Password must contain:

  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number 0-9
  • At least one symbol !"#$%&'()*+,-./:;<=>?@[]^_`{|}~
  • 10 or more characters

How we use your information

Welcome to Patients Know Best (PKB).

This page explains how and why we use your personal information, what your rights are and how you can exercise your rights in relation to this use of your personal information.

We provide this information so that you can decide whether or not to create your PKB Account, through which you can share your information with the professionals who provide your care and make some decisions about how they share your personal information.

To learn how to use your Account, the user manual is at: https://manual.patientsknowbest.com/

  1. The terms we use

    • "You" This means you, the user and the person controlling who can see or share their record
    • "Patients Know Best (PKB) Account" is the online account that shows you your personal health information shared by your care providers and gives you some control over who can see it, including what you may choose to add about yourself
    • "Patients Know Best (PKB) Record" is the information about you provided by your care providers and is shared between themselves to provide you with safe care before you create your PKB Account
    • "Patient Contributed Data" means the information you add to your PKB Account and choose to make visible to professionals providing your care and anyone else you choose
    • "Provider Contributed Data" means the information professionals have recorded and shared between themselves through the PKB Record and with you in your PKB Account
    • "The Service" is the IT platform and software PKB use to provide your online PKB Account and PKB Record
    • "Carers" are friends, family or anyone you choose to give access to your PKB Account
    • "Professionals" are the people working for organisations who have been given access to PKB Records because they help to deliver your care. These people have had their identity and qualifications verified, for example, doctors and nurses, and have been trained in handling confidential patient information
    • "Organisations" are customers of PKB that have information about you and that you can choose to trust to see your records, for example, hospitals or GPs
    • "Encryption" is a method of securing your information so that only those with the correct credentials can access it

  2. Types of PKB Service Users

    As well as patients, the PKB Service can be used by three other types of users:

    • Carers
    • Professionals
    • Organisations

    Information on these roles is found in the PKB manual: https://manual.patientsknowbest.com/

  3. Purpose of PKB

    We aim to bring you your health records from anywhere, and for you to control who sees these records.

    In your PKB Account your information is divided into four areas:

    • General health (e.g. diabetes)
    • Sexual health (e.g. sexually transmitted infections)
    • Mental health (e.g. depression)
    • Social care information (e.g. day centres)

    After creating your PKB Account, you can decide who can see what, e.g. you may want your doctor to see everything but your family to only see your general health. You can also ask others to decide on your behalf, e.g. your doctor can share with other doctors for you. If an Organisation has information about you, the Organisation can send that information via PKB to you, e.g. automatically sending discharge letters to your PKB Account.

    The PKB Service will search other databases to show you information that may be relevant to you. You decide how to make use of this information, e.g. if we tell you about a clinical trial, you decide whether or not to take part. Your information is not shared with anyone until you decide.

  4. Information disclosure and further use

    We do not use or disclose your information to anyone except as described in this Privacy Notice.

    If you send us a request for help (details below) you are likely to tell us your name and email address. We will only use this information to provide the help you have requested.

    PKB may further use your information:

    • To provide you with important information about the Service, such as updates and notifications (e.g. changes in this privacy notice)
    • To send you the PKB email newsletter (if you have chosen to receive it)
    • To identify your age and location to help determine whether you meet the criteria for a PKB Account

  5. PKB may contract companies to provide services on our behalf, such as our support desk or to answer queries about the Service. We give those organisations access only to the minimum personal information to help you with your queries, such as your IP address (your computer's location) or e-mail address. They are bound by a contract and a duty of confidentiality. These companies cannot access your health information, which is encrypted.

    NHS services
    • Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a "processor" only and we must act under the instructions provided by NHS England (as the "controller") when verifying your identity. To see NHS login's Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
    • If you are an NHS App user, we may send you messages relating to your health and care on behalf of your healthcare provider through the NHS App Messaging Service. The NHS App Messaging Service is provided by NHS England. You can find more information in the NHS App and Account privacy policy.

  6. Confidentiality

    PKB fulfils its duty of confidentiality through clauses in employment contracts, corporate policies covering confidentiality and security, providing ongoing training to all employees and requiring the same of any company we contract to support us.

