Privacy Notice

How we use your information

Welcome to Patients Know Best (PKB)

This page explains how and why we use your personal information, what your rights are and how you can exercise your rights in relation to this use of your personal information. 

We provide this information so that you can decide whether or not to create your PKB Account, through which you can share your information with the professionals who provide your care and make some decisions about how they share your personal information. 

To learn how to use your Account, the user manual is at: 

1. The terms we use

2. Types of PKB Service Users

As well as patients, the PKB Service can be used by three other types of users:

Information on these roles is found in the PKB manual: 

3. Purpose of PKB

We aim to bring you your health records from anywhere, and for you to control who sees these records.

In your PKB Account your information is divided into four areas:

After creating your PKB Account, you can decide who can see what, e.g. you may want your doctor to see everything but your family to only see your general health. You can also ask others to decide on your behalf, e.g. your doctor can share with other doctors for you. If an Organisation has information about you, the Organisation can send that information via PKB to you, e.g. automatically sending discharge letters to your PKB Account. 

The PKB Service will search other databases to show you information that may be relevant to you. You decide how to make use of this information, e.g. if we tell you about a clinical trial, you decide whether or not to take part. Your information is not shared with anyone until you decide.

4. Information disclosure and further use

We do not use or disclose your information to anyone except as described in this Privacy Notice.

If you send us a request for help (details below) you are likely to tell us your name and email address. We will only use this information to provide the help you have requested.

PKB may further use your information:

PKB may contract companies to provide services on our behalf, such as our support desk or to answer queries about the Service. We give those organisations access only to the minimum personal information to help you with your queries, such as your IP address (your computer’s location) or e-mail address. They are bound by a contract and a duty of confidentiality. These companies cannot access your health information, which is encrypted.

NHS services

5. Confidentiality

PKB fulfils its duty of confidentiality through clauses in employment contracts, corporate policies covering confidentiality and security, providing ongoing training to all employees and requiring the same of any company we contract to support us. 

Please ensure when providing information about other people, for example, including Personal Data about a family member, that you have permission to do so.

6. Can I delete or hide my PKB account if I change my mind?

This is a complex area of data protection law. In general, to comply with the legal obligations of Professionals and Organisations in maintaining accurate health records, the following occurs:

We explain in more detail below:

PKB Accounts

Once you create a PKB Account, you are in control of who can access your record and what they can see. The law may override your wishes, e.g. a court order stipulates access by another individual or authority, or in other very rare exceptional circumstances. 

You can edit or hide information you have added until it has been viewed by a health or social care professional. After a Professional has viewed information in your PKB Account it may be retained by the Organisation. In most cases, this retention period will typically be 8 years as outlined in the Records Management Code of Practice

You cannot edit or hide information others have added. If you would like to change or hide information that has been added by an Organisation about you, for example, if it is incorrect, you must contact that Organisation to request this. All of your PKB health data is held securely and is encrypted in storage and in transit.

Children’s records

The only exception to the above function is for children’s records. Professionals have control to ensure the safety of the child’s care. Full control of your record is possible from 13 years old, except in special circumstances e.g. to protect your health.

PKB Records

Your PKB Record will only be deleted if the Organisations provide this instruction to PKB. This is because Professionals may make decisions about your care based on information in your PKB Record. This is a similar case to your doctor maintaining records about you for the future safety of your care. 

Typically, adult health records are deleted 8 years after last access by the Organisation, but PKB will only delete your record once an Organisation asks us to. Where multiple Organisations contribute to your PKB Record, each Organisation will need to provide a deletion instruction for data where they are a controller of e.g. Organisation A cannot request deletion of data contributed by Organisation B. 

An organisation may provide a deletion instruction to PKB at any point during their contract. After the Service contract has ceased an Organisation may request the PKB Record to be deleted or retained (in line with the Records Management Code of Practice) within PKB or in a different system. Where the Organisation provides a retention instruction to PKB after the Service contract has ceased, a retention only contract will be established.  

Emergency care

In an emergency, Professionals may override the limitation you have put on access to your information. This is called ‘Break the Glass’. When they do this they must declare the reason they have for accessing your record. PKB records this action, and the Organisation reviews it. Break the Glass is only for emergencies when you may lack the capacity to consent (e.g if you are unconscious) and when (in the Professional's clinical judgement) it is in your vital interest that the Professional sees your record. 

Your rights

You may ask your Organisation to ‘Disable Sharing’ if you do not wish to share your record with any Professional, and to prevent Professionals from being able to Break the Glass. You should think carefully before asking for this and review your decision periodically. With Disable Sharing, Professionals can only see the information about you they have added to your record, and no other data from any other party. More information on Disable Sharing is available here

7. How is my information protected?

PKB is committed to protecting your privacy.

We cannot see your health record and have no direct control over your information. We store all of your information on secure servers and encrypt all of your information. Our security measures are tested at least annually to standards set by the UK National Cyber Security Centre.

8. Lawful Basis

Organisation-contributed information (PKB Record)

To find out the legal bases for an Organisation that provided your information, you should check their privacy notice. 

For all UK Organisations, PKB has a Data Processing Contract (DPC) that sets out the responsibilities for each party. PKB is a Processor for all data that forms the PKB Record. For NHS organisations a Joint Controller Relationship is established for any data you, as a patient (PKB Account), share with the Organisation. 

You can see a copy of the template DPC below, although the specifics of the agreement may vary slightly from Organisation to Organisation:

NHS Data Processing Contract 

For a breakdown of all organisations using PKB, please see this map                                                                                                                                                                           

PKB's responsibilities in the DPC as a Processor are: 

Organisations providing data are responsible for:

Patient-contributed information (PKB Account)

Once you create your PKB Account, PKB is the controller for the information you contribute and relies on the following legal bases: 

For NHS Organisations using PKB, after you share data with them, a Joint Controller relationship will be formed for this data between PKB and the NHS Organisation – the NHS Organisation may retain this data as part of your healthcare record. 

PKB Data Protection Officer (DPO)

PKB’s Data Protection Officer is David Stone

You can write to our DPO: 

Patients Know Best Ltd Contact Routes 

To contact PKB’s Support Team: 

Further information about PKB is available via our website: 

UK ICO Registration and Complaints

PKB is registered with the Information Commissioner’s Office (ICO), which regulates data protection in the UK, and our registration number is Z2704931.

You can raise a complaint with the Regulator here:

9. Agreement and Further Information

A User's continued use of the Service constitutes the User’s agreement to this privacy notice. If you feel you need further information please refer to The PKB Manual and the PKB Information Governance Wiki below or contact us through .

Please Note: If you registered with PKB prior to 2nd February 2022, please see the previous Privacy Notice related to your registration and consent.

Privacy Notice - Version 5.3 (UK) - Updated: [24.08.2022]