Effective: 10th May 2021
Privacy and information governance is at the forefront of our company.
This Privacy Notice explains how we handle personal information about our users in healthcare organisations, and how we handle personal information about the children under their care and their parents or guardians. This notice also contains information applicable to job candidates, employees, and contractors.
Elixir creates software to achieve a faster diagnosis for children and to improve communication between healthcare professionals and parents. We act as data processors for patient identifiable information on behalf of the healthcare organisation, who are data controllers, based on our data processing agreement.
This policy applies to our software, website and services. If you have any questions about this policy, please contact [email protected]
Who are we?
Our full company name is Elixir AI Ltd.
Our office is at 7 Florence Gardens, Manningtree, CO11 2FB
Company Registration Number is 1075526
ICO Registration Number is ZA803609
Our Data Protection Officer is Dr. Edward Cartwright.
You can contact our DPO via email: [email protected]
What personally identifiable information do we collect about you, and why?
As a healthcare professional
Healthcare professionals can create an Elixir account.
When you do so, we collect the following information about you, and link them to a unique identifier in our system:
Through the use of our software platforms, the following information will be collected from you when required:
Affiliated healthcare organisation
The content of communications with, or about, patients sent via our software
Data about the way you have used Elixir software, such as the functions you’ve used, and the devices and software you used to connect to our software
Contact phone number
We collect this data to provide you with software services that your organisation has agreed for us to provide to them, as governed by our Terms and Conditions and any contractual relationship we have in place with them. Elixir provides software services that act as a communications platform enabling you to communicate with patients directly, or to communicate with other healthcare professionals.
As a parent who’s healthcare providers use Elixir software
When your healthcare workers use our software to communicate with you, they provide us with information they hold about you so that we can make sure you receive those communications. We only ever act on their instructions, as they are the data controllers, and in line with our data processing agreement. You can see how we keep your data safe here.
We handle the following information about your child, on behalf of the data controller, your healthcare organisation.
Date of Birth
We use the following contact information when health and care professionals communicate with you using our software:
Mobile phone number
We use this information to enable your health and care provider to communicate with you about your child, either through SMS and email messages sent on our platform, or for them to call you.
We safely collect, store and transmit communications and documents sent to you, or received from you through Elixir software for health and care organisations. These communications and documents may include:
Messages from these healthcare providers (e.g. your Paediatrician)
Communications you have sent back to healthcare professionals after they asked you, including questionnaires about your child, images or information about appointments with their service (including for an appointment to attend an outpatient paediatric clinic).
Clinical records of your child’s treatment created by professionals using our software, including blood test results.
Information about the devices and software you use to connect to our services.
When explicitly instructed, we use information from clinical records in other systems to which your child’s healthcare provider has access. We do this in order to make those records available to your provider or to other professionals involved in your care.
Elixir also collects usage data, such as when you open and close our software, what product features you use and what computer you are using. This allows us to provide clear audit trails, and so that we can improve our software and maintain the clinical safety of our products and services. We also monitor the functioning of our software and to prevent fraud, cyberattacks and other dishonest behaviour.
Other groups of people who Elixir process information about
We process corporate prospects’ contacts or past corporate clients’ contacts data, including for direct marketing purposes, subject to the right to object and any opt-out exercised.
We process job candidates’ CVs and related data as long as this may be required in relation to the selection process.
How specific Elixir software features work
Elixir has developed an anonymous database of photos, linked to specific blood test results. To be clear, these photos do not and cannot in any way identify an individual and do not include any part of a face, or a part of the body usually covered by underwear. Elixir are collecting these images, linked to blood tests, to provide a tool for clinical staff, so that certain children at risk of a disease can be identified sooner, using a combined computer-vision and AI approach.
It is not the current standard of care in child health for a photo to be routinely requested by a clinician. Instead, a healthcare worker would ask to see certain clinical information directly. Elixir will ask for and share specific images with a child’s clinical team, providing rapid extra information for the clinician.
Our aim is to help clinicians come to a diagnosis faster.
