In this section we outline the data processes that happen as part of Compass and explain what data will be collected and what happens to that data.
Handling your information securely and confidentially is extremely important to us.
As well as the data security processes we outline below, Compass will log you out automatically after 20 minutes of inactivity.
We also recommend:
Your security and privacy on Compass depends on the device you use to access the website. You are able to use Compass on a computer, tablet or smartphone, as long as you are connected to the internet.
To ensure maximum security, we recommend you keep your software up-to-date, choose strong passwords which are not easy to guess, use security protection software and avoid unsecured public internet connections.
The Compass website does not use marketing cookies. This means that your browsing information is not used for advertising or commercial purposes. The Compass website does use one type of cookie – this is an essential cookie which is used to make sure you get a consistent user experience. It is required for the website to maintain where you are up to in the programme. It also means it can show you personalised information when you are signed in.
Compass was developed by a team of researchers at King’s College London University. Compass at King’s College London works in partnership with:
Compass is a website. So that you can use Compass, we need you to register with an email address. Compass provides a service for the NHS. This means that we also need to ask for the following information:
So that we can keep track of your health – we will also ask you to complete self-report questions about your mood at regular points during the programme.
Because Compass provides a service for the NHS your healthcare team needs accurate and up-to-date information. Collecting this information means that your healthcare team can monitor your progress. They are able to contact you to provide you with extra support either by email, the Compass in-site messaging service, over the telephone or by arranging an appointment to meet face-to-face.
The Compass website is hosted by SPIKA. This means that the data collected by Compass is held on a database managed by SPIKA. This database is located in a securely protected and approved provider cloud solution. When you register for Compass you are assigned an anonymous Compass ID which is stored with your data. Additionally, because your data is confidential, the data that Compass collects is held in an encrypted state. Please note, if you upload photos or documents to your Tasks these will not be saved in an encrypted state, so please do not include any personal or identifying information.
So that Compass can be used in the NHS we have to follow strict privacy, confidentiality, and online security procedures.
Your personal information will only ever be accessed by your healthcare team and a trained Compass supervisor. The Compass supervisor ensures you get the support you need. Compass will never share your information with other parties without your written consent. For example, if access is needed to your Compass account due to a technical error we will ask for your written consent for a member of the technical team to do this.
To help the team at King’s College London improve the website, Compass collects information about:
This information is ALWAYS anonymous and will never include data that can identify you as an individual.
If you have been referred to Compass through your local Improving Access to Psychological Therapy service, the Compass programme works in partnership with Mayden. Mayden processes data for your healthcare team. This means that when you complete self-report questionnaires about your LTC and mood, the data is transferred from Compass to your electronic medical record at your local Improving Access to Psychological Therapy service. This makes sure that your healthcare record is kept up-to-date.
Data is only transferred using the highest levels of data security and encryption, which meets NHS Digital requirements. This process happens automatically and does not involve people who work for Mayden accessing your personal information.
If you have a technical problem or question, then King’s College London will receive the following information if you submit a question/concern via the “Contact Us” form:
In order to solve a technical problem, support from the SPIKA software team who programmed Compass may be needed. We will never share your information with SPIKA or ask them to look into the problem without gaining your informed consent first.
Compass will never share your personal information with anyone without your consent.
When you join Compass you will be linked with a guide. Your guide is a qualified healthcare professional who will provide you with support during your time on the programme, either by phone, online messaging or both. Your guide is part of your healthcare team so will be able to see your personal details, including name, date of birth, phone number and email address.
In order to ensure that their support is relevant and specific to you, and to ensure your wellbeing, your guide will be able to see your progress on the website, i.e. which sessions you have completed and your mood scores. They will also be able to see your goals and tasks. Additionally, they are able to see the notes you make in the ‘Reflections’ section, as this can help structure their support. However, if you would like to, you can choose for the content in the reflections to be hidden from your guide.
Programme Lead for Compass: Professor Rona Moss-Morris
Data Protection Officer at King’s College London on behalf of Compass is: Albert Chan (Assistant Director of Business Assurance; Information Compliance)
Information collected by Compass will in line with General Data Protection Regulation (2018). Our lawful basis for collecting this information includes:
Your personal data will be processed in accordance with your rights under data protection legislation.
Your rights are:
Your personal information will be managed and shared in line with the General Data Protection Regulations (2018) and common law duty of confidentiality.
If you have any concerns or further questions, please contact the Compass team using the form which you can find in ‘Contact Us.’
You can find more tips for staying safe online at www.cyberaware.gov.uk.
The following video also provides a useful overview of patient data - vimeo.com/264239790