We apply the highest standards of data security and privacy, please see Data and Payment Security.
The personal information we collect is only done so in order to comply with your request for a consultation, medical advice and a prescription. We also collect technical information in order to improve the customer journey on our site.
Lawful Processing of data
Personal data relating to health and medical information is classed as "Special category of data" for that reason it can be subject to certain exemptions and provisions.
Within the GDPR regulations there is a lawful basis for processing customer data:
GDPR Article 6 (1)(c): processing is necessary for compliance with a legal obligation.
Med Connections Ltd. is legally required to abide by regulations governing healthcare which require accurate information to be held on a patient record.
GDPR Article 9 (h): processing of special categories of personal data
Specifically, "processing is necessary for the purposes of preventive or occupational medicine, … medical diagnosis, the provision of health or social care or treatment".
Med Connections Privacy Statement
We at Med Connections are the "data controller" trading as iMeds.com in the UK. Please contact the Data Officer and IT Director John Elliott on firstname.lastname@example.org for any issues or information relating to your personal data.
We take your privacy seriously and as such we are transparent about how your data is collected, stored, processed and shared. Please review the below documents: Data Sharing Policy, Data and Payment Security, Terms and Conditions
We follow the current GDPR regulations and abide by the Data Protection Act. Our Information Commissioner’s Office register entry can be seen here ZA220843.
Information required to provide treatment
At Med Connections we provide health advice and offer treatment via prescription if deemed appropriate by our doctor team. These medicines are provided via postal service from our fully licensed and regulated UK Pharmacy. As such, we must comply with the legal requirements for issuing of prescription medicines and the collection, processing and sharing of data. Part of our requirements include confirming your identity, keeping up to date personal medical information and informing your own GP if you give us permission to do so.
In order to set up an account with iMeds.com we require some basic medical information such as blood pressure, allergies etc. This is to build your core medical record. To then further order a prescription for a medicine you will be required to answer specific medical questions relating to that product and associated medical ailment. The answers to these are recorded and form part of the overall consultation process with our doctors. Our panel viewable for our doctors contains full history provided, answers to specific questions for that medicine, and any previous order history or advice provided. All of these in combination are used by the doctor to make a decision for issuing a prescription to the pharmacy.
If a doctor requests more information from a patient this is passed to the customer service team confidentially who then forward this request to the patient. Any reply with information is again confidentially passed to the doctors and forms part of the medical record.
In order to ensure effective healthcare treatment remotely we require excellent communication facilities. This is done by patients providing their email address and phone numbers. Our primary form of contact will be email, with secondary contact made via telephone or SMS. Messages from doctors and admin team will be submitted via email and will be visible on your account. Sensitive info. Will not be sent via e-mail unless requested by the patient via email where consent to reply via email is implied, unless indicated otherwise.
In order for medicine to be provided via post and for payment to be taken we require billing and shipping address to be provided. Each address is stored and recorded on your customer account.
Your GP Details
Med Connections Ltd. strongly advises that patients inform their local GP of any consultations had online and any resulting prescriptions issued. If you choose to include your GP, you will be asked to provide their details, to allow us to notify them directly via letter or email.
Our partner registered pharmacy, Chemist-4-U Express Mail Order Pharmacy, enters relevant information you provide onto a Patient Medication Record (PMR) system. This PMR system acts as an independent record of any treatment supplied and is required for all pharmacies in the UK. The Pharmacy will also print a paper copy of your prescription which is stored on premises for 2 years as per GPhC Standards. The pharmacy may also carry out a PDS sync which matches your details correctly to your NHS record to ensure continuity of information across healthcare providers.
Automated notification e-mails will be sent to patients in the following circumstances:
|-||When placing your order|
|-||When your order is approved/declined or placed on hold by the doctor|
|-||When the pharmacy has printed your prescription|
|-||When the pharmacy has dispatched/shipped your prescription|
|-||Delivery updates from Royal Mail/DPD– Account Sign up|
|-||Password reset request|
Patients cannot opt out of these e-mails as they are required to provide visibility of packages and provide our customers the best service possible.
*Royal Mail and DPD will also send text message alerts regarding your delivery if you provide a valid UK mobile phone number.
When patients register with us we offer the opportunity to subscribe to our e-newsletter. The newsletters are sent on average once per month using Mail Chimp software. To understand what data we share with Mail Chimp please visit the Data Sharing Policy.
At Med Connections we reserve the right to send mass e-mails for important drug safety information and important updates that affect registered users. For example drug recalls by a manufacturer.
iMeds.com uses Google Analytics website visitor tracking tools to give an overall understanding of user experience and behaviour, this allows us to improve our service. If you wish to view how this works please visit Google Analytics. If you wish to remove yourself from Google Analytics you can change your browser settings or create add-ons here https://tools.google.com/dlpage/gaoptout.
Retaining your data
Your data will be retained indefinitely, please see Data and Payment Security which highlights the safety measures taken to secure your data. This is done so to comply with regulation in healthcare. It is also important for both patient and doctor if an issue ever arises with prescribing or dispensing.
The page How long should medical records (health records) be kept for? Indicates that records should not be deleted for the "foreseeable future".
You are free to disable your account at any point.
Automated Doctor Questions
Many of the prescription only medicines on the iMeds.com website have questions designed to automatically exclude patients from treatment before they reach the doctor for consultation. If you are automatically excluded, you will be forwarded to the NHS Choices website for further advice and to allow you to access services in your area.
Automated purchase tracking
Our software is built to ensure that patient safety is paramount. Once you have created your account this will be fixed and any new account set up with similar details will be flagged to our customer care team. We also restrict purchases of certain medicines to ensure only a safe quantity of medicines are in a person’s possession at any one time.
Access to your data
Patients are free to update their account info. By logging onto their account. Changing a name on an account can only be done via our customer care team with valid reasons. E.g. legal change of name due to marriage.
Patients can also request full view of the data held by us under new GDPR legislation. This can be done by contacting email@example.com.
Who we share your data with
We at Med Connections Ltd. Only share your data with parties that help us to deliver you the best service online. For full view of who we share your data with please see Data Sharing Policy.
We will never sell your data to a third party for any reason.
Complaints regarding data
For all complaints or concerns relating to data, please forward details in writing to John Elliott our Privacy Officer at firstname.lastname@example.org
In the unlikely event that you are not satisfied with how your complaint has been handled please visit Information Commissioner's Office to further your complaint.
EU General Data Protection Regulation Requests
GDPR is now a legal requirement in the UK from May 2018. This new legislation allows you the following rights:– the right to be informed– the right of access– the right to rectification– the right to erasure– the right to restrict processing– the right to data portability– the right to object– the right not to be subject to automated decision-making including profiling
In order to exercise any of these rights, or if you have a query relating to this legislation and how it impacts your use of our website please contact email@example.com.
Please be aware that GDPR provides exceptions including legal retention of data for legitimate medical health records.