PKB’s user agreement and privacy policy update for 2017

The average Norwegian has 33 apps on their smartphone. Their combined terms and conditions are longer than the New Testament. No one has time to read these, and few have the legal skills to understand them.

As we updated our privacy policy and user agreement we wanted to make sure our terms and conditions had informed consent.

We are lucky to work with the Care Information Exchange’s lay partner steering group. They asked for and then improved a plain English summary at the start of each legal document.

This is quick but complete, with all the important points a user should understand before accepting the terms.

Here is the summary at the start of the full user agreement:

Welcome to your Patients Know Best (PKB) account. This is a summary of our account service agreement with you.

Patients Know Best (PKB) provides software to help patients manage their own health information. PKB puts you, the patient, in control of all health information about you that is added to PKB. PKB enables you, the patient, to control who can use this information with you.

To start using your PKB account, a PKB customer (e.g. your hospital) will verify your identity. And you must agree to this Account Service Agreement.

You must be at least 16 years old or have approval from your parent or legal guardian. You can stop using the Patient Access Service at any time and you own the copy of the data in your record.

You must obey the law, choose a secure password, and notify PKB or our customer of any security problems. You are responsible for information you input into PKB.

If you find a problem with data within your PKB record from a PKB customer, e.g. your hospital doctor, please contact that clinical team. If you find a problem with data you entered into PKB, e.g. symptoms, messages and home devices, please contact PKB directly via

Questions related to data protection and privacy can be addressed to Patients Know Best at:

F.A.O. Data Protection Officer
Patients Know Best
St John’s Innovation Centre, Cowley Road Milton, Cambridge CB4 0WS
Phone: 01223 790708

Patients Know Best’s complaint procedure is documented at

Late Updated: March 2017

And here is the summary at the start of the full privacy policy:

Welcome to your Patients Know Best (PKB) account. This is a summary of our privacy policy. This privacy statement tells you, the patient, about how your Personal Data is used. This is so you can decide whether or not to give your consent for the Service and Account to use your personal data. The privacy statement is not a user guide so it does not tell you how to use the Service or Account.

“You” This means the user and the person giving their consent to see or share their record

“Patient Know Best (PKB) Account” is an online account that that lets you gather, edit, store, and share personal health information

“The Service” is the IT platform used to provide your online account

“Carers” are friends, family or other people that help you with your care

“Professionals” are employees of organisations using PKB whose identity and qualifications have been legally verified, for example doctors and nurses.

“Organisations” are customers of PKB that are involved in your care and that you trust to view your records, for example: hospitals

You can use PKB with three other types of users:

  1. Carers
  2. Professionals
  3. Organisations

Because Professionals have been legally verified they can do things on your behalf and in your interest. For example, they can legally confirm that;

  • you are an adult
  • and you can understand information about your health
  • you can be in control of your PKB account.

Our aim is to bring you your medical records from anywhere, and for you to control who sees these records.

Your record is divided into four parts:

  1. General health (e.g. diabetes)
  2. Sexual health (e.g. HIV)
  3. Mental health (e.g. depression)
  4. Social care information (e.g. day centres)

You decide who can see what, e.g. you may want you doctor to see everything but your family to only see your general health. And you can all request that others decide on your behalf, e.g. your doctor can share with other doctors for you.

If an Organisation has data about you and the Organisation agrees to release the data to Patients Know Best, Patients Know Best will show you the data in your Account.

For example, Organisations can automatically send their discharge letters to your record. When you log in, PKB software will search external databases for you. None of your data are sent outside PKB for these searches.

Will my information be used for anything else?

Once you can see your record and have decided who else can see your record, PKB will use software to search databases to show you information.You decide how to make use of this information e.g. if we tell you about a research trial, you can decide to take part. Your information is not shared until you have told us you want to share it.

A description can be found on the following page of one such trial, provided by The National Cancer Registration and Anlysis Service:

Patients Know Best does not use your Account-holder information for marketing purposes without first asking for and receiving your opt-in. We do not use or disclose your information except as described in this Privacy Policy.

If you send us a help request to you are likely to tell us your name and email address.

Occasionally, although we ask you not to, Users may tell Patients Know Best clinical information about themselves (e.g. “I cannot access my message from Dr Smith” or “How do I get my haemoglobin test result from my daughter’s cancer team”).

Patients Know Best has no ability to access any clinical information in your health records.

To help you with your query, Patients Know Best may use personal information:

  • to provide you with important information about the Service, such as important updates and notifications;
  • to send you the Patients Know Best e-mail newsletter (if you choose to receive it);
  • to determine your age and location to help determine whether you meet the criteria for an Account.

Patients Know Best may hire other companies to provide services on our behalf, such as a support desk or to answer queries about the Service. We give those organisations access only to the minimum personal data to help you with your query, such as your IP address or e-mail address.

Patients Know Best requires the companies to maintain the confidentiality of your personal data and prohibits them from using it for any other purpose. Patients Know Best does not share any health records with these third parties because we do not have access to such information.

Can I delete or hide my PKB account if I change my mind?

Because Professionals make medical decisions based on the information in your PKB record, it is a medical record. Data cannot be deleted for 8 years after last usage in case there is a legal case about medical safety. But you are in control to make sure no one can access your record without your permission unless we are required to do so by law.

The one exception is children’s records – Professionals have control to ensure safety of the child’s medical care. Full control of your record is possible from 16 years old barring special circumstances.

You can only edit or hide data you have added. You cannot edit or hide data others have added. If you would like to change or hide information that has been added about you, or if it is incorrect, you can contact the Organisation and request this.

How is my information protected?

PKB cannot see your medical record and has no control over your record. We keep the information on secure servers. We encrypt so no one can see your medical record except the people you choose.You can opt in to receive the PKB newsletter which has updates about PKB. PKB tracks software usage to improve software quality. But PKB does not track identifying information or records.

Patients Know Best is committed to protecting your privacy. We have registered with the Information Commissioner’s Office (“ICO ”), which regulates data protection in the UK, and our registration number is Z2704931.

This privacy statement applies to the Patients Know Best Service (referred to in this privacy statement as the “Service “), which you access by logging into your account.

This privacy statement does not apply to any other online or offline Patients Know Best sites, products, or services.

The privacy statement is written generally as if you are the patient, ie you use your own Account to manage your health records. If you are a Carer who manages the patient’s records for them, you must read the privacy statement on the basis that it refers to you using your Account to manage the patient’s health records

Agreement and Further Information

Users continued use of the Service constitutes the User’s agreement to this privacy statement. If you feel you require further information before you are able to provide consent – please refer to The User Information and Security Statement below or contact


One comment

Leave a Reply