In this section we outline the data processes that happen as part of Compass and explain what data will be collected and what happens to that data.
Handling your information securely and confidentially is extremely important to us.
As well as the data security processes we outline below, Compass will log you out automatically after 20 minutes of inactivity.
We also recommend:
Your security and privacy on Compass depend on the device you use to access the program. You can use Compass on a computer, tablet or smartphone, as long as you are connected to the internet.
To ensure maximum security, we recommend you keep your software up to date, choose strong passwords which are not easy to guess, use security protection software and avoid unsecured public internet connections.
The Compass program does not use marketing cookies. This means that your browsing information is not used for advertising or commercial purposes.
The Compass program does use one type of cookie – this is an essential cookie which is used to make sure you get a consistent user experience. It is required for the program to maintain where you are up to in the program. It also means it can show you personalised information when you are signed in.
Compass was developed by a team of researchers at King’s College London University. Click on ‘Meet the Compass team’ on the logged out page to find out more.
Compass works in partnership with several organisations including:
When we collect or use your data, Compass is the “data controller”. This means we decide how and why your data is processed. More information on how we do this is shown below.
Compass is an online program, accessed via a website. So that you can use Compass, we need you to register with an email address. Compass is a healthcare program, often used in the NHS. This means that we also collect the following personal information:
So that you and your guide can keep track of your progress we will also ask you to complete self-report questionnaires about your mood at regular points during the program.
Because Compass provides a program to your healthcare service, often in the NHS, your healthcare team needs accurate and up to date information. Collecting this data means that your healthcare team can provide their healthcare services to you, and also contact you to provide extra support if needed, either by email, the Compass in-site messaging service, over the telephone or by arranging a face-to-face appointment.
The Compass program is hosted by SPIKA. This means that the data collected by Compass is held on a database managed by SPIKA. This database is located in a securely protected and approved provider cloud solution. When you register for Compass you are assigned an anonymous Compass ID which is stored with your data. Additionally, because your data is confidential, the data that Compass collects is held in an encrypted state.
Please note, if you upload photos or documents to your Tasks these will not be saved in an encrypted state, so please do not include any personal or identifying information.
So that Compass can be used in the NHS we have to follow strict privacy, confidentiality and online security procedures.
Your personal information will only ever be accessed by your healthcare team and a trained Compass supervisor. The Compass supervisor ensures you get the support you need. Compass will never share your information with other parties without your written consent. For example, if access is needed to your Compass account due to a technical error we will ask for your written consent for a member of the technical team to do this.
To provide registration or technical support to you (if required), and to assist your guide and healthcare service, designated members of the Compass team are able to respond to requests for support raised by the healthcare service and can access data in accordance with GDPR regulations. This will only ever be someone who has a contract in place with your healthcare service and/or the necessary clearances, and who has undergone good clinical practice training.
To help the team at King’s College London improve the program, Compass collects information about:
This information will never include data that can identify you as an individual.
The data collected by the Compass platform will be used under the legal basis of public interest and legitimate interest. This is so we can support your healthcare provider in improving the care they give to you by evaluating how people interact with Compass (e.g. number of logins, how often people complete questionnaires and whether mood improves). Please note, members of the Compass team will not see data that identifies you as an individual. The only people to see this information are members of the NHS and/or your healthcare team.
In order to improve Compass and also enable more patients to be able to use the program in the future, King’s College London may decide to develop Compass as a commercial product for use in the management of long-term conditions and low mood/anxiety. Data collected in Compass, in fully anonymised format only, will be used to inform improvements to the program and allow the creation of a commercial product, so that other NHS services and healthcare organisations can use Compass.
“Fully anonymised” means that you cannot be identified by the information in any way. Any information that could identify you will never be shared or seen by anyone outside your healthcare provider without your consent. On rare occasions, we may be required or permitted to share personal information by law (e.g for law enforcement purposes).
If you have been referred to Compass through your local Improving Access to Psychological Therapy service who use a patient management system called IAPTus, the Compass program works in partnership with Mayden. Mayden processes data for your healthcare team. This means that when you complete self-report questionnaires about your LTC and mood, the data is transferred from Compass to your electronic medical record at your local Improving Access to Psychological Therapy service. This makes sure that your healthcare record is kept up to date.
Data is only transferred using the highest levels of data security and encryption which meets NHS Digital requirements. This process happens automatically and does not involve people who work for Mayden accessing your personal information.
If you have a technical problem or question, then King’s College London will receive the following information if you submit a question/concern via the “Contact Us” form:
In order to solve a technical problem, support from the SPIKA software team who programmed Compass may be needed. We will never share your personal information with SPIKA or ask them to solve an issue which may require them to see personal data without gaining your informed consent first.
Compass will never share your personal information with anyone without your consent.
Some sessions may contain links to other websites which are owned, operated or maintained by third parties. If you click on a third-party link, you will be directed to that website in a new tab.
We provide these links as helpful sources of further information, not as an endorsement, authorisation or representation of our affiliation with that third party, nor as an endorsement of their privacy or information security policies or practices.
When you join Compass you will be linked with a guide. Your guide is a qualified healthcare professional who will provide you with support during your time on the program, either by phone, online messaging or both. Your guide is part of your healthcare team so will be able to see your personal details, including name, date of birth, phone number and email address.
In order to ensure that their support is relevant and specific to you, and to ensure your wellbeing, your guide will be able to see your progress on the program, i.e. which sessions you have completed and your mood scores (including risk answers, if applicable). They will also be able to see your goals and tasks. Additionally, they can see the notes you make in the ‘Reflections’ section, as this can help structure their support. However, if you would like to, you can choose for the content in the reflections to be hidden from your guide.
Principal Investigator for Compass project: Professor Rona Moss-Morris.
Team leads: Dr Katrin Hulme & Dr Joanna Hudson.
Contact details: email@example.com.
Data Protection Officer at King’s College London on behalf of Compass is: Albert Chan (Assistant Director of Business Assurance; Information Compliance)
Contact details: firstname.lastname@example.org.
Information collected by Compass will in line with General Data Protection Regulation (2018). Our lawful basis for collecting this information includes:
Your personal data will be processed in accordance with your rights under data protection legislation.
Your rights are:
However, these rights may be restricted in some circumstances. These include compliance with legal obligations. In such circumstances we may need to keep the information about you that we have already collected.
Your personal information will be managed and shared in line with the General Data Protection Regulations (2018) and common law duty of confidentiality.
If you have any concerns or further questions, please contact the Compass team using the form which you can find under ‘Contact Us.’
You can find more tips for staying safe online at www.cyberaware.gov.uk.
The following video also provides a useful overview of patient data - vimeo.com/264239790