uMed nurse patient support team
If you have further questions about uMed or a study you’ve been invited to please contact our patient support team.
uMed is a company that acts on behalf of your GP practice to support the delivery of best practice care as well as increase the number of medical research projects that are offered by the practice. uMed does this using a technology platform alongside a team of medical staff to streamline the process of engaging patients with opportunities specific to them.
We are working on behalf of your GP practice, and they will be using our technology platform to deliver targeted health education and questionnaires to you, as well as presenting you with potential research relevant to you. uMed does this by sending SMS, letters, or emails that your GP practice has approved. uMed also has a team of medically trained staff who can provide additional advice to patients for each of the programmes we support.
uMed platform is fully integrated with EMIS and System One through the Message Exchange for Social Care and Health (MESH) NHS Digital approved system.
Our software is approved and audited by NHS Digital Data Security, and Protection Toolkit assured (ODS8K677), ISO27001:2022 and ISO9001:2015 certified, UK Government’s Cyber Essentials Plus, Crown Commercial Service approved supplier, and UK GDPR compliant.
Unless you have opted out of NHS data sharing, uMed receives the following information from your healthcare provider:
- Name
- Date of birth
- NHS number
- Phone number
- Email address
- Demographic area
- Health record information
- Correspondence between you and your healthcare professional or between healthcare professionals about you
We pseudonymise this data early (e.g., separating identifiers from health records) to ensure it’s not identifiable during screening, reducing any risk of misuse.
Health data collected from you and your healthcare provider record system will only be used for the research study, and not for any other purpose.
We obtain your consent to use this data when you sign up for the study, and this consent includes allowing the study team to share de-identified data (meaning patients will not be identifiable from this information) with external research organisations. The study protocol, including data sharing provisions has been reviewed by independent ethics committees in the US and UK.
Pre-consent, your data is used only to check eligibility for studies (e.g., matching diagnoses via SNOMED-CT codes), with pseudonymisation to prevent identification. No data is shared or used for anything else, like marketing, and all steps are GP-approved and ethics-reviewed.
The uMed Platform separates all personally identifiable information (PII) from your health data. Identifiable details are securely stored and may only be accessed by authorised personnel for legitimate and approved purposes. Your data is pseudonymised wherever possible, ensuring that your identity is protected at all times.
An encrypted link identifier is the only connection between the two, which allows your GP to send you relevant opportunities based on this data.
We meet and exceed the highest standards of safety and security, as set by NHS bodies and the government. We go through assurance processes for these, and we regularly go through security checks conducted by independent experts.
We use AES-256 encryption at rest and in transit (TLS 1.2), multi-factor authentication, and firewalls to protect against unauthorized access. Regular audits and penetration tests (Cyber Essentials Plus) ensure no misuse.
uMed is committed to making our platform and services as accessible as possible in line with the Equality Act 2010 and Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards.
Our platform supports keyboard navigation, resizable text, and alternative text for images, enabling participation for users with visual, motor, or cognitive impairments. However, as with any digital service, some limitations may exist depending on individual device configurations or third-party integrations (e.g., specific questionnaire formats). If you encounter barriers, we offer flexible alternatives such as telephone or video-assisted completion of questionnaires, guided by our medically trained support team.
We pseudonymise data right away, replacing identifiers with codes so your personal details aren’t visible during analysis. Only minimal info (e.g., contact for invitations) is used by GP-approved staff, and nothing is shared without your consent.
Your GP signs a data processing agreement with uMed, that legally allows your GP or Doctor to share your data on your behalf in order to provide you with individualised care and offer you research opportunities to take part in. This is also the legal basis for us to process your data on behalf of your GP or Doctor (the controller of the data).
Data is provided to uMed by GPs, in order to provide a service under a Data Process Agreement. uMed cannot use the data for research purposes itself, only under the direction of the data controller (GP), who may agree to participate in a specific study that may require CAG approval.
uMed, acting on behalf of Providers, ensures that the duty of confidence owed to patients is upheld in line with NHS data protection and information governance requirements. The uMed Platform maintains strict separation between personal identifiers and health data. Access to identifiable information is limited to authorised personnel who require it for specific, legitimate purposes — such as contacting patients as part of approved studies or performing regulated data linkage activities — and is conducted under robust technical, organisational, and contractual controls.
Where uMed’s clinical support team contacts patients, this occurs as a subcontracted extension of the Provider’s direct care team, in accordance with established precedent and implied consent for direct care. All other processing involving patient data follows an applicable legal basis under UK GDPR, ensuring compliance with NHS rules on data protection and confidentiality.
Patients remain in charge of their data at all times and can opt out of being contacted, sharing data, or participating in studies at any time. We will not contact patients who have registered for the NHS national data opt-out. More information can be obtained on Opt-Out of sharing your health records-NHS.
No, uMed uses your information only for the purpose of helping your healthcare provider deliver your primary care or to give you the best opportunities to participate in medical research under the direction of your GP practice.
uMed will never share health record data with another organisation unless instructed by your GP practice in a manner consistent with UK GDPR and the Common Law Duty of Confidentiality.
No, patients will not receive any payment. However, we may allocate donations to relevant disease charities if we ask you to undertake additional tasks for the study such as completing longer questionnaires.
We will also keep you updated on the outcomes of research that uses your data and show you how your contribution is improving the lives of others living with disease.
If you choose to engage with a particular study, you will be presented with detailed information about the study, including what is involved and if the study requires your health data to be shared with another organisation. It is entirely your choice whether or not to be a part of the study, and if you decide not to participate, it will have no impact on the care you receive from your GP practice.
If you have any questions, please do not hesitate to contact uMed at patientsupport@umed.io or +44 (0) 808 304 9869, and one of our dedicated team members will speak to you.
