Digital Consent

To improve our consent process so that the Trust meets the National standards for obtaining patient’s consent as well as supporting patient decision-making about their treatment, a number of specialties at Royal Cornwall Hospitals NHS Trust are using a new digital consent application by Concentric Health.
The Trust expects the following benefits implementing this:

  • Reduced errors on consent forms with improved documentation of the consent process.
  • The ability to allow consent to be given remotely which enables consent to be given even when there isn’t a face-to-face appointment.
  • Better patient experience and understanding of the decision-making process and understanding of decisions being made for their care.
  • Giving more time for doctors to undertake clinical duties as the electronic process is more efficient.
  • Reducing the risk of the wrong operation being carried out
  • Reducing the chance of needing to cancel surgery on the day and other and delays.
  • Reducing the use of paper use, supporting the Trust’s commitment to achieving Net Zero (carbon neutral) by 2030

Who are Concentric Health?

Concentric Health are a UK based company with headquarters in Cardiff, Wales.

Concentric Health Ltd.
Registration number: 10733991.
Address: Tramshed Tech, Pendyris Street, Cardiff, CF11 6BH

You can find out more information on the Concentric website.

How does the process work?

Data is entered into the Concentric digital consent application by a doctor or other appropriately qualified Healthcare Professional to share information with patients about proposed treatments or procedures. They modify the consent information to meet the needs of the individual patient and then either share it with the patient immediately or send it to them to via e-mail or SMS to review later.

After reviewing the information provided, the patient can document their consent to the proposed treatment or ask their Healthcare professional for further information.

How will I be contacted by Concentric?

You may receive genuine communication from your clinician via Concentric, either as an email from the email address notifications@concentric.health, or as an SMS from a mobile contact named ‘Concentric’.

Where is my data stored?

Concentric Health uses Google Cloud Platform (GCP) for all hosting and data processing, within a data centre in the UK. GCP is compliant with all healthcare information governance requirements.

Once the consent episode is completed, a PDF version of the consent form is automatically transferred into the Trust’s electronic patient record systems.

How is my data protected?

All data is protected following industry best practice with regard to access controls and encryption.

The Trust manages clinician’s access and password strengths rules are enforced. Patients are sent an email with a unique link and enter their date of birth in order to verify their identity.

All data is stored using leading encryption methods and is transferred securely.

What data is collected and processed?

GDPR defines different types of data.

Concentric uses ‘Personal data’ which is data that can be used to directly identify someone and ‘Special category data’ which is sensitive data that usually requires more protection.

The following personal data is processed: title, given name, family name, date of birth, gender, patient identification number (e.g. NHS number), mobile phone number and email address. This data is required for clinical safety purposes, as (except for email address) it needs to be displayed on-screen during all clinical interactions. It is best practice to share consent information with patients, and therefore an email address and mobile phone number is stored to allow communication of the consent process.

The following special category data, i.e. data relating to health, is also processed: name of treatment, indication and purpose of treatment, alternatives and risks discussed, and name and job title of clinicians who have been involved in providing care. This information is required as it is documented on the consent form.

Under the General Data Protection Regulation (GDPR), organisations can only process personal data if there is a lawful basis for doing so. Where Concentric is used, the Royal Cornwall Hospital Trust is the data controller, and Concentric Health is the data processor for the Trust.

The legal basis for processing is that of ‘direct care’. Healthcare organisations have a requirement to receive and record procedural consent as part of providing care. The contract between the healthcare organisation and Concentric Health to deliver a digital consent platform provides Concentric Health’s ‘direct care’ legal basis for processing.

What will the data be used for?

The data will only ever be used by the Royal Cornwall Hospitals to manage the consent process as part of your treatment. It will not be used for any other purposes, such as research or population health management, unless we contact you and specifically ask for permission to do so.

Page last reviewed: 22 May 2023

Alert: Visiting restrictions are in place due to Norovirus

See our news article for more information.

Text Size

Change font

Contrast