GDPR comes into force on 25th May 2018. If you are lucky enough to have missed the excitement so far, this is a profound new EU regulation which greatly strengthens the rules around handling personal data – not just patient data, but any information relating to an identifiable person including consultants and other staff.
If you upload data to Gooroo Planner, or prepare data which will be uploaded, then this will affect you. We are getting ready now, so as to minimise any disruption to your work when GDPR comes into force. Most importantly:
From 16th February 2018 we will no longer allow any personal data (including consultants’ names, initials or GMC numbers) to be uploaded to Gooroo Planner (though properly pseudonymised data will be allowed).
If you really don’t like pseudonymised data and want to continue uploading personal data, then that is possible but we would need to make formal contractual arrangements in advance.
Apologies for the rather stern tone of all this, but the aims of the regulation are good and the penalties for non-compliance are severe (€20 million), so we are keen to get this right. We will also be amending our terms and conditions to reflect GDPR.
Patient identifiable data
We have never permitted the uploading of patient identifiable data to Gooroo Planner, and this will not change with GDPR. However it would be worth checking your data queries now, to make sure there is no possibility of uploading the personal data of patients or their relatives by mistake.
The data field you should particularly check is the ToolTip in the patient-level waiting list snapshot.
If you only populate the ToolTip with well-structured data (such as the code and associated description of the intended surgical procedure) then things should be fine. But mistakes might happen if you included any free text, such as the booking history, because those fields could contain things like relatives’ names and phone numbers.
We therefore recommend that free text fields should not be used when populating the ToolTip.
Clinician identifiable data
In the past we have permitted the uploading of clinicians’ names, so long as your organisation allows it – indeed some Gooroo Planner fields are intended for this. However this cannot continue under GDPR (unless your organisation signs a contract with us to define how we should process personal data).
The reason is that GDPR is particularly strict about the automated analysis of someone’s performance at work. This could include the use of Gooroo Planner to analyse and predict a named consultant’s productivity.
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work…
So we have worked out a transition process that helps both you and us to comply with GDPR, with the minimum disruption to your work as you use Gooroo Planner.
- From 16th February 2018, we will not allow any personal data to be uploaded to Gooroo Planner (including clinicians’ names, initials, or GMC numbers).
- In mid May 2018, we will clear fields that might contain personal data from datasets and associated reports that were uploaded before 16th February (by which time the data will be at least 3 months old).
This should ensure that no personal data remains on the system, and avoids changing anything you are likely to be working on as GDPR comes into force.
Subject to your organisation’s information governance policies, pseudonymised data may continue to be uploaded so long as it is done properly and people cannot be re-identified outside your organisation.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, [or] an identification number…
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
You should therefore check your data queries now to ensure that personal data will not be included in any files intended for upload to Gooroo Planner from 16th February 2018. There is of course no harm in implementing this change before 16th February.
You should particularly check these Gooroo Planner fields which are most likely to contain personal data:
- Statistical data: HeadCons
- Patient-level activity: HeadCons, BedAdmitCons, BedDischargeCons, TheatreSeniorSurgeon, TheatreOperatingSurgeon, TheatreAssistingSurgeon, TheatreSeniorAnae, ClinicID, ClinicSessionID, ClinicSeniorClinician, ClinicMainClinician
- Patient-level additions: HeadCons
- Patient-level waiting list snapshot: HeadCons, ToolTip
(Further details on these fields can be found in the Gooroo Planner documentation)
User details
We also hold within Gooroo Planner the email addresses of people who have registered as users of our website, and (as you know) these email addresses are used as usernames for logging in. We also hold user’s first and last names, and (if they provided it) other things like their job title and employer’s name.
We are planning to automatically delete these details when they are no longer in use, following this timetable:
- One year after a user’s last login, their account will be marked inactive, and their Gooroo Planner data (datasets, reports etc) will be moved into their Trash. We have chosen one year because it is the duration of a typical Gooroo Planner licence.
- If the user takes no action to restore their account, then three months later all their details and data (which by then will be at least 15 months old) will be permanently deleted.
- They can of course return to Gooroo at any time, by re-registering on our website.
What do you think?
I hope you agree that this is a sensible way forward, but if you have any concerns then please email us.