The outline of the data flow is as follows. The patient will be consented for the data to stored by 'My Clinical Outcomes' (MCO) who will act as the data processor for the project and will comply with data protection law. They will be consented for their identifiable data to be accessed by healthcare professionals involved in their care at their original treating healthcare trust, Imperial College Healthcare trust and National Cancer Registries (for data validation purposes). Patients anonymous data may be shared with third parties like Macmillan Cancer Support and Royal College of Radiologists. The electronic system will comply with the data use as stated by the patient consent. The project will report to the Imperial College Healthcare NHS trust research directorate 6 monthly to ensure the project continues to fall within information governance law and ethical practice.
The electronic system is called ‘myclinicaloutcomes’ (MCO) which is NHS Information Governance Toolkit compliant, ISO27001 accredited for Information Security Management, has been accredited to collect and submit data from private sector providers to submit to the Private Healthcare Information Network (PHIN) and was one of the first four suppliers to be accredited by the International Consortium of Health Outcomes Measurement (ICHOM) in 2014.
MCO is currently in use at 45 UK hospitals collecting longitudinal outcomes data from patients with a range of conditions including hip and knee osteoarthritis, cataract, general surgical conditions such as hernia, atrial fibrillation and low back pain. To date, approximately 15,000 patients have registered in MCO across more than 1,000 clinicians. In Autumn 2017, MCO took part in phase one of the Cancer Innovation Challenge with NHS Scotland to design and test an application focussed on outcomes measurement for patients with cancer. MCO is part of the current cohort of Digital Health London accelerator that aims to fast-track uptake of innovative.
MCO will Ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss, or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures [(those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it)];