Our database of photos, matched to blood results, acts as a library to help us to improve how we categorise future images from children. To this end, certain anonymous images and linked blood test results will be kept by Elixir, with the consent of the child’s parent or guardian. Elixir explain this in a clear manner several times through the process, including at the time that the photo is shared. Parents can opt for Elixir to permanently delete the anonymous photo and linked blood result from our records at the time of sharing, or at any point in the future. A parents decision for Elixir to not store an image will not affect their clinical care in any way.
All communication between the user’s browser, or the parent’s browser, is transmitted over an encrypted connection (HTTPS over TLS). This data is then encrypted at rest, using AES-256 encryption.
Elixir have developed a system so that the images and linked blood test results that parents allow us to keep, are not stored with any patient identifiable information, while being able to ensure that images can be deleted upon request in the future. When the parent is provided with an email about their clinic appointment, they are provided with a unique photo-code and a link to Elixir’s website where they can securely share a certain photo, as per a description provided by the healthcare provider. This photo-code is then entered when the parent uploads the photo of the dirty nappy. This photo and photo-code is stored on a separate encrypted database. A blood result is added to this database and linked to the photo-code, but with no identifiable clinical information. When the blood-test result has been uploaded onto the Elixir system, a report of the patient contact will be automatically provided to the hospital’s electronic medical notes, including a photo and the photo code, using encrypted channels. At this point, all identifiable information about that child will be deleted from Elixir’s system. The photo-code then acts as the key to enable the deletion of the correct image at any point in the future, and is held by the parent and by the hospital.
What is the legal basis for processing this data?
Elixir always acts as a data processor in relation to patients’ data that providers share with Elixir through the use of its software services.
Health care providers’ lawful basis for processing patient data using Elixir services is expected to be:
Article 6(1)(e) – ‘…exercise of official authority…’;
And their processing of special categories (health) data using Elixir services, the conditions are expected to be:
9(2)(h) – ‘…health or social care…’, and
9(2)(i) – ‘…public health purposes…’.
For processing special categories (ethnicity) data using Elixir services, the conditions are expected to be:
9(2)(h) – ‘…health or social care…’, and
9(2)(b) – ‘…social protection law…’ (for monitoring equality of access)
Anyone using Elixir for purposes beyond those set out above are likely to be misusing the software and in breach of the terms and conditions.
Our other legal bases for processing personal data where we are data controllers are to perform our contract to provide a service, when the contract is with you (GDPR Art. 6 (1)(b)), or our legitimate interests, provided they are not overridden by your individual interests, rights and freedoms surrounding data protection GDPR Art. 6 (1)(f).
Do we share this data with third parties?
We use third-party data processors, such as our email, productivity, design, communications and storage providers. A patient’s information may also be shared with other healthcare and social care organisations in the context of your exchange of messages through the Elixir platform. This sharing is strictly limited to the instructions a healthcare provider gives us.
We compile anonymised statistics about the use of our platform, such as the use of different features by our users. All personal data is removed by aggregating the data to hospital level or above. We share these aggregate usage statistics with third parties. These third parties include:
national bodies including NHS Digital, NHS England and relevant government departments;
local commissioning bodies such as CCGs;
partners of Elixir in the commercial, charity, and academic sectors.
How long do we retain data for?
Patients’ data is generally kept in line with the Records Management Code of Practice for Health and Social Care 2016. However, we would delete the data earlier than suggested by this code if we are informed that the condition of Article 9(3) GDPR and s. 11(1) Data Protection Act 2018 no longer applies.
We retain the data pertaining to our clients’ and prospects’ medical teams’ members and to non-medical personnel actually or potentially involved in purchasing our services for as long as necessary for the purpose of providing the service, to pursue a sales transaction, or to market our services, subject to their right to object or not to be subject to direct marketing. You may also contact us ([email protected]) to request that we delete the data that we hold about you.
How to contact us?
If you have questions or concerns about privacy, or wish to exercise rights you have in relation to personal data we process about you, you can email [email protected] or write to Elixir AI Ltd, 7 Florence Gardens, Manningtree, CO11 2FB.
You may always make further enquiries to our or complain to the www.ico.org.uk
Future updates to this Notice
This notice may change periodically and will be published on the Elixir website. Subscribers of our monthly email newsletter will also be notified of major changes in the subsequent newsletter.