Privacy Policy
Last updated: March 2026
1. Who We Are
HomeCare Connects is a homecare prescription management platform developed and operated by Auxtechna Ltd. We provide this system to NHS trusts and healthcare providers ("your organisation") as a software service.
For the purposes of UK data protection law, your organisation (the NHS trust or healthcare provider that has licensed this system) is the Data Controller for patient and staff data processed within it. Auxtechna Ltd acts as the Data Processor on your organisation's behalf under a Data Processing Agreement.
Questions about this policy should be directed to your organisation's Data Protection Officer (DPO). To contact HomeCare Connects: info@homecareconnects.co.uk.
2. What Personal Data We Process
Patient data
- Identifying information: full name, date of birth, NHS number, address
- Contact details: telephone number, email address (where provided)
- Clinical data: diagnoses, allergies, current medications, prescription history
- Treatment data: dispensed items, delivery records, homecare order status
- Prior authorisation data: Blueteq authorisation codes and dates (where applicable)
- Portal access: email address and encrypted password (patient portal users only)
Staff data
- Name, work email address, job role, ward or team assignment
- System access logs and audit trail entries
- Authentication credentials (encrypted; passwords are never stored in plain text)
3. Legal Basis for Processing
| Data type | Legal basis |
|---|---|
| Patient clinical and prescription data |
Article 6(1)(e) — performance of a task in the public interest; Article 9(2)(h) — medical diagnosis, treatment and management of health care systems |
| Staff personal data | Article 6(1)(b) — necessary for the performance of a contract (employment) |
| System audit logs | Article 6(1)(c) — compliance with a legal obligation (NHS Records Management Code of Practice) |
4. How We Use Your Data
- Managing homecare prescriptions from prescribing through to dispensing and delivery
- Enabling clinical pharmacists to conduct clinical checks on prescriptions
- Facilitating communication between NHS trusts and homecare dispensing suppliers
- Providing patients with a secure portal to view their prescription and delivery status
- Maintaining audit trails for clinical governance and regulatory purposes
- Sending prescription and status notifications to patients (where consent has been given)
Your data is never used for marketing, profiling, or sold to third parties.
5. Who We Share Data With
- Homecare dispensing suppliers — prescription and patient details are transmitted to the dispensing supplier appointed by your organisation, to enable dispensing and delivery of homecare medicines.
- NHS systems — where integrated, data may be verified against NHS national systems (e.g. NHS CIS2 identity service for staff authentication).
- Auxtechna Ltd (system operator) — as data processor, Auxtechna Ltd has access to the system infrastructure for support, security monitoring, and maintenance purposes only, under contractual obligations.
- Hosting provider — the system is hosted on Railway (Railway Corp), a cloud infrastructure provider. Data is stored within their infrastructure under standard data processing terms.
No patient data is transferred outside the UK.
6. How Long We Keep Your Data
Your organisation, as Data Controller, sets retention periods in line with the NHS Records Management Code of Practice. As a general guide:
- Adult patient records — minimum 8 years after last treatment
- Children's records — until the patient's 25th birthday (or 26th if treatment ended at 17)
- Mental health records — minimum 20 years after last contact
- Staff access logs and audit trails — minimum 8 years
When your organisation's contract with HomeCare Connects ends, data will be exported and deleted from the system in accordance with the Data Processing Agreement.
7. Your Rights
Under UK GDPR you have the following rights:
- Right of access — you can request a copy of the personal data held about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to restriction — you can ask us to restrict processing in certain circumstances
- Right to object — you can object to processing based on public task or legitimate interests
- Right to data portability — where processing is based on consent or contract and is automated
- Right to erasure — in certain circumstances (note: this right is limited for health records subject to legal retention obligations)
To exercise any of these rights, contact your organisation's Data Protection Officer. Patient portal users may also update their contact details directly within the portal.
8. Cookies
This system uses only strictly necessary cookies. These are required for the system to function and are exempt from cookie consent requirements under the UK Privacy and Electronic Communications Regulations (PECR).
| Cookie | Purpose | Duration |
|---|---|---|
.AspNetCore.Identity.* |
Secure authentication session | Session / sliding expiry |
.AspNetCore.Antiforgery.* |
Protection against cross-site request forgery (CSRF) | Session |
.AspNetCore.Session |
Server-side session state | Session |
No tracking, analytics, advertising, or third-party cookies are used.
9. Security
We implement appropriate technical and organisational measures to protect personal data, including encrypted data transmission (TLS), bcrypt password hashing, role-based access controls, comprehensive audit logging, and automatic session timeouts. Access to production data is restricted to authorised personnel only.
10. Changes to This Policy
We may update this policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of the system after an update constitutes acceptance of the revised policy.
11. How to Complain
If you have concerns about how your data is being handled, please contact your organisation's Data Protection Officer in the first instance.
You also have the right to lodge a complaint with the
Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113