    Please ensure when providing information about other people, for example, including Personal Data about a family member, that you have permission to do so.

  7. Can I delete or hide my PKB account if I change my mind?

    This is a complex area of data protection law. In general, to comply with the legal obligations of Professionals and Organisations in maintaining accurate health records, the following occurs:

    • PKB does not delete PKB Records unless an Organisation asks, normally 8 years after it was last accessed by the Organisation.
    • Where an Organisation ceases the contract with PKB, unregistered PKB Records that have not been accessed by an Organisation will be deleted within 30 days of contract cessation
    • Where an Organisation ceases the contract with PKB, registered PKB Records will be retained or deleted at the discretion of the Organisation. Where PKB Records are retained, a retention-only contract will be established.
    • PKB does not delete your PKB Account unless you ask, and then we can only delete information that you have added that has not been viewed by a Professional.

    We explain in more detail below:

    PKB Accounts

    Once you create a PKB Account, you are in control of who can access your record and what they can see. The law may override your wishes, e.g. a court order stipulates access by another individual or authority, or in other very rare exceptional circumstances.

    You can edit or hide information you have added until it has been viewed by a health or social care professional. After a Professional has viewed information in your PKB Account it may be retained by the Organisation. In most cases, this retention period will typically be 8 years as outlined in the Records Management Code of Practice.

    You cannot edit or hide information others have added. If you would like to change or hide information that has been added by an Organisation about you, for example, if it is incorrect, you must contact that Organisation to request this. All of your PKB health data is held securely and is encrypted in storage and in transit.

    Children's records

    The only exception to the above function is for children's records. Professionals have control to ensure the safety of the child's care. Full control of your record is possible from 13 years old, except in special circumstances e.g. to protect your health.

    PKB Records

    Your PKB Record will only be deleted if the Organisations provide this instruction to PKB. This is because Professionals may make decisions about your care based on information in your PKB Record. This is a similar case to your doctor maintaining records about you for the future safety of your care.

    Typically, adult health records are deleted 8 years after last access by the Organisation, but PKB will only delete your record once an Organisation asks us to. Where multiple Organisations contribute to your PKB Record, each Organisation will need to provide a deletion instruction for data where they are a controller of e.g. Organisation A cannot request deletion of data contributed by Organisation B.

    An organisation may provide a deletion instruction to PKB at any point during their contract. After the Service contract has ceased an Organisation may request the PKB Record to be deleted or retained (in line with the Records Management Code of Practice) within PKB or in a different system. Where the Organisation provides a retention instruction to PKB after the Service contract has ceased, a retention only contract will be established.

    Emergency care

    In an emergency, Professionals may override the limitation you have put on access to your information. This is called 'Break the Glass'. When they do this they must declare the reason they have for accessing your record. PKB records this action, and the Organisation reviews it. Break the Glass is only for emergencies when you may lack the capacity to consent (e.g if you are unconscious) and when (in the Professional's clinical judgement) it is in your vital interest that the Professional sees your record.

    Your rights

    You may ask your Organisation to "Disable Sharing" if you do not wish to share your record with any Professional, and to prevent Professionals from being able to Break the Glass. You should think carefully before asking for this and review your decision periodically. With Disable Sharing, Professionals can only see the information about you they have added to your record, and no other data from any other party. More information on Disable Sharing is available here: https://manual.patientsknowbest.com/patient/sharing#h.p_sGdbVe_KdzdG

  8. How is my information protected?

    PKB is committed to protecting your privacy.

    We cannot see your health record and have no direct control over your information. We store all of your information on secure servers and encrypt all of your information. Our security measures are tested at least annually to standards set by the UK National Cyber Security Centre.

  9. Lawful Basis

    Organisation-contributed information (PKB Record)

    To find out the legal bases for an Organisation that provided your information, you should check their privacy notice.

    For all UK Organisations, PKB has a Data Processing Contract (DPC) that sets out the responsibilities for each party. PKB is a Processor for all data that forms the PKB Record. For NHS organisations a Joint Controller Relationship is established for any data you, as a patient (PKB Account), share with the Organisation.

