Privacy Policy

Effective Date 27-05-2025

This Privacy Policy explains how Medical Services Solutions Limited (“we”, “our”, “us”) collects, uses, stores, and protects your personal data—including health data—when you use our services. We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).

1. Company Information

Medical Services Solutions Limited

Registered Office: Ground Floor, The Annexe, 3 Harman Close, London NW2 2EA
Our appointed Data Protection Officer (DPO) is [Caroline Lueder]

2. Data Collection and Use

We collect personal data, including health data, only as necessary for the following purposes:

  • To provide and improve our services
  • To respond to your inquiries and requests
  • To enhance user experience through analytics and feedback
  • To comply with legal obligations
  • To maintain the security and integrity of our systems
Health Data

We may collect and process a wide range of health-related information, including but not limited to:

  • Electronic health records (EHRs) and medical records
  • Demographic information (name, address, contact details, NHS number)
  • Clinical and administrative data (appointments, referrals, discharge summaries)
  • Diagnostic information (diagnoses, symptoms, test results, laboratory data, imaging, pathology reports)
  • Treatment and medication history (prescriptions, therapies, procedures, surgeries)
  • Disease and patient registry data (chronic conditions such as diabetes, cancer, heart disease, asthma)
  • Psychological and mental health information (stress, anxiety, depression, psychiatric assessments, behavioural health notes)
  • Data from wearable devices and health apps (fitness trackers, medical wearables, remote monitoring devices)
  • Genetic and biometric data (DNA analysis, genetic testing, biometric identifiers)
  • Patient-reported outcomes and health surveys
  • Claims and billing data (insurance claims, payment records)
  • Social and lifestyle information relevant to health (smoking status, alcohol use, exercise, diet, social determinants)
  • Data concerning disabilities, pregnancy, gender reassignment, and other special category data
  • Information about allergies, immunisations, and infectious diseases
  • Administrative data related to care settings (e.g., hospital, care home, mental health services)
  • Any other information relevant to the provision, planning, or management of healthcare, including medical opinions, clinical notes, and correspondence with healthcare professionals

3. Use of Artificial Intelligence and Large Language Models

We utilise AI, including the Pro version of large language models (LLMs), to support and enhance our services. These models process user inputs, which may include health data, to generate outputs such as text, recommendations, or data analysis.

AI Use for Medical Record Management:

We use AI to extract information from medical records in order to prepare summaries, synopses, and to sort records into chronological order. This includes creating detailed medical timelines, synopses, and organising records for a wide range of medical conditions—not limited to psychological, respiratory, and oral health issues, but also encompassing diagnostic procedures, orthopaedic surgeries, ophthalmic services, chronic diseases, and any other relevant medical specialties or conditions. Our AI systems are capable of processing and organising records related to any type of health information, ensuring comprehensive and organised reporting.

AI Use for Advisory Purposes Only:

AI technologies, including the Pro version of LLMs, are used strictly to provide advisory information and support. They are not used to make decisions about your medical treatment or care. All treatment decisions remain the responsibility of qualified healthcare professionals. The outputs generated by AI are intended to assist and inform, not to replace professional clinical judgment.

Responsible and Transparent AI Use:
  • We do not use your data to train AI models unless we have your explicit consent, and you may opt out of such use at any time.
  • We do not share your data with third parties for their independent use or for training open-source AI models without your explicit permission.
  • We are committed to transparency regarding how your data is used in AI systems, and we clearly communicate the purposes and limitations of AI processing.
Security and Data Protection:
  • We employ end-to-end encryption and advanced security controls to protect your data.
  • We regularly review and update our security practices to align with industry standards and certifications such as ISO 27018 where applicable1.

4. Data Storage and International Transfers

Your personal and health data may be stored or processed outside the United Kingdom or European Economic Area (EEA). When this occurs, we ensure that all providers storing or processing your data outside these regions are certified under the EU-U.S. Data Privacy Framework (DPF) or equivalent adequacy mechanisms.

Key Points:
  • Data transfers to the United States or other third countries are only made to organisations that are DPF-certified, ensuring an adequate level of data protection as recognised by the European Commission.
  • We regularly verify the certification status of our third-party providers and require contractual commitments to maintain compliance with the DPF and GDPR.
  • Client content can be deleted upon request or at the end of service, and we do not retain unique insights derived from your data without your agreement1.

5. Legal Basis for Processing

We process personal and health data on the following legal bases:

  • our explicit consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests, balanced against your rights and freedoms

6. Your Rights

Under UK GDPR, you have the following rights:

  • Access to your personal and health data
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing

You can exercise these rights by contacting our Data Protection Officer. We may require verification of your identity before fulfilling your request to protect your data from unauthorised access or deletion. You may also appoint an authorised agent to act on your behalf, provided proper documentation is presented.

7. Data Security

We implement robust security measures to protect your data, especially sensitive health data, from unauthorised access, disclosure, alteration, or destruction. These include encryption, access controls, and regular security audits1.

8. Transparency and Accountability

We are committed to transparency about how your data, including health data, is used—especially when processed by AI systems and the Pro version of large language models. If you have questions about our AI use or data handling practices, please contact us.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in technology, law, or our practices. Updates will be posted on this page, and we encourage you to review it regularly.

10. Contact Information

For questions or to exercise your data rights, please contact our Data Protection Officer:

Caroline Lueder
Medical Services Solutions Limited
Ground Floor, The Annexe , 3 Harman Close, London NW2 2EA
info@mssgroup.co.uk

By using our services, you acknowledge that you have read and understood this Privacy Policy.