Intelligent Workforce Solution (“IWS”)
Overview
Your employer (“we” or “us”) has implemented a tasking solution, Intelligent Workforce Solution (“IWS” or the “system”), that uses location data and location-powered scheduling algorithms to optimise resources and workflow and to provide information about the status of tasks, likely start and completion times and the causes of any delays. IWS enables us to optimise our internal processes so we can meet our patient care and performance goals.
You will be given access to a pool of smartphones (“Devices”) for you to use when doing your work. You must keep the Device safe and charged and carry it with you for the duration of your shift in accordance with our equipment policy in the Employee Handbook.
We have set out below details of what types of personal data we collect when using IWS, what it is used for and how long it is kept. We also describe the legal basis for collecting the data, who it is shared with and what your rights are.
Personal data we collect and how it is collected
- Information you provide directly
In the commissioning phase of IWS we may ask you to provide information:
- By which you may be personally identified, such as name, email address and telephone number (“personal data”).
- That is about you but individually does not identify you.
These data and their uses are outlined below:
Personal data collected | Retention Period | Business use |
Name (first and last) | 3 years | To allow system users to create, track and review tasks by name |
Phone number/extension | 3 years | To allow system users to communicate with each other |
Email address/Username* | 3 years | To allow users to access the system and communicate with each other |
User ID | 3 years | To allow the system to identify unique users |
Default location | 3 years | To set controls for regions in which task handlers can operate |
Skillset | 3 years | To enable tasks to be given to task handlers with relevant skills |
Permissions | 3 years | To control access privileges in the system |
Role | 3 years | To enable tasks to be assigned to the correct staff group |
Shift times | 3 years | To plan for and optimise availability of staff to complete tasks |
Table 1: Personal data we collect directly from you. *Authentication data required for you to access the system (normally email and password) will be kept for as long as you need access.
Additionally, we may collect:
- Information when you report a problem with the system.
- Records and copies of your correspondence (including email addresses and phone numbers), if you contact us.
2. Information we collect through automatic data collection technologies
When you use the system, it uses technology to automatically collect the following information:
Personal data collected | Retention Period | Business use |
Location data | ||
Location (within 1000m of premises) | Indefinitely | To establish if user is in the vicinity of the premises |
Location (within 400m of premises) | Indefinitely | To establish user’s likely entrance to premises |
On-site location | Indefinitely | To determine arrival/departure/dwell times for optimisation and analytics |
Sensor data (accelerometer, gyroscope, magnetometer, pressure gauge) | Indefinitely | To update signal maps used for location estimation |
Wi-Fi scan data | Indefinitely | To update signal maps used for location estimation and to estimate location |
BLE scan data | Indefinitely | To estimate location |
GPS data | Indefinitely | To estimate location outside to determine task response/ completion times |
Historical locations (not linked to task) | Indefinitely | To monitor app efficiency |
Semantic/physical/signal maps | Indefinitely | To estimate location |
Task handler data** | ||
Task-handler status (ready, on task, on emergency response, on ad hoc request, on break, in meeting, in/out of range, unavailable) | 3 years | To allow system to identify suitable task handler and to allow users to track task-handler status |
Historical locations (linked to tasks) | 3 years | To optimise task allocation using recent location data |
Any other data characterised as customer staff data | 3 years | To provide additional information about the task handler or other staff |
Tasking data** | ||
Task type | 3 years | To define tasks for users (eg patient move or blood move) |
Task details | 3 years | To identify specifics about task type |
Task priority | 3 years | To allow tasks to be prioritised |
Task status (unassigned, assignment in progress, in progress, paused, cancelled, pending approval, pending verification, completed) | 3 years | To allow portal users to track status of task |
Estimated time of completion | 3 years | To allow portal user to estimate completion time |
Actual time of completion | 3 years | To allow system users to track time taken to complete tasks |
Response time | 3 years | To allow customers to manage service level compliance |
Breach time | 3 years | To allow customers to manage service level compliance |
Time stamps for all task activities | 3 years | To allow the system to track the progress of tasks by time |
Notes (excluding patient notes) | 3 years | To allow system users to add additional instructions for a task |
Free text fields for task information | 3 years | To allow system users to add additional information about a task |
Task waypoints | 3 years | To inform the task handler about locations associated with task |
Task linkage information | 3 years | To allow users to identify tasks that are linked together |
Task ID | 3 years | To allow the system to identify a task by reference ID |
Task skillset | 3 years | To identify skillsets required for a given task |
Table 2: Personal information we collect automatically through your use of the system. ** Task handler data and tasking data are only visible to customer for 12 months.
Location information will include GPS data and sensor data from the Device (from the accelerometer, gyroscope, magnetometer, Wi-Fi, BLE beacon or pressure information). The IWS system will start to acknowledge GPS signals when the Device is within 1km of the premises and this frequency will increase the nearer you get. Once you enter the premises, the system will then use a combination of the sensor data and the building plan to work out your location which is then linked to room references inside the premises.
You should note that the Device will continue to determine your approximate location until you log out of your account. We recommend that you log off the Device if you leave the premises or when you have finished your shift.
Tasking information will include login/shift times, user state, task state and lapse times. This information is collected when you login to the system and when you are communicating, via the Device, with the person who is assigning tasks. For example, if you accept a task, IWS will track the status of the task and, among other things, how long it takes to be completed. At the end of your shift, when you log out, IWS will record when this happens.
Use of your personal data
We will use your personal data, during the commissioning of IWS, to make sure that the system is set up and functions properly. After commissioning, IWS will use that information, together with the location information it collects when you are using the system, to determine which tasks should be allocated to you. This process is automated but takes into account your work and skills group, location and availability. The system is designed to ensure that tasks are assigned to the right person, in the right place at the right time to improve productivity and enable better healthcare outcomes.
We will also use information collected by IWS to review task-completion data and to run reports. This provides an insight in work and task-completion patterns and allows us to optimise our internal processes. Reports will show aggregated data across a work group or team, or specific data relating to particular tasks or individuals. However, as IWS is a workforce efficiency tool, it is not designed specifically to manage individual performance and only in exceptional cases would it be used for that purpose.
Legal basis for processing
We process the personal data collected by the Device (i) to perform a task carried out in the public interest and (ii) in order to perform our contract of employment with you.
Sharing of your personal data
We will share your personal data with the supplier of IWS, Navenio Limited, who acts as a data processor on our behalf. We may also disclose your personal data to others where necessary in order to comply with any legal or regulatory obligations.
If you are located in the UK, your personal data will not be transferred outside the United Kingdom and the European Economic Area. If you are located elsewhere, your personal data will be securely stored in accordance with arrangements made with Navenio Limited.
Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and where they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Retention period
Unless we are under a legal obligation to retain information for a longer period, we will keep your personal data for no longer than is necessary for the purposes set out above under “Legal basis for processing”. The normal retention periods are as detailed in tables 1 and 2.
If we change the way we process your personal information or how long we need to keep it, we will notify you accordingly.
At the end of the retention period your personal data will either be deleted or anonymised.
Your rights
You are entitled to make a request to us to get access to your personal data.
If your personal data is inaccurate or misleading, you are entitled to request that we rectify the information.
Under certain conditions, you have the right (i) to request us to erase or restrict access to your personal data or (ii) to object to the processing.
You may also have the right to data portability and, where you do, we will provide you with your data in a suitable format at your request.
If you have any further questions about why and how we process your personal data or if you wish to exercise any of the rights described above, in the first instance please contact our Data Protection Officer.
If you have any concerns or complaints about the way your personal data is being handled, you may also contact the Information Commissioner’s Office online or by calling 0303 123 1113.