Pando Mobile Application, Acceptable Use Policy
Last Revision Date: December 2019
Purpose: Forward Clinical Ltd (“us”, “we”, or “our”) operates the Pando mobile application (the “Service”). Pando is also a trading name of Forward Clinical Limited.
Please read these licence terms carefully. You acknowledge that you have read and understood the Agreements, accept these Agreements, and agree to be bound by them. If you don’t agree with (or cannot comply with) the Agreements, then you may not use the Pando Service.
Table of Contents
- General Information About Pando
- Privacy Rights and Responsibilities
- Responsibilities of the User
- Information Governance and Security
This Acceptable Use Policy outlines how the mobile application Pando should be used, and defines the mutual responsibilities that exist when using the App.
Please note that this service is not an alternative to the usual professional practices and procedures that you would carry out as part of your professional responsibilities. You should not rely on our service having 100% availability and you must remain properly informed as to the processes and procedures, especially in the light of data protection law and information governance stipulated by the organisation for which you work.
Pando operates fully to national guidance surrounding IT Safety and best practice (NHS Digital and Department of Health) by ensuring all systems are assessed for compliance with Information Governance and Patient Safety regulations; users of Pando can find supplemental information on the responsibilities and policies underlying compliance by contacting the Pando team. The Pando team reserves the right to update this document as necessary.
This document relates to the use of Pando as a mobile application by all users, in clinical, local government, private and community settings within the United Kingdom. You may be made aware of further conditions by your employer surrounding your use of Pando.
General Information About Pando
Pando is a secure messaging and workflow mobile application for healthcare and service professionals – this includes doctors, nurses, allied health professionals and service and support staff (e.g. those working in local government). Pando contains features to create and manage lists, organise and assign tasks, share photos and patient profiles with other healthcare professionals, and send instant messages. Pando can be used by anyone with an NHSmail or NHS Trust email address or an appropriate approved secure email domain that has passed due diligence screening -e.g. a .gov address. It is primarily designed for clinical use but is also useful to managers, secretaries and other authorised personnel. Pando is intended to be used by those working in primary and social care, local government and private practice, in accordance with their respective professions’ own codes of conduct.
Pando reserves the right to remove a user, subject to unacceptable use, or operational requirement at any time.
Privacy Rights and Responsibilities
Responsibilities of the User
By using this App and the messaging service you confirm that you or the organisation for which you work is a data controller for the purposes of data protection legislation and you acknowledge your legal responsibilities in relation to the personal data sent using this service.
- Pando must not be used to violate any laws or regulations of the United Kingdom or other countries. Any illegal activity will be reported to the employer and to the police.
- Pando must not be used for unauthorised commercial gain including any sort of marketing, advertising and/or selling goods or services.
- Users of Pando must identify themselves accurately and as fully as is necessary to be correctly identified by other healthcare and affiliated professionals using the App. Users are responsible for maintaining their own identifiers including, but not limited to, Profession, Grade, Hospital, Care home, Council and Specialty as laid out in “Settings”. You are responsible for ensuring that any person with whom you communicate is the person that you think them to be (i.e. ensure that they are not using a false identify).
- You are responsible for checking that the address(es) of the users with whom you interact are correct.
- You should carefully consider the content of the messages that you send when they transmit personal data. You should keep this to a minimum and only include personal data (e.g. name, age) etc. under circumstances that you think are essential to the other person’s understanding of the message. You should avoid sending sensitive personal data (such as sex life and religious beliefs). Wherever possible, avoid sending the patient’s name.
- The service is not intended to supplement or replace official patient/service records and the official records must be updated in the usual way with any relevant information communicated using it. The service is intended for transitory communication to facilitate better patient care or improve service delivery but should not be regarded as a permanent record.
- In a clinical setting, personal data should only be sent in the course of carrying out your duties as a member of the clinical staff caring for patients otherwise you may risk having no legal basis for which to process that data.
- You should comply with your employer’s guidance around information governance at all times and ensure that your messages comply with any guidelines that they have issued.
- If your employer does not have a data processing agreement with Pando, we recommend following this guidance from NHS England and NHS Digital on the use of instant messaging software.
- Users of Pando must not attempt to interfere with its software, dashboard or databases. Users have an implied responsibility to report any interference with Pando technology in order to protect personal data and/or promote patient safety.
