Data Security and Privacy

OVERVIEW

In this section we outline the data processes that happen as part of BOOST and explain what data will be collected and what happens to that data.

Data security and confidentiality are a priority for BOOST.

As well as the data security processes we outline below, BOOST will log you out automatically after 20 minutes of inactivity.

We also recommend:

  • logging out whenever you have finished working on BOOST
  • keeping your BOOST username and password in a secure place
  • not sharing any unnecessary personal information or contact details with your facilitator via your notes or online messages (this is explained in more detail below)

Device security

Your security and privacy on BOOST depend on the device you use to access the website. To ensure maximum security, we recommend you keep your software up-to-date, choose strong passwords which are not easy to guess, use security protection software and avoid unsecured public internet connections.

Who developed BOOST?

BOOST was developed by a team of researchers at King’s College London University. BOOST at King’s College London works in partnership with:

  1. The NHS – a healthcare professional may have referred you to BOOST.
  2. Crohn’s and Colitis UK – you may have found out about BOOST through the charity website.
  3. SPIKA – a software development company who programmed BOOST. SPIKA hosts and maintains the website. SPIKA meets NHS Digital standards for privacy, confidentiality and security.

PERSONAL DATA

What personal data/information will BOOST ask me for?

BOOST is a website. So that you can use BOOST, we need you to register with an email address. BOOST is part of a research study. This means that we also need to ask for the following information:

  1. Your name
  2. Your date of birth
  3. Your NHS number
  4. Your address
  5. Your telephone number
  6. Your gender

Why does BOOST need to collect this personal information?

Because BOOST is part of a research study, the research team needs accurate and up-to-date information. Collecting this information means that your healthcare team can monitor your progress. They are able to contact you to provide you with extra support either by email, the BOOST in-site messaging service or over the telephone.

Where are my data kept?

The BOOST website is hosted by SPIKA. This means that the data collected by BOOST is held on a database managed by SPIKA. This database is located in a securely protected and approved provider cloud solution. When you register for BOOST you are assigned an anonymous BOOST ID which is stored with your data. Additionally, because your data is confidential, the data that BOOST collects is held in an encrypted state.

Who can access my personal information?

We have to follow strict privacy, confidentiality, and online security procedures.

Your personal information will only ever be accessed by the research team. BOOST will never share your information with other parties without your written consent. For example, if access is needed to your BOOST account due to a technical error we will ask for your written consent for a member of the technical team to do this.

Does BOOST collect other information about me?

To help the team at King’s College London improve the website, BOOST collects information about your usage of BOOST. I.e. the length of time you spend logged into BOOST. The information collected will never be used in conjunction with your name or data that could personally identify you.

Does BOOST share my information with anyone else?

If you have a technical problem or question and you submit a question/concern via the Contact Us page, then King’s College London will receive the following information

  1. Your email address
  2. Information you type in your message

In order to solve a technical problem, support from the SPIKA software team who programmed BOOST may be needed. We will never share your information with SPIKA or ask them to look into the problem without gaining your informed consent first.

BOOST will never share your personal information with anyone without your consent.

Links

Some sessions may contain links to other websites which are owned, operated or maintained by third parties. If you click on a third-party link, you will be directed to that website in a new tab. We provide these links as helpful sources of further information, not as an endorsement, authorisation or representation of our affiliation with that third party, nor as an endorsement of their privacy or information security policies or practices. We do not have control over third party websites and we do not have control over their privacy policies and terms of use.

Who can see what I write in BOOST?

When you join BOOST, you will be linked with a facilitator. Your facilitator is a qualified healthcare professional who will provide you with support during your time on the programme by online messaging. Your facilitator will be able to see your personal details, including name, date of birth, phone number and email address.

In order to ensure that their support is relevant and specific to you, and to ensure your wellbeing, your facilitator will be able to see your progress on the website, i.e. which sessions you have completed. They will also be able to see your goals and tasks. Additionally, they are able to see the notes you make in the Notes page, as this can help structure their support. However, if you would like to, you can choose for the content in the notes to be hidden from your facilitator.

For supervision purposes, a supervisor will be able to review your online messages with your facilitator. The content of these messages will be kept confidential at all times.

The BOOST Team at King’s College London

Chief Investigator for IBD BOOST: Professor Christine Norton

Intervention development lead: Professor Rona Moss-Morris

Data Protection Officer at King’s College London: Albert Chan

The legal bits

Information collected by BOOST will be in line with the General Data Protection Regulation (2018). Our lawful basis for collecting this information includes:

  1. Function of a public task
  2. Vital interest
  3. Legitimate interest
  4. Consent

Your rights

Your personal data will be processed in accordance with your rights under data protection legislation.

Your rights are:

  1. right to be informed
  2. right to gain access to your data
  3. right of rectification (e.g. change inaccurate information)
  4. right to erasure (e.g. to delete records held about you on the BOOST platform)
  5. right to restriction (e.g. to stop processing information about you)
  6. right to portability (e.g. to move or transfer your data)
  7. right to object (e.g. to change your mind)
  8. right not to be subject to automatic profiling or decision making (e.g. to know if a decision was made by a computer rather than a person)

Cookies

The BOOST website does not use marketing cookies. This means that your browsing information is not used for advertising or commercial purposes. The BOOST website does use one type of cookie – this is an essential cookie which is used to make sure you get a consistent user experience. It is required for the website to maintain where you are up to in the programme. It also means it can show you personalised information when you are signed in.

SUMMARY

Your personal information will be managed and shared in line with the General Data Protection Regulations (2018) and common law duty of confidentiality.

  1. BOOST will ask for personal information. This information will be stored in line with NHS Digital data privacy and security standards.
  2. BOOST is developed by King’s College London and owned by London North West Healthcare NHS Trust.
  3. BOOST will collect anonymous information about the length of time spent logged in to BOOST, number of online sessions completed, and number of online messages sent. This information will be used by King’s College London to improve the BOOST website.
  4. Filling in the BOOST contact us form, means your email address and typed message will be seen by the King’s College London team.
  5. If you experience a technical problem, the BOOST team at King’s College London will respond to your concern and gain your consent for the web-developers of BOOST to access your information.

If you have any concerns or further questions, please contact the BOOST team using the form which you can find in the Contact Us page.

You can find more tips for staying safe online at www.cyberaware.gov.uk.

The following video also provides a useful overview of patient data - vimeo.com/264239790