Forward Clinical Limited, Acceptable Use Policy
Forward Clinical Ltd (“us”, “we”, or “our”) operates the Forward mobile application (the “Service”). Forward Clinical Limited is also known as Forward Health.
Please read these licence terms carefully. By using this App you agree to these terms. If you do not agree to these terms, do not use the App.
This Acceptable Use Policy outlines how the mobile application Forward should be used, and defines the mutual responsibilities that exist when using the App.
Please note that this service is not an alternative to the usual professional practices and procedures that you would carry out as part of your responsibilities as a medical practitioner. You should not rely on our service having 100% availability and you must remain properly informed as to the processes and procedures, especially in the light of data protection law and information governance stipulated by the organisation for which you work.
Forward operates fully to NHS Digital and Department of Health national guidance on Healthcare IT Safety and best practice by ensuring all IT systems are assessed for compliance with Information Governance and Patient Safety regulations; users of Forward can find supplemental information on the responsibilities and policies underlying compliance by contacting the Forward team. The Forward team reserves the right to update this document as necessary.
This document relates to the use of Forward as a mobile application by all users, in hospital, private and community settings only within the United Kingdom. You may be made aware by your employer of further conditions surrounding your use of Forward.
General Information About Forward
Forward is a secure messaging and workflow mobile application for healthcare professionals – this includes doctors, nurses and all Allied Health Professionals and support staff. Forward contains features to create and manage patient lists, organise and assign tasks, share photos and patient profiles with other healthcare professionals, and send instant messages. Forward can be used by anyone with an NHSmail or NHS Trust email address or an appropriate secure email domain that has passed due diligence screening. It is primarily designed for clinical use but may also be useful to managers, secretaries and other authorised personnel. Forward may also be useful to those working in primary and social care, as well as private practice, in accordance with these professions’ own codes of conduct.
Forward reserves the right to remove a user, subject to unacceptable use, or operational requirement at any time.
Privacy Rights and Responsibilities
Responsibilities of the User
By using this App and the messaging service you confirm that you are a data controller for the purposes of data protection legislation and you acknowledge your legal responsibilities in relation to the personal data sent using this service.
- Forward must not be used to violate any laws or regulations of the United Kingdom or other countries. Any illegal activity will be reported to the employer and to the police.
- Forward must not be used for unauthorised commercial gain including marketing, advertising and selling goods or services.
- Users of Forward must identify themselves accurately and as fully as is necessary to be correctly identified by other healthcare and affiliated professionals using the App. Users are responsible for maintaining their own identifiers including, but not limited to, Profession, Grade, Hospital, Care home, Council and Speciality as laid out in “Settings”. You are responsible for ensuring that any person with whom you communicate is the person that you think them to be (i.e. ensure that they are not using a false identify).
- You are responsible for checking that the address(es) of the users with whom you interact are correct.
- You should carefully consider the content of the messages that you send when they transmit personal data. You should keep this to a minimum and only include personal data (e.g. name, age) etc. under circumstances that you think are essential to the other person’s understanding of the message. You should avoid sending sensitive personal data (such as sex life and religious beliefs). Wherever possible, avoid sending the patient’s name.
- The service is not intended to supplement or replace official patient records and the official patient record must be updated in the usual way with any relevant information communicated using it. The service is intended for transitory communication to facilitate better patient care but should not be regarded as a permanent healthcare record.
- Personal data should only be sent in the course of carrying out your duties as a member of the clinical staff caring for patients otherwise you may risk having no legal basis for which to process that data.
- You should comply with your employer’s guidance around information governance at all times and ensure that your messages comply with any guidelines that they have issued.
- You should not use the service to send non-anonymised patient details unless your employer has signed a data processing agreement with Forward or notified its patients (for example a notice on the Trust website) that states that members of the clinical staff communicate with each other about patients by using the App.
- Users of Forward must not attempt to interfere with its software, dashboard or databases. Users have an implied responsibility to report any interference with Forward technology in order to protect patient data and promote patient safety
- Users must protect their own mobile device from theft or loss; in the event of theft or loss patient data should not be at risk, but the healthcare professional may be temporarily uncontactable, therefore it is the user’s responsibility to alert colleagues to this and to log in on another device as soon as possible.
