirements.
How do we collect data?
We collect data and process data about all patients in your area who have diabetes, which may be collected from primary and secondary care IT systems or through data input via the MWC system. If the MyWay Diabetes (MWD) patient-facing app has been commissioned alongside MWC, we may collect additional data when your patients register online for any of our products or services and use or view our website via their cookies. Patients may also contribute data to the platform via forms and automatic upload connects with remote monitoring devices.
Any automated data collection, from healthcare systems and other third parties, is only permitted via a valid data sharing agreement. Data quality from these systems is therefore dependent on the source data being accurate.
Patients are advised not to expect any automated feedback from health care professionals in relation to any data submitted via the MWD system unless they specifically request and agree this with someone from their healthcare team. Please also refer to the MWD Terms and Conditions for further information about our patient-facing services.
How will we use or share data?
The MWC service focuses on holistic diabetes management in conjunction with the MWD service offered to patients, where commissioned. MWC is only available to Clinicians who have been signed up to use the service.
We collect data in order to manage your account, giving you secure access to patient medical records and allowing you to view or generate reports of aggregate population data to allow feedback on the quality of care delivery (KPI performance) and population risk.
We collect and process information about your patients only where we have the legal basis for doing so under applicable EU/UK laws, which is dependent on the services used and how they are used.
For Clinicians, this means we collect and share information for the following purposes:
- to provide the services and to protect the safety & security of the services. Clinician and Patient data may be used to help improve the products and services MWDH offer, for service evaluation and audit, and for more general feature improvements such as machine learning functionality. We may pass non-identifiable data to third parties.
- if it satisfies a legitimate interest (which is not overridden by your data protection interests), such as in providing key medical care, for research and development, to market and promote the services, and to protect our legal rights and interests. Note, we may need to process your data to comply with a legal obligation.
- for a specific purpose not listed within this policy, where you have given us consent to do so. For example, we may publish testimonials or featured customer stories to promote our services, with your permission.
- to protect your vital interests or to protect the public interest. For example, we share data and feedback with local healthcare teams (eg: to improve structured education offerings) and anonymised data may be used for regional and national quality reporting.
How do we store data?
We take data security very seriously. Any data elements we store are held in a secure data centre managed by a reliable hosting provider. Our current provider is ISO 27001 accredited and CyberEssentials Plus certified, partnering closely with MWDH in ensuring we comply with GDPR and the Data Protection Act. MWDH also have supporting policies and procedures which cover physical and technical security measures which address our approach to information risk management. Data is encrypted while being sent from the service to your device as per standard encryption for data transfers over the internet.
We will retain data for as long as the MWC service, in your region, is being funded. Upon termination of funding all data will be securely and completely destroyed. Given current volumes, the process to delete any personal data is documented and manually erased or scrubbed in accordance with ISO27001 standards.
MWDH have implemented controls to ensure that regulatory obligations regarding data protection are followed, documented, and results logged. In the unlikely event of a data breach, we will assess the risk and where appropriate, notify the competent supervisory authority (in the UK, this is the ICO) within 72 hours. If the risk assessment indicates a high risk for you or your patients, we would also communicate any breach of personal data directly. Specific procedures for the management of security incidents and breach monitoring are in place.
The data presented on the system will reflect the data either input by system users or data that has come from integrations with another IT/ EMR lab system. MWDH cannot, therefore, be responsible for the accuracy or inaccuracy of the data and clinicians should use discretion, and make additional checks, if any data does not look accurate or is deemed incomplete.
MWC will deliver decision support, advice, and alerts aligned with national guideline recommendations, based on the data available to the MWC system. Again, if the data is inaccurate or incomplete then the advice or notifications may not be accurate. Clinicians should always interpret any advice in the context of the whole patient scenario and in the knowledge of factors/data not available to the MWC system.
Any alerting or advice is only there to be suggestive and clinicians should make their own final clinical decision taking into account all information available to them.
The above caveats apply to both data analytics insights, shown at individual and population levels.
MWDH adhere to DCB0129 and DCB0160 standards, relating to clinical risk management requirements, as manufacturers of health IT system. Details of our internal Clinical Risk Management processes can be shared on request.
We use basic cookies in a range of ways to improve your experience on our website, including:
- Keeping you signed in and remembering certain information, so you do not have to repeatedly enter the same details.
For clarity, the different types of cookies our website uses are:
- Forms related cookies – when you submit data through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
If you are unsure whether you need cookies or not it’s usually safer to leave them enabled in case it does interact with one of the features, you use on our site.