    You can see a copy of the template DPC below, although the specifics of the agreement may vary slightly from Organisation to Organisation:

    NHS Data Processing Contract

    For a breakdown of all organisations using PKB, please see this map.

    PKB's responsibilities in the DPC as a Processor are:

    • Providing the Service
    • Providing the security of the Service
    • Processing on the written instructions of the Controller

    Organisations providing data are responsible for:

    • The quality of the information uploaded to PKB including ensuring the correct privacy labels are with the associated information
    • Providing access to those in the Organisation who require it

    Patient-contributed information (PKB Account)

    Once you create your PKB Account, PKB is the controller for the information you contribute and relies on the following legal bases:

    • Processing under legitimate interests. Processing occurs only after you have voluntarily registered and you have added information to your PKB Account. Your interests, rights and freedoms continue to be protected
    • Processing that is necessary for the provision of care. PKB ensures patient information is available to providers, relatives and/or carers to support the delivery of care, as well as assisting the patient to access care services

    For NHS Organisations using PKB, after you share data with them, a Joint Controller relationship will be formed for this data between PKB and the NHS Organisation - The NHS Organisation may retain this data as part of your healthcare record.

    PKB Data Protection Officer (DPO)

    PKB's Data Protection Officer is David Stone.

    You can write to our DPO:

    David Stone

    Patients Know Best
    St John's Innovation Centre
    Cowley Road Milton
    Cambridge
    CB4 0WS

    Email: dpo@patientsknowbest.com

    Patients Know Best Ltd Contact Routes

    To contact PKB's Support Team: https://www.patientsknowbest.com/contact-us

    Further information about PKB is available via our website: https://patientsknowbest.com

    UK ICO Registration and Complaints

    PKB is registered with the Information Commissioner's Office (ICO), which regulates data protection in the UK, and our registration number is Z2704931.

    You can raise a complaint with the Regulator here: https://ico.org.uk/make-a-complaint/

  10. Agreement and Further Information

  11. A User's continued use of the Service constitutes the User's agreement to this privacy notice. If you feel you need further information please refer to The PKB Manual and the PKB Information Governance Wiki below or contact us through https://www.patientsknowbest.com/contact-us

Please Note: If you registered with PKB prior to 2nd February 2022, please see the previous Privacy Notice related to your registration and consent.

Privacy Notice - Version 5.3 (UK) - Updated: [24th August 2022]

User agreement

Plain English Summary

Welcome to your Patients Know Best (PKB) account. This is a summary of our account service agreement with you.

Patients Know Best (PKB) provides software to help patients manage their own health information. PKB puts you, the patient, in control of all health information about you that is added to PKB. PKB enables you, the patient, to control who can use this information with you.

To start using your PKB account, a PKB customer (e.g. your hospital) will verify your identity. And you must agree to this Account Service Agreement.

You must be at least 13 years old or have approval from your parent or legal guardian. You can stop using the Patient Access Service at any time and you own the copy of the data in your record.

You must obey the law, choose a secure password, and notify PKB or our customer of any security problems. You are responsible for information you input into PKB.

If you find a problem with data within your PKB record from a PKB customer, e.g. your hospital doctor, please contact that clinical team. If you find a problem with data you entered into PKB, e.g. symptoms, messages and output from home devices, please contact PKB directly via help@patientsknowbest.com

Questions related to data protection and privacy can be addressed to Patients Know Best at:

David Stone

Patients Know Best
St John's Innovation Centre
Cowley Road Milton
Cambridge
CB4 0WS

Email: dpo@patientsknowbest.com

Patients Know Best's complaint procedure is documented here.

Last updated: August 2022

Full Patients Know Best Account Service Agreement

  1. What the Service Agreement Covers

    At Patients Know Best we store patients' data for our customer institutions ("Customer Institutions"), along with software and service tools that help Customer Institutions to manage the data ("Provider Service"). References to your customer institution in this Service Agreement mean the legal person who employs the clinical, health or care staff who perform healthcare services for you. Your customer institution will ask you to read this Service Agreement if it uses the Provider Service. This Service Agreement sets the terms and conditions that apply between the patient ("you") and Patients Know Best ("we", "us", "our") in relation to the Provider Service. Under the Provider Service, Customer Institutions who use PKB with you will each store their records about you with PKB, for use by your teams of professionals. You cannot access your data directly, yourself, via the Provider Service.

