Exercise Prescriber takes your privacy very seriously and treats all your personal data with great care. This document sets out Exercise Prescriber’s policy regarding privacy and security. It is recommended that you read this policy carefully.
Exercise Prescriber Ltd. is a limited company established and existing under the laws of The United Kingdom, having its registered office at Witan Gate House, 500-600 Witan Gate West, Milton Keynes, MK9 1SH and active on the website of exerciseprescriber.com.
Exercise Prescriber has developed a platform used by healthcare providers to send exercise and health information content to their patients. Exercise Prescriber is not a health care provider and does not screen content posted by healthcare providers, nor does it select or screen specific exercise programs that are displayed to patients.
If you are a healthcare provider who is a subscriber to our system or you are trialling our system…read on:
Under European law (European Privacy Directive 1995/46 and the Data Protection Act 1998) you are handling sensitive patient data and as such have a responsibility to have robust information governance about the way you manage and process this data. With regards the use of the Exercise Prescriber you control the patient data that is input into our system. You are therefore the Data Controller and we ask that you seek patient consent (parent or guardian consent if a minor) and take care to enter correct patient details, specifically patient name and email address. Exercise Prescriber cannot be responsible for the compliance with applicable privacy laws by the data controller (i.e the healthcare provider). It is important that each clinician is named on the account (rather than a generic name) so there is a substantive clinical audit trail.
With regards to you, the healthcare provider and your data….we act as your data controller for the processing of payments, account information, the use of Intercom cookies as set out below (under 3).
If you are a patient who is interested in the data management and processing of your information...read on:
Your Exercise Prescriber output (home exercise program and / or patient information) requires the healthcare provider to input on our system minimal data ; your email address (if electronic material such as videos or webpages are to be used) and your name (this is at the discretion of the health provider who may prefer to input for example your client reference, first name or full name depending on their in house Information Governance).
For the healthcare provider:
In order to make use of the Service, it is necessary to create a personal Account. For this you are required to enter certain information about yourself. Your name, gender, e-mail address, phone number and country of residence are obligatory. For healthcare providers who register on behalf of an entity such as a clinic for example, information about that entity (name and contact details) are also required.
In order to send videoclips and information pages an email address is collected along with your full name or first name or client reference number.
Use of service:
By using the Service, the healthcare provider provides information about the exercise program of the patients and patients can provide anonymous feedback through our Campaign Builder. This information is private between the patient and the healthcare provider. Exercise Prescriber will store and process this information only on behalf of the healthcare provider.
When using Exercise Prescriber, cookies are saved on your computer. Cookies are small pieces of information (in the form of text) that a server sends to your browser (such as Internet Explorer or Firefox) with the intention that the browser sends this information back to the server the next time a user makes use of the Service. Cookies cannot damage your computer or the files saved on it.
When you use the Service, first party cookies are saved on your computer. First party cookies are made by or for Exercise Prescriber and are stored on your computer by Exercise Prescriber and only Exercise Prescriber has access to these cookies. Such cookies are used by Exercise Prescriber, for example, to remember your login information.
In order to collect data on the usage of Exercise Prescriber’s website (the marketing website, not the platform used for access to the Service), Exercise Prescriber uses Google Analytics. Google Analytics stores a permanent cookie on your computer which is subsequently used to register your use of the website. This data is then analysed by Google and the results are given to Exercise Prescriber. This enables Exercise Prescriber to get more insight in the way in which the website is used and, based on this information, to make adjustments to the website or the provided services.
You can configure your browser so that you do not receive any cookies the next time you use the Service. However, it is then possible that you will no longer be able to make full use of Exercise Prescriber.
Exercise Prescriber may use your personal data for the following purposes:
If you are the healthcare provider:
To allow you to use the Service, including the management of the home exercise programs for patients, the management of the patients’ compliance with the exercise program and the return of anonymised patient feedback received by patients...
If you are the patient:
To allow you to receive access to your home exercise programs and / or clinical information provided by the healthcare provider and provide feedback (if you wish) to the healthcare provider.
Exercise Prescriber will only provide medical information to third parties if the healthcare provider has given its consent for the specific third party involved (for instance, a clinic management software company).
Exercise Prescriber may post health provider testimonials/comments/reviews on the Website, which may contain personal data of healthcare providers. Exercise Prescriber shall obtain the healthcare provider’s consent via email prior to posting the testimonial.
Exercise Prescriber is ISO27001 accredited and takes appropriate technical and organizational measures to protect your (personal) data against loss or any form of unlawful use. Because of the medical nature of some of the personal data, Exercise Prescriber has incorporated a very high level of security. To protect the confidentiality and integrity of your personal data, we:
- Have internal policies that keep your data private and confidential.
- Encrypt all communications between Exercise Prescriber and our users (http: via SSL, email via TLS).
- Encrypt all patient health information in our database
- Limit information access inside our company to the absolute minimum necessary.
- Use an electronically and physically secured data center.
- Use a firewall which blocks access by attackers and unauthorized users.
- Automatically logoff healthcare providers after a certain period of inactivity.
- Require all of our users to choose strong passwords, and choose a new password every 90 days.
- Use a world-class CDN (content distribution network) which filters out possible attackers
- Use state-of-the art development and testing systems.
- Use best-in-class server management technologies.
If you wish to know what personal data Exercise Prescriber has collected about you or if you wish to change data that you cannot change yourself in your Account, then you can send your request to firstname.lastname@example.org. Exercise Prescriber will provide you with the personal data within 1 week.
Exercise Prescriber will retain your personal data for as long as your Account is active or as needed to provide the Service to you, to resolve disputes, enforce agreements or comply with any legal obligations. If you wish to delete your Account or request that Exercise Prescriber no longer uses your personal data, you can contact us at email@example.com.
It is possible for this policy to be amended in the future. Any changes to the policy will be mentioned on the Website, so it is recommended to regularly have a look at the Website.
If you have any questions, please do not hesitate to contact us via firstname.lastname@example.org