Dendrite Clinical Systems Ltd

Patient Confidentiality

Data is collected, processed and erased under the jurisdiction of the country where the data is held, and the legal basis for holding these data varies from one country to another. In the UK the data is managed under the provisions of the Data Protection Act 2018, which is independently overseen by the Information Commissioners Office (ICO).

Everyone collecting personal information must comply with the Common Law Duty of Confidentiality and it is the responsibility of these organisations to ensure that Information provided by the patients to the hospitals in confidence will only be used for the purposes explained to the patient and to which they have consented, unless there are other circumstances covered by the law.

Dendrite, as a customer of the NHS, and other health related organisations across the World, must also comply, but as contracted data processors, we are reliant upon those who collect and supply the data to us to ensure their own compliance before handing the data over to us or allowing us access to it.

Dendrite complies with the NHS Confidentiality Code of Conduct - . All data is held in accordance with the UK Data Protection Act 2018 and Information Governance guidelines.

Remote Access

When providing remote access support services, or working on a hosted server, if copies of data need to be made, the copy is either stored on the customer server, or, if required to be downloaded, is logged and held on a 256-bit encrypted hard disk drive until such time as there is no need to retain that data. At this time the data is deleted from the encrypted hard disk drive and closed on the log.

Reporting and data processing / analysis

If Dendrite has been contracted to undertake any reporting or data processing / analysis by a customer, Dendrite liaise with the customer to ensure that the data will be supplied and managed in a secure manner.

Once supplied, again, the Data is stored on a 256-bit encrypted hard disk drive until such time as there is no need to retain that data. At this time the data is deleted from the encrypted hard disk drive and closed in the log.

Whilst any personal data is held by Dendrite, it is kept in accordance with strict Information Governance policies and in accordance with the Data Protection Act 2018

Sharing information with other organisations

As Dendrite are usually only Data Processors, we are bound by contracts with our customers with regards to data sharing. Dendrite will therefore never provide any data to any other organisation other than the contracted customer (within the bounds of the contract under which it has been provided).

If Dendrite is requested by another person or organisation other than the customer to have access to that customer's data, they will always be referred to the customer and Dendrite will only ever release the data to the customer.

Patient rights to withdraw consent for sharing personal information

At any time patients have the right to refuse/withdraw consent to information sharing. However, as Dendrite are only Data Processors, we would always refer the patient to the Data Owner to discuss this with them. They will then explain the reason why the data is being collected and any possible consequences of their data being withheld. If directed by our customer, we would delete the patient record in accordance with their instructions.

Subject Access Requests

Dendrite holds a limited amount of personal information relating to our business contacts, and our technical support work.    You can request a copy of your personal data from Dendrite by e-mail, phone or post, using the contact details below.

Further information

To learn more about how patient identifiable information is used and held within Dendrite, please contact the Information Governance team at Dendrite.

Information Governance Team
Dendrite Clinical Systems Ltd
5th Floor, Reading Bridge House,
George Street,
Reading, RG1 8LS

Phone: 01491 411288