    When a Customer Institution uses the Provider Service, you also have the opportunity to receive a service directly from us. This service ("Patient Access Service") allows you to access data relating to you directly, along with tools to help you manage the data and who can access it. You can start using the Patient Access Service by confirming to us or the Customer Institution that you want the service, and by helping the Customer Institution or us to verify your identity.

    This Service Agreement applies to Patients Know Best Account software and service including updates that you use while this Service Agreement is in force. The Patients Know Best software and service, the Provider Service and the Patient Access Service are referred to collectively in this Service Agreement as the "Service", and the account where your personal data is stored and accessible within the Service is referred to as the "Account".

    Please note that we do not provide warranties for the Service. The Service Agreement also limits our liability. These terms are in sections 9 and 10 and we ask you to read them carefully.

  2. How you May Use the Service

    You must be an authorised user of certain participating institutions to be eligible to use the Patient Access Service. You must be at least 13 years of age, unless your use of the Patient Access Service is approved by your parent or legal guardian as part of the process of signing you up and verifying your identity. You may start using the Patient Access Service as soon as you have finished the sign-up and verification process. Support is available via help links. You may cancel the Patient Access Service at any time. You are able to store materials for use in connection with the Patient Access Service. The materials you store on your Account are yours. You may only transmit and store content that is legally permissible and appropriate for the Service.

    In using the Service, you will:

    • obey the law;
    • obey any codes of conduct or other notices we provide;
    • keep your Account password secret; and
    • promptly notify us if you observe a security breach related to the Service.
    • Help Patients Know Best maintain a healthy and vibrant environment by reporting any illegal or inappropriate behaviour.

  3. How You May Not Use the Service

    In using the Service, you may not:

    • use the Service in a way that harms us or members of our group of companies (including our parent companies and their other subsidiaries, as well as our own subsidiaries) or our affiliates, resellers, distributors, and/or vendors (collectively, the "Patients Know Best Parties" and each individually, a "Patients Know Best Party"), or any customer or user of a Patients Know Best Party;
    • use any portion of the Service as a destination linked from any unsolicited bulk messages or unsolicited commercial messages ("spam");
    • use any automated process or service (such as a BOT, a spider, periodic caching of information stored by Patients Know Best, or "meta-searching") to access and/or use the Service;
    • use any unauthorised means to modify or reroute, or attempt to modify or reroute, the Service;
    • damage, disable, overburden, or impair the Service (or the network(s) connected to the Service) or interfere with anyone's use and enjoyment of the Service; or
    • resell or redistribute the Service, or any part of the Service.

  4. Intended Use of Service

    The Service is intended for you to use to conveniently access and manage your personal data relating to your health via the Account. You may decide to authorise others, including Customer Institutions, to have access to your personal data via the Service. The information that you access via your Account may not always be accurate or up-to-date and you should verify its accuracy with your appropriate Customer Institution before you act on the information. The accuracy of data and information and the timescales within which it is inputted into the Service is the responsibility of the Customer Institution or other legal persons who input the data or information into the Service.

  5. You Are Responsible For Your Account

    Only you may use your Account. You are responsible for all activity that takes place with your sign-in credentials. Non-personal and commercial Accounts are prohibited on the Service in the absence of additional signed agreements with Patients Know Best that explicitly allow such Account use.

  6. Privacy

    We consider your use of the Service to be private. However, we may access (or permit access to others, where lawful) or disclose information about you, your Account and/or the content of your communications, in order to: (1) comply with the law or legal process served on us; (2) enforce and investigate potential breaches of this Service Agreement, including use of this Service to participate in, or facilitate, activities that violate the law; or (3) protect the rights, property, or safety of Patients Know Best, its employees, its customers or the public. By using the Service you consent to the access and disclosures outlined in this section 6.

    We may use technology or other means to protect the Service, protect our customers, or stop you from breaching this Service Agreement. These means may include, for example, filtering to stop spam or increase security. These means may hinder or break your use of the Service.

