NUSGRA GDPR / Data Protection Policy
NUSGRA is a trading name of Adnaan Qureshi Medical LTD, a UK Registered Company (09291985). SMS Follow Up Service is a web based product which is available to NHS Organisations to purchase. It allows healthcare staff to provide information to, and collect information from NHS patients.
In order to provide the SMS Follow Up service, NUSGRA will require personal and/or sensitive information about patients from NHS Organisations purchasing this facility. The purchasing NHS Organisation is responsible for ensuring consent has been obtained from every patient prior to entering their data into the secure patient entry portal.
This patient data will be provided to NUSGRA by designated individuals within NHS Organisations who are in possession of the relevant username and password to access that Organisation’s patient entry portal. These credentials will be supplied by NUSGRA to a verified representative of the purchasing NHS Organisation, and it is the responsibility of this NHS Organisation to protect these credentials and control access to them.
Data provided by NHS Organisations via the secure portal will only be used to carry out the service(s) we have been instructed to provide by the purchasing NHS Organisation.
This data will be shared with one approved third party organisation (ClickSend, Registered office Melbourne, Australia) for the sole technical purpose of distributing SMS messages to patients in alignment with the specified requirements of the purchasing NHS Organisation. Telephone Number and Message Text data are both stored for 4 months for accounting and billing purposes in line with GDPR. Full GDPR policy is available at www.clicksend.com. No sensitive information is shared with the SMS provider.
NUSGRA will store patient response data fully encrypted online at www.nusgra.co.uk (hosted by Ionos, Registered office Gloucester, UK). This site is also secured with SSL encryption and employs other safeguards against unauthorised access. Encrypted patient response data is subject to automated cloud based backup. Patient data at NUSGRA will be destroyed (permanently deleted) after a time period to be agreed with the purchasing organisation. This will be in keeping with NHS Medical Records guidance.
Administrative access to this data is limited to one individual at NUSGRA (the registered Data Controller “Dr A Qureshi”). NUSGRA will never access patient response data belonging to purchasing NHS Organisations unless in exceptional circumstances, such as technical failure and only at the formal request of the NHS Organisation in question.
NHS Organisations can access their own patient response data freely via a unique and secure URL provided by NUSGRA at the time of provision of the SMS Follow Up Services. Once data has been downloaded by the employing NHS Organisation, the security of that data is the responsibility of the NHS Organisation. Purchasing organisations will be under obligation to handle any downloaded patient data in line with Caldicott and NHS regulations.
Patient data will never be sold, or used for any purposes other than those of the primary objective of collecting patient feedback data. Patient data will never be provided to private companies under any circumstances, including for marketing purposes.
Patients may make written requests to NUSGRA to view, edit or remove their personal data under certain circumstances. This can only be done if we hold personally identifiable data.