- Users must keep their Forward PIN confidential and secure, as well as the password to any email account linked to their Forward account. It is recommended (but not essential) that users also protect their device by touch or PIN identification. We recommend that users avoid the 10 most common PIN combinations and set a PIN that is different from that used to access the device. You must not transfer the App to anyone else; if you loan your device then you must delete the App first.
- If Users opt to use Touch ID either for their device or for Forward, they must ensure that only they have access to the application i.e. no one else has a fingerprint enabled on their device.
- You must report any breach or suspected breach in the security of your App details to your Trust Data Protection Officer. Forward’s Data Protection Officer must also be informed firstname.lastname@example.org
- Communication via Forward is presumed to be of a professional nature and users should be aware that the content of messages relating to patients may on occasion be requested as part of investigations or audits, and may also be disclosed under the Freedom of Information Act 2000, the Data Protection Act 2018 (GDPR) and amendments and Freedom of Information (Scotland) Act 2002 in cases where an NHS Trust is the data controller and there is a data processing agreement in place between the Trust and Forward
- Users are responsible, within reason, for seeking support from the Forward team when a technical or other issue arises. Failure to do so could technically result in a breakdown of communication which may put patients at risk. Forward are responsible for providing timely and effective support to users.
- It is assumed that users who are off duty will set their status to “unavailable”. Failure to do so may result in inappropriate attempts to contact an individual and may result in wasted time. Similarly, it is the individual’s responsibility to set their status to “available” or “on-call” as indicated.
- Forward may be accessed from off-site, depending on individual responsibilities and at the health professional’s discretion.
Information Governance and Security
GMC requirements for doctors and equivalent guidelines for other health professionals state that patient records should be clear, accurate and legible. Forward users are responsible for ensuring that patient demographics are correct to avoid misidentification of patients. Forward is not designed as a replacement for written or electronic patient records and any information recorded on the platform should, therefore, be duplicated in the official patient record.
Forward is designed for sharing photographs. Consent should always be sought and confirmed before taking a photograph of a patient, and the health professional should explain its purpose and with whom it will be shared. This consent and the intended use of the photograph should be obtained and formally documented in line with the clinician’s local guidance. Users must note that the quality of photographs taken within Forward will depend upon the device, and will not necessarily meet required quality for diagnostic imaging or medical photography. Photographs taken within Forward should not be used as a substitute for these, but as an adjunct to clinical discussion only.
Where possible, we have tried to ensure that users will not breach guidelines around Information Governance by using Forward. Users themselves have a responsibility to understand the need to not attempt to copy or store Patient Identifiable Data (including photos) on their personal devices. If a user imports a photo from their camera roll into Forward the photo should be deleted immediately. Images taken and stored, even for a short time, on a mobile device are non-secure and all steps should be taken to protect the patient-identifiable images in order to remain compliant with the Data Protection Act (2018). Where there is an electronic patient record (EPR), then the images obtained through the mobile device should be linked to the EPR and retrievable through it.
Information from Forward can be directly exchanged with other secure platforms designed to handle Patient Identifiable Information, e.g. NHSmail, but not with outside platforms without prior approval.
It is assumed that Forward users will have completed basic Information Governance training in accordance with mandatory training requirements in healthcare. It is the responsibility of the individual and of the organisation to ensure this is valid and up to date.
Forward has been designed for use in UK hospitals. As such, healthcare professionals who wish to use Forward in organisations outside the UK will need to consult local policies and laws.
Forward users are expected not to send any material by email that could cause distress or offence. Caldicott Guardian permission must be sought before sending explicit or very sensitive material, as with any other means of communication.
It is the user’s responsibility to ensure that anyone with whom Patient Identifiable Data is exchanged has a valid reason to receive that data, as per Caldicott principles.
All uses and sharing of confidential personal information that do not have a lawful basis for processing should be treated as data breaches and reported through the usual mechanisms stipulated by your employer’s Information Governance Teams.
Clauses of Interest
Healthcare professionals are free to use Forward in any clinical context; this includes private practice and primary care.