    In order to help us to provide and further develop the Service, we may collect certain information about Service performance, your machine and your Service use. We may automatically upload this information from your machine. This data will not personally identify you. You may read about this information collection in more detail in the privacy notice.

  7. Software

    You will not copy, disassemble, decompile, or reverse engineer any software, code, script or content included in the Service, except and only to the extent that the law expressly permits this activity. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use.

  8. Patients Know Best Authentication Network

    We may provide you with credentials on our authentication network to use with the Service. You are solely responsible for any dealings with third parties who use our authentication network. This Service Agreement applies to you whenever you use the credentials you obtained with the Service. We may cancel or suspend your access to our authentication network for inactivity, which we define as failing to sign in to our authentication network for more than 12 months. If we cancel your credentials, your right to use our authentication network immediately ceases.

  9. We Make No Warranty

    There are lots of factors that can affect whether or not the Service is available, including the availability of your internet connection. The accuracy, quality or timeliness of your information is mainly determined by the accuracy, quality and timeliness of the people who supply or upload the information to the Service, which could be your healthcare provider, a laboratory, you, or others who you or your healthcare providers give permission to. Patients Know Best cannot, therefore, give a warranty in relation to the Service or the information.

    We provide the Service "as-is," "with all faults" and "as available" (see: http://www.pkbstatus.com ). We do not guarantee the availability of the Service or the accuracy or timeliness of information available from the Service. You may have consumer rights under law that this Service Agreement cannot change. To the fullest extent permitted by law, we exclude any implied warranties including those of merchantability, fitness for a particular purpose, standards and non-infringement.

    We do not operate, control or supply any information, product, or service that is not clearly identified as supplied by Patients Know Best. The Service stores records created by Customer Institutions and the Service does not itself provide medical or any other health or care advice, diagnosis or treatment. Always seek the advice of qualified professionals at Customer Institutions if you require healthcare advice, diagnosis or treatment. Never disregard professional medical advice or delay in seeking it because of information you access on or through the Service.

  10. Liability Limitation

    The person responsible to you if you have a problem with the Service or your personal information used by the Service depends on what the problem is. In the first instance, you should approach your Customer Institution, who can investigate and either get the problem addressed for you or (if appropriate, where the health care provider believes the problem is our responsibility) raise the matter with Patients Know Best. For problems with Service availability you should always check your own internet connection is available, first.

    The following paragraphs set out how far Patients Know Best is liable to you in any case where (a) you have a problem with the Service, (b) it is confirmed as resulting from Patients Know Best not meeting obligations that it owes directly to you (such as under data protection law), and (c) as a direct result you suffer loss or damage.

    You can recover from Patients Know Best only direct damages if Patients Know Best is liable to you (as described above) and our liability to you cannot lawfully be excluded.

    You cannot recover any other loss, damage or damages, including indirect, consequential, special, indirect, incidental or punitive loss, damage or damages, or lost profits. This means that, in each case, you cannot claim for such loss, damage or damages.

    The above limitations apply in relation to:
    • the Service,
    • content (including code) on third party Internet sites, third party programs or third party conduct,
    • viruses or other third party content that affects your access to or use of the Service or any of your devices or other software or services,
    • incompatibility between the Service and other services, software or hardware,
    • delays or failures you may have in initiating, conducting or completing any transmissions or transactions in connection with the Service in an accurate or timely manner, and
    • claims for breach of Service Agreement, breach of warranty, guarantee or condition, strict liability, negligence, breach of statutory duty or other tort.

    They also apply if:
    • this remedy does not fully compensate you for any losses, or fails of its essential purpose; or
    • Patients Know Best knew or should have known about the possibility of the loss, damage or damages.

    The above limitations and exclusions of PKB's liability will apply to the fullest extent permitted by the applicable laws. We limit our liability in this way in view of the fact that the Service is provided without charge to you.

    Questions related to data protection and privacy can be addressed to Patients Know Best at:

    David Stone

    Patients Know Best
    St John's Innovation Centre
    Cowley Road Milton
    Cambridge
    CB4 0WS

    Email: dpo@patientsknowbest.com

    Patients Know Best's complaint procedure is documented here.

