Fourteen Fish - Health professionals can use our system to perform and record remote video and telephone consultations for the purposes of their training.
How is the patient consented?
For consultations performed via the FourteenFish system, consent for recording is obtained on your behalf by our system. Because of this, you do not need to get further consent from the patient. The proof that they consented will be recorded in the audit log for the consultation. The patient does not need to consent for the consultation to proceed. Once the consultation has finished, the clinician will then be able to see whether the patient gave consent. If the patient did not consent to recording, no part of the consultation will have been recorded.
When a clinician performs a recorded phone call with a patient, the patient is played a recorded message as soon as they pick up...
Your doctor would like your permission to record this consultation for training and assessment purposes. If you're ok with that, press 1. To carry on without the call being recorded, press 2. For more information please visit fourteenfish.com/recording
Although this is pretty standard practice, some patients may not be familiar with the concept of pressing numbers on a phone keypad to make choices during a phone call. Or they may not know how to activate the keypad on their mobile phone. If they don't enter 1 or 2 after five seconds then we ask them again, but this time they can say Yes or No to answer the question verbally.
Sorry, we couldn't detect your response. Please say "yes" if you are ok with the call being recorded, or say "no" to carry on without any recording.
We then interpret the response using speech recognition. Because we are not trying to interpret complex sentences with speech recognition, this is quite accurate. If we aren't certain whether the patient said "yes" or "no" then we ask them again.
For phone consultations where the patient was on a mobile phone, the patient will receive an automated follow-up text message from FourteenFish if they consented to recording. The patient is thanked and given a link to www.fourteenfish.com/recording where they can find out exactly how the recording might be used.
What if the patient consents and later changes their mind?
Patients are advised to get in touch with the GP practice and you should inform the health professional concerned. The health professional can log in to their FourteenFish account and delete the recording.
Who can access the recording?
The health professional can share the call with their supervisor to get educational feedback. For any user of FourteenFish who is accessing the call areas they have to authenticate using Two-Factor authentication (a password and also a verification code which is sent to their mobile).
How are patient phone numbers stored?
If the patient consents to recording, we temporarily store the patient's phone number so that we can send them the follow-up message described above after the consultation has finished. Once they have been sent the follow-up message, we immediately run their phone number through a one-way encryption process called a cryptographic hash. This is a secure process whereby the phone number gets encrypted in a way that is not reversible, meaning that even we can't get the phone number back even if we wanted to. However, this hashing process still allows us to fulfil any requests by patients under GDPR legislation, because if the patient were to tell us their phone number then we can run it through the same one-way encryption process and see if we have any consultations that match the encrypted phone number. When the consultation recording is deleted, the hash of the phone number is also deleted. If the patient does not consent to recording then their phone number, then we also immediately delete their number from our system since we don't need to send them a follow-up message, and there would not be a recording made of the call.
How will the recordings be stored?
The recordings are securely encrypted and stored on servers located in the UK. We use AES-256 encryption which is one of the strongest mechanisms available. We ensure that all data to and from our system is encrypted using TLS 1.2 which prevents anyone reading or tampering with the data while it is in transit. FourteenFish is ISO 27001 certified and audited by the British Assessment Bureau on an annual basis. This means that someone impartial and outside of our organisation evaluates our security management procedures. Any attachments uploaded as evidence of patient consent will be stored using the same encryption methods and security standards as the consultation recording. All recording recordings will be deleted after 6 months. The audit trail of the consultation and any evidence of consent from the patient will remain.