Digital consent

University Hospitals Plymouth NHS Trust is implementing a new digital consent tool to improve our consent process and ensure we meet the national standards for obtaining patients' consent as well as supporting patient decision making about their treatment.  This tool is a new digital consent application by Concentric Health.

By using a digital consent process University Hospitals Plymouth expect the following benefits:

  • Better patient experience and understanding of the decision-making process and understanding of decisions being made for their care.
  • Reduced errors on consent forms with improved documentation of the consent process.
  • The ability to allow consent to be given remotely which enables consent to be given even when there isn’t a face-to-face appointment.
  • Giving more time for doctors to undertake clinical duties as the electronic process is more efficient.
  • Reducing the risk of the wrong operation being carried out.
  • Reducing the chance of needing to cancel surgery on the day and other delays.
  • Reducing the use of paper use, supporting the Trust’s commitment to achieving Net Zero (carbon neutral).


Who are Concentric Health?

Concentric Health is a UK based company with headquarters in Cardiff, Wales.

Concentric Health Ltd (Registration number: 10733991). Address: Tramshed Tech, Pendyris Street, Cardiff, CF11 6BH

You can find out more information on the Concentric website .


How does the process work?

All patients must give their consent before they receive any type of medical treatment or operation. Giving consent means giving your permission to have a treatment, operation, test, or examination.

Data is entered into the Concentric digital consent application by a doctor or other appropriately qualified healthcare professional to share information with the patient about their proposed treatments or procedures. This will include information about the benefits, risks, and alternatives.

The doctor or other health professional will modify the consent information to meet the needs of the individual patient and then either share it with the patient immediately or send it to them securely via e-mail or SMS to review later.

After reviewing the information provided, the patient can document their consent to the proposed treatment or ask their healthcare professional for further information. This can be done in a face to face or virtual appointment.


How will I be contacted by Concentric?

You may receive genuine communication from your clinician via Concentric, either as an email from the email address  or as an SMS from a mobile contact named ‘Concentric'.


Where is my data stored?

Concentric Health uses Google Cloud Platform (GCP) for all hosting and data processing, within a data centre in the UK. GCP is compliant with all healthcare information governance requirements.

Once the consent process is completed, a pdf version of the consent form is automatically transferred into the Trust’s electronic patient record systems.


How is my data protected?

All data is protected following industry best practice with regard to access controls and encryption. The Trust manages clinician’s access and password strengths rules are enforced. Patients are sent an email with a unique link and enter their date of birth in order to verify their identity. All data is stored using leading encryption methods and is transferred securely.

What data is collected and processed?

GDPR (General Data Protection Regulation) defines different types of data (key definitions of types of data ).

Concentric uses ‘personal data’ which is data that can be used to directly identify someone and ‘special category data’ which is sensitive data that usually requires more protection.

The following personal data is processed: title, given name, family name, date of birth, gender, patient identification number (for example, NHS number), mobile phone number and email address. This data is required for clinical safety purposes, as (with the exception of email address) it needs to be displayed on-screen during all clinical interactions. It is best practice to share consent information with patients, and therefore an email address and mobile phone number are stored to allow communication of the consent process.

The following special category data, i.e. data relating to health, is also processed: name of treatment, indication and purpose of treatment, alternatives and risks discussed, and name and job title of clinicians who have been involved in providing care. This information is required as it is documented on the consent form.

Under the General Data Protection Regulation (GDPR), organisations can only process personal data if there is a lawful basis for doing so. Where Concentric is used, University Hospitals Plymouth NHS Trust is the data controller, and Concentric Health is the data processor for the Trust.

The legal basis for processing is that of ‘direct care’. Healthcare organisations have a requirement to receive and record procedural consent as part of providing care. The contract between the healthcare organisation and Concentric Health to deliver a digital consent platform provides Concentric Health’s ‘direct care’ legal basis for processing.


What will the data be used for?

The data will only ever be used by University Hospitals Plymouth NHS Trust to manage the consent process as part of your treatment. It will not be used for any other purposes, such as research unless we contact you and specifically ask for permission to do so.

Was this page helpful?

Was this page helpful?

Please answer the question below, this helps us to reduce the number of spam emails that we receive so that we can spend more time responding to genuine enquiries and feedback. Thank you.