DermCAP Ltd

Clinical Privacy Notice

Who we are

DermCAP Ltd provides a clinical decision-support, supervision and quality improvement programme for primary care clinicians assessing skin lesions. The programme supports safer reassurance decisions, appropriate referral and improved diagnostic decision-making in routine NHS consultations.

DermCAP Ltd is registered with the information Commissioners Office (ICO) as a data controller

Data protection contact

privacy@dermcap.org

What information we process

DermCAP processes limited personal data in order to deliver clinical supervision, audit and patient-safety monitoring.

Patient-related data (normally pseudonymised):

  • Clinical lesion photographs
  • Dermoscopic images
  • Age band and relevant clinical history
  • Diagnostic decisions and outcomes

DermCAP does not require patient names, NHS numbers, addresses or direct identifiers.

Clinician data:

  • Participation records
  • Calibration outcomes
  • Decision-audit results
  • Educational progress metrics

Why we process this information

We process this information solely to:

  • Provide supervised clinical decision support
  • Conduct clinical audit and quality assurance
  • Monitor patient-safety outcomes
  • Improve referral decision quality in primary care
  • Support clinician training linked to real clinical practice

DermCAP does not use personal data for marketing

Lawful basis for processing

Under UK GDPR our lawful basis is:

Article 6(1)(e) – Task carried out in the public interest

(improving safety and eƯ ectiveness of healthcare delivery)

Article 6(1)(e) – Task carried out in the pArticle 9(2)(h) – Healthcare management and quality assuranceublic interest

The programme operates as a clinical service-improvement and audit activity supporting NHS care pathways.

Who we share information with

Information may be shared with:

  • Participating GP practices
  • Relevant NHS organisations involved in the patient’s care

DermCAP does not sell or commercially distribute personal data.

Data minimisation

DermCAP is designed to operate using pseudonymised information wherever possible. Practices are instructed not to submit identifiable patient details unless clinically necessary.

Data storage and security

We use secure systems, restricted access controls and encrypted devices to protect information. Only authorised personnel involved in supervision and audit can access the data.

Clinical communication between clinicians uses secure NHS-approved messaging systems where available.

How long we keep data

  • Clinical audit data: up to 3 years
  • Educational participation records: up to 5 years
  • Fully anonymised data may be retained longer for service evaluation

After retention periods expire, data is securely deleted or anonymised.

Individual rights

Patients and clinicians have rights under UK GDPR, including:

  • access to their data
  • correction of inaccurate data
  • restriction of processing where appropriate

Requests should be sent to: privacy@dermcap.org

Where DermCAP processes data on behalf of a GP practice, the practice remains the primary contact for patient information requests.

Complaints

If you have concerns about how data is handled, please contact us first at privacy@dermcap.org

You also have the right to complain to the Information Commissioner’s Office: https://ico.org.uk