Bradford Teaching Hospitals NHS Foundation Trust logo

Digital patient consent

Safe, reliable, efficient and secure
digital patient consent

Transforming the way in which patients and staff consent for a procedure or operation

Watch our animation to understand why

Mother and child
Lady in purple

I have some questions about digital patient consent itself

Data is entered into the digital consent application by a doctor or an appropriately qualified healthcare professional. They modify the consent information to meet the needs of the individual patient and then either share it with the patient immediately or send it to them to via email or text message to review later. After reviewing the information provided, the patient can document their consent to the proposed treatment or ask their healthcare professional for further information.

The Google Cloud Platform (GCP) is used for all hosting and data processing, within a data centre in the UK. GCP is compliant with all healthcare information governance requirements. Once the consent episode is completed, a pdf version of the consent form is automatically transferred into the Trust’s Electronic Patient Record (EPR) systems.

All data is protected following industry best practice with regard to access controls and encryption.

The Trust manages clinician’s access and password strengths rules are enforced. Patients are sent an email with a unique link and enter their date of birth in order to verify their identity. All data is stored using leading encryption methods and is transferred securely.

The data will only ever be used by BTHFT to manage the consent process as part of your treatment. It will not be used for any other purposes, such as research or population health management, unless we contact you and specifically ask for permission to do so.

Provided your consent has been shared with you by the clinician in charge of your care, you can sign your consent via your smartphone or computer at home if you have access to the internet by using your finger or with an accessory which is capable of capturing an electronic signature.

Yes. Our process remains the same. If you are a parent, guardian, person with legal responsibility for another, you will still be able to sign on behalf of the patient. For more information you can discuss this further with your clinician.

I’ve got some issues or want to change my mind and need help

The most common reason is when the communication is for a family member who we have your mobile phone number or email address for (e.g. a child) you need to use their date of birth to verify and not your own. Try this first. If you still cannot log in with your details, please contact our Central Patient Booking Service on 01274 274 274 to check we have your most up to date information. (8.30am – 5pm, Monday – Friday).

Your text message will be addressed from “Concentric”.

It will read ‘Dear [Name]’ and will provide a secure, randomly generated link which you can only open with the date of birth which you have confirmed with BTHFT.

Your email message will be addressed from “Bradford Teaching Hospitals NHS Foundation Trust (via Concentric) notifications@concentric.health

It will be titled “Important information about your upcoming treatment”.

It will include the BTHFT NHS logo and will read ‘Dear [Name]’

The ‘View my information link’ will only be accessible by using the date of birth you have confirmed with BTHFT.

No, this service is free to our patients.

Please contact Information.Governance@bthft.nhs.uk

Paper consents will still be available for a while and you can discuss this with the clinician in charge of your care at the time.

Yes, your consent can be revoked if you wish. You should contact your consultant’s Medical Secretary to raise your concerns and they will liaise with the clinician in charge of your care.

More about the organisation that is running digital patient consent

Concentric Health are a UK based company with headquarters in Cardiff, Wales.

Concentric Health Ltd.

Registration number: 10733991.

Address:
Concentric Health
sbarc | spark
Maindy Road
Cardiff
CF24 4HQ

You can find out more information on the Concentric website.

You may be contacted electronically after you have signed your consent in order to complete a short survey in regards to your experience of the consent process. By completing this survey you are contributing to the potential improvement of our consent services, however it is entirely your choice if you wish to complete this survey or not. Whilst currently you can’t opt out of receiving the survey, you can opt out completing it.

You may receive genuine communication from your clinician via Concentric, either as an email from the email address notifications@concentric.health or a text from a mobile contact named ‘Concentric’.

As an organisation which is only a data processor, not a data controller, there is no expectation to be registered with the Information Commissioner (ICO).

GDPR and data protection legislation defines different types of data. This systems uses your ‘Personal data’ which is data that can be used to directly identify someone and ‘Special category data’ which is sensitive data that usually requires more protection.

The following personal data is processed: title, given name, family name, date of birth, gender, patient identification number (e.g. NHS number), mobile phone number and email address. This data is required for clinical safety purposes, as (with the exception of email address) it needs to be displayed on-screen during all clinical interactions. It is best practice to share consent information with patients, and therefore an email address and mobile phone number is stored to allow communication of the consent process.

The following special category data, i.e. data relating to health, is also processed: name of treatment, indication and purpose of treatment, alternatives and risks discussed, and name and job title of clinicians who have been involved in providing care. This information is required as it is documented on the consent form.

Under the General Data Protection Regulation (GDPR), organisations can only process personal data if there is a lawful basis for doing so. Where Concentric is used, BTHFT is the data controller, and Concentric Health is the data processor for the Trust.

The legal basis for processing is that of ‘direct care’. Healthcare organisations have a requirement to receive and record procedural consent as part of providing care. The contract between the healthcare organisation and Concentric Health to deliver a digital consent platform provides Concentric Health’s ‘direct care’ legal basis for processing.

Hear from the users of digital patient consent

A consultant’s perspective

A patient’s perspective

How are we rolling this out across the Trust?

After a successful proof of concept was carried out, the project team are now engaging with further specialties to deliver this change to more patients and colleagues.

Departments currently using digital patient consent:

  • Pain Management Centre 
  • Yorkshire Auditory Implant Service 
  • Orthopaedics – Hands and Shoulder
  • General Surgery –  Laparoscopic cholecystectomy

Departments next in the pipeline for digital patient consent:

  • Orthopaedics – all other treatments
  • ENT
  • Women’s and Children’s services
  • General Surgery 
  • Orthodontics
  • Radiology
  • Maxillofacial
  • Endoscopy
  • Ophthalmology

Who are the team?

The work is being led by a small team within BTHFT’s Informatics Projects team, in partnership with clinical and technical colleagues and the application provider, Concentric.