  11. Changes to the Service; If We Cancel the Service

    We may change the Service or delete features at any time and for any reason. We may cancel or suspend your Service at any time. Our cancellation or suspension may be without cause and/or without notice. Upon Service cancellation, your right to use the Service stops right away.

  12. How We May Change the Service Agreement

    We may change this Service Agreement at our discretion by posting new applicable terms and conditions. If you do not agree to the changes then you must stop using the Service. If you do not stop using the Service, then your use of the Service will continue under the changed Service Agreement. PKB will notify users of changes to this Service Agreement, acceptance therein is assumed if refusal is not submitted within 30 days of notification. Service Agreement refusals should notify PKB Support https://support.patientsknowbest.com.

  13. Interpreting the Service Agreement

    All parts of this Service Agreement apply to the maximum extent permitted by law. A court may hold that we cannot enforce part of this Service Agreement as written. If this happens, then we may exercise our right under condition 12 above and replace that part with terms that most closely match the intent of the part that we cannot enforce. This is the entire Service Agreement between you and us regarding your use of the Service. It supersedes any prior Service Agreement or statements regarding your use of the Service. If you have confidentiality obligations related to the Service, those obligations remain in force (for example, you may have been a beta tester). The headings used in the Service Agreement do not affect the interpretation of its terms and conditions.

  14. Assignment; No Third Party Beneficiaries

    We may transfer or assign this Service Agreement and/or the Services, in whole or in part, at any time with or without notice to you. For example if Patients Know Best were to be purchased by another company this agreement would transfer to them. You may not transfer to anyone else, either temporarily or permanently, any rights to use the service or any part of the Service. This Service Agreement is solely for your and our benefit (and the benefit of any person to whom we transfer or assign the Service Agreement and/or the Services). It is not for the benefit of any other person.

  15. Management of Your Data

    Your data and information stored and used in the Service is a shared electronic health record, which each of your participating Customer Institutions relies on. If you require a Customer Institution to change how they use your data or information, you must speak to the Customer Institution(s) who use the relevant data or information, and to Patients Know Best. Deletion or amendment of your data or information by one Customer Institution (or us) could result in other Customer Institution(s) (or us) losing data and information that they need for providing you with care (or the Services). For this reason, data will not be deleted, this is to ensure the integrity of medicolegal audit.

  16. Notices We Send You; Consent Regarding Electronic Information

    This Service Agreement is in electronic form. There may be information regarding the Patient Access Service that the law requires us to send you. We may send you this information in electronic form. We may provide required information to you:

    • by e-mail at the e-mail address you specified as part of your sign-up and identity verification for the Patient Access Service;
    • by access to a Patients Know Best web site that will be designated in an e-mail notice sent to you at the time the information is available; or
    • by access to a Patients Know Best web site that will be generally designated in advance for this purpose.

    Notices provided to you via e-mail will have a grace period of 14 days before being deemed given and received, this period will commence on the transmission date of the e-mail. As long as you can access and use the Service, you have the necessary software and hardware to receive these notices. If you do not consent to receive any notices electronically, you must stop using the Service.

  17. Copyright and Trademark Notices

    The Service and all contents of the Service are © Copyright Patients Know Best and/or its suppliers and/or contractors. All rights reserved. Copyright and other intellectual property laws and treaties protect all software and content provided as part of the Service. We or our suppliers and/or contractors own the title, copyright, and other intellectual property rights in the Service including the software and the content. Patients Know Best, Manage your Health, Patients Know Best logo, and/or other Patients Know Best products and Services referenced herein may also be either trademarks or registered trademarks of Patients Know Best in the United Kingdom and/or other countries. The names of actual companies and products mentioned in this Service Agreement may be the trademarks of their respective owners. All rights not expressly granted in this Service Agreement are reserved.

  18. About Patients Know Best

    Patients Know Best is a private company limited by shares, which is registered in the United Kingdom with company registration number 6517382. Its full name is Patients Know Best Limited, and its registered office is at St John's Innovation Centre, Cowley Road, Cambridge CB4 0WS.

Read more about our user agreement.