- Users must protect their own mobile device from theft or loss; in the event of theft or loss personal data should not be at risk, but the user may be temporarily uncontactable, therefore it is the user’s responsibility to alert colleagues to this and to login on another device as soon as possible.
- Users must keep their Pando PIN confidential and secure, as well as the password to any email account linked to their Pando account. It is recommended (but not essential) that users also protect their device by touch or PIN identification. We recommend that users avoid the 10 most common PIN combinations and set a PIN that is different to that used to access the device. You must not transfer the App to anyone else; if you loan your device then you must delete the App first.
- If Users opt to use Touch ID either for their device or for Pando, they must ensure that only they have access to the application i.e. no one else has a fingerprint enabled on their device.
- You must report any breach or suspected breach in the security of your App details to your own Data Protection Officer. Pando’s Data Protection Officer must also be informed firstname.lastname@example.org
- Communication via Pando is presumed to be of a professional nature and users should be aware that the content of messages relating to clients/patients may, on occasion, be requested as part of investigations or audits. They and may also be disclosed under the Freedom of Information Act 2000, the Data Protection Act 2018 (GDPR), Freedom of Information (Scotland) Act 2002 in cases where an NHS Trust is the data controller and there is a data processing agreement in place between the Trust and Forward Clinical Ltd.
- Users are responsible, within reason, for seeking support from the Pando team when a technical or other issue arises. Failure to do so could technically result in a breakdown of communication which may put patients or clients at risk. Pando are responsible for providing timely and effective support to users.
- It is assumed that users who are off duty will set their status to “unavailable”. Failure to do so may result in inappropriate attempts to contact an individual and may result in wasted time. Similarly, it is the individual’s responsibility to set their status to “available” or “on call” as indicated.
- Pando may be accessed from off site, depending on individual responsibilities and at the health professional’s discretion.
Information Governance and Security
GMC requirements for doctors and equivalent guidelines for other health professionals state that patient records should be clear, accurate and legible. Pando users are responsible for ensuring that patient demographics are correct to avoid misidentification of patients. Pando is not designed as a replacement for written or electronic patient records and any information recorded on the platform should therefore be duplicated in the official patient record.
Pando is designed for sharing photographs. Consent should always be sought and confirmed before taking a photograph of a patient/data subject, and the health professional should explain its purpose and with whom it will be shared. This consent, and the intended use of the photograph should be obtained and formally documented in line with local information governance guidance. Users must note that the quality of photographs taken within Pando will depend upon the device, and will not necessarily meet required quality for diagnostic imaging or medical photography. Photographs taken within Pando should not be used as a substitute for these, but as an adjunct to clinical discussion only.
Where possible, we have tried to ensure that users will not breach guidelines around Information Governance by using Pando. Users themselves have a responsibility to understand the need to not attempt to copy or store Patient Identifiable Data (including photos) on their personal devices. If a user imports a photo from their camera roll into Pando the photo should be deleted immediately. Images taken and stored, even for a short time, on a mobile device are non-secure and all steps should be taken to protect the patient-identifiable images in order to remain compliant with the Data Protection Act (2018). Where there is an electronic patient record (EPR), then the images obtained through the mobile device should be linked to the EPR and retrievable through it.
Information from Pando can be directly exchanged with other secure platforms designed to handle Patient Identifiable Information, e.g. NHSmail, but not with outside platforms without prior approval.
It is assumed that Pando users will have completed basic Information Governance training in accordance with mandatory training requirements in either healthcare or their respective profession. It is the responsibility of the individual and of the organisation to ensure this is valid and up to date.
Pando has been designed for use in the UK. As such, users that wish to use Pando in organisations outside the UK will need to consult local policies and laws.
Pando users are expected not to send any material by email that could cause distress or offence. In clinical settings, Caldicott Guardian permission must be sought before sending explicit or very sensitive material, as with any other means of communication. It is the user’s responsibility to ensure that anyone with whom Patient Identifiable Data is exchanged has a valid reason to receive that data, as per Caldicott principles. Healthcare professionals are free to use Pando in any clinical context; this includes private practice and primary care.
All uses and sharing of confidential personal information that do not have a lawful basis for processing should be treated as data breaches and reported through the usual mechanisms stipulated by your employer’s Information Governance/Data Protection Teams.