At our practice, we are using a new software called Heidi to help with note-taking during consultations. This tool listens to the conversation between you and your doctor (with your permission) and provides a summary of the consultation for your doctor to review. This summary is designed to help us focus more on your care and less on typing notes during your visit.


Here’s how it works:

  • What We Record: We only record the conversation during your consultation. This helps us create an accurate summary of the visit. 
  • What Happens Next: After the consultation, the tool generates a summary using advanced technology (called Large Language Models or LLMs). Your doctor will carefully check the summary before adding it to your medical record.
  • Your Privacy: All recordings and summaries are stored securely in the UK. The recordings are automatically deleted after 24 hours, and only the final summary is kept in your patient record.
  • Your Choice: Before each consultation, we will always ask if you're happy for the conversation to be recorded for this purpose. If you prefer not to be recorded, we will take notes manually instead.

We’ve also spoken with our patient participation group and made sure this information is available in an easy-to-understand way. If you have any questions, please ask a member of our team.

Privacy Notice

Under the UK General Data Protection Regulation (UK GDPR) guidelines, it is important that we take your data privacy seriously and remain open and transparent about how we utilise it. 

This privacy notice explains why we need patients’ personal information, what we plan to do with it, how long we will keep it, and whether we will share it with anyone else when using our medical scribe software.

What is Heidi and How Does It Work?

Heidi is an ambient voice technology (AVT) powered by artificial intelligence (AI). It uses speech recognition technology to accurately transcribe your consultation with your doctor, creating a written summary of your visit.

This software is designed to assist with administrative tasks and is not used in any way to aid in diagnosing medical issues.

FAQs

How Do We Obtain Information and Why Do We Need It?

Information is gathered during a consultation recording, either through a web browser or on a mobile device, between you, the patient, and your doctor.The personal information we collect is provided directly by you for the following reasons:

  • To improve our clinical workflow and efficiency
  • To focus on more patient-centred care
  • To obtain and structure your personal medical history
  • To streamline administrative tasks

What Information Do We Collect?

Personal Information: Information that can identify you, such as age, date of birth, and gender.

Sensitive Health Information: Health details related to your current medical issue, past medical history, previous investigations, current and previous medications, and any current or past specialist input. This information is volunteered by you during the consultation and may also be noted by the clinician if relevant.

Information Collected for Business Improvement (‘Pseudonymised Data’): Your data is ‘de-identified’, meaning all personal identifiers are removed, making it highly unlikely you can be ‘re-identified’. This is done to improve software performance.

Information Collected by Cookies: The software, accessible via a web browser, may collect ‘de-identified’ data to enhance performance.

Who Do We Share the Information With?

Heidi has strict agreements with third-party organisations and does not allow them access to or use of your personal information beyond the necessary purposes listed above. Third parties are bound by zero-retention policies, meaning no data is retained after processing, ensuring your information cannot be reused or accessed for any other purpose.

How Is My Information Stored?

Your information is securely stored within the UK and is not saved on international platforms. Heidi prioritises data processing and storage security and has robust agreements with third-party processors, including standard contractual clauses to ensure data is stored safely. Heidi has also pseudonymised the data by replacing personal identifiers with unique references or codes.

Data is retained for 24 hours before being permanently deleted, further reducing the risk of personal data capture. Heidi employs multiple security measures, including mandated industry-level encryption standards, regular audits, and real-time security monitoring to maintain the highest security standards.

What Are My Data Protection Rights?

Below is a list of your data protection rights:

  • Your right of access – You have the right to request copies of your personal information (known as a subject access request).
  • Your right to rectification – You have the right to ask us to correct any information you believe is inaccurate or to complete information you feel is incomplete.
  • Your right to erasure – You have the right to request the deletion of your personal information in certain circumstances.
  • Your right to restrict processing – You can ask us to restrict the processing of your personal information in certain situations.
  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You can request that we transfer the personal information you provided to another organisation, or directly to you, in certain circumstances.

If you feel there has been a data breach, you can contact your practice, which aims to formally respond to all requests within 30 days. If you are not satisfied with the outcome, you may contact the Information Commissioner’s Office for further advice.