Group Group Group

Security & Privacy

How we keep your data safe

uMed aims to provide better access for patients and healthcare providers to participate in clinical research. To do this we process data to help match patients to the most suitable studies.

We put privacy and security first and our priority is to ensure that patients and healthcare providers have full transparency and control over the use of their data.

Find out more about how uMed processes data in our frequently asked questions below.

  • ISO9001:2015 certified
  • ISO27001:2013 certified
  • Compliant and exceeds the requirements of the NHS Digital Data and Security Protection Toolkit (ODS8k677)
  • Cyber Essentials Plus certification
  • HIPAA Compliant
  • To find out more contact us for a copy of our Information Governance White Paper.

Frequently Asked Questions

What does uMed do?

Patient participation in medical research is vital for the discovery of more advanced treatments. uMed partners with healthcare providers to deliver medical research opportunities that are most relevant for their patients.

This means we can offer you as the patient the opportunity to participate in research that matters most to you and where you can have the greatest impact.

Who has access to my data?

Under a Data Protection Agreement between uMed and your GP, uMed has access to some data from your health record.

Without access to this information, it would be impossible for us to find the most suitable patients for research studies that can help fight disease.

If you decide to participate in a particular research study we will always ask for your consent to share your data with a study nurse or trial site.

What information do you use?

Unless you have opted out of NHS data sharing, uMed receives the following information from your healthcare provider:

  • Name
  • Date of birth
  • NHS number
  • Phone number
  • Email address
  • Demographic area
  • Health record information
  • Correspondence between you and your healthcare professional, or between healthcare professionals about you
How are you using my data?

In order to provide relevant research opportunities to you and your healthcare provider we process patient data to our secure uMed Platform. The patient data typically includes name, identifiers, contact details, demographic data and relevant health record data.

We only process this data if you are identified as a potential candidate for a research study and we need to contact you on behalf of your healthcare provider to ask if you would like to participate.

You remain in charge of your data at all times and can opt out of contact, sharing data, or study participation at any time.

How do you keep my data secure?

The uMed Platform separates all identifiable information from your health data. Therefore your health data is anonymised and is never presented simultaneously with personally identifiable information (PII).

An encrypted link identifier is the only connection between the two which allows your GP to send you relevant opportunities based on this data.

Do you sell my data?

No, uMed uses your information only for the purpose of helping your healthcare provider to give you the best opportunities to participate in medical research.

What privacy rules do you follow?

uMed conforms to the requirements of General Data Protection Regulation (UK GDPR) that sits alongside the Data Protection Act 2018.

What are uMed's security measures?

uMed complies with the NHS Data Protection & Security Toolkit (ODS 8K677), ISO27001:2013, and is Cyber Essentials Plus Certified.

What will be involved if I consent to participate?

This will depend on the type of study being offered to you:

Cohort study (e.g Access-PD Parkinson’s Disease study) – In order to develop more advanced treatments, researchers need to collect information from patients over time to improve their understanding of how patients experience living with a certain condition.

When joining a Cohort study you will be asked to answer a short questionnaire and may then be offered a range of additional research opportunities most relevant for you.

Importantly, you can participate in these studies at home without needing to visit your GP/hospital and participating will not cost you anything. Additionally, to show our appreciation for your time, we may offer to make donations to a charity of your choice.

Clinical trial – Clinical trials look into how effectively new treatments work to reduce patients’ symptoms and improve their quality of life.
Participation may involve visit(s) to a GP/hospital site during the trial. For some trials you will be reimbursed for travel and possibly financially compensated for taking part.

How does uMed obtain my consent?

Acting as a data processor, uMed provides services to your GP practice. This includes contacting you on their behalf to offer you the opportunity to be part of studies that may be relevant to you.

uMed will seek consent on behalf of your GP practice to share relevant information with members of the team who are conducting the study. By giving consent, ‘signing’ ‘Yes’ on the screening consent question, you are consenting uMed to transfer this information from your GP to the Study Team.

Your consent is required before uMed passes your details to the Study. To provide informed consent you must understand the purpose of the Study (i.e. what questions they are seeking about), to whom the information will be sent, what the potential implications could be (i.e. an understanding that further information may be required from your GP, hospital records, etc) and the consent should be given freely.

You can withdraw consent by ‘signing’ ‘I do not consent’ on the screening consent question. You will also have the opportunity to withdraw consent when contacted by the Study or at any point during the life duration of the Study or after the Study is ended.

For more information, view our guidance on informed consent here.

Can I opt out?

You remain in charge of your data at all times and can opt out of contact, sharing data, or study participation at any time. Only your GP can process your opt-out form. Opt out of sharing your health records – NHS.

How much involvement will be required from me and my practice?

uMed has been developed to enable you and your practice to participate in medical research whilst removing the associated administrative burden.

Getting started – Our onboarding process takes on average 15 minutes and involves the review and signing of our data processing agreement and the provision of ODS codes. Our support team is available to help along the way and discuss any part of the process.

Participating in a study – Once set up, we will start presenting relevant study opportunities for your practice in our web-based application. To participate in a study we require you to review and approve study documents in our web app (~10 minutes).

uMed identifies and builds the list of eligible patients from your practice based on de-identified health record data. Our GCP trained nurse then reviews the patient lists on your behalf to ensure that no patients are contacted who are not eligible. Alternatively our web app allows a member of your practice staff to review and approve the list of patients identified as eligible for the study.

We also provide a dedicated patient helpline designed to support patients throughout the process, and reduce the pressure of incoming calls for your practice staff related to the study.

Won’t my practice have to spend a lot of time answering patient questions?

uMed provides a dedicated patient helpline designed to support patients throughout the process, and reduce the pressure of incoming calls for your practice staff related to the study.

How does uMed keep patient data secure?

uMed separates all patient identifiable information from health data. An encrypted link identifier is the only connection between these silos. The result is that patient identifiable information (PII) and health data are never simultaneously presented within the uMed platform to ensure the very highest standard of data protection.

Is uMed GDPR Compliant?

Yes, uMed conforms to the requirements of General Data Protection Regulation (UK GDPR) as well as the NHS Data Protection & Security Toolkit, ISO27001:2013, and is Cyber Essentials Plus Certified.

What data does uMed process?

To allow us to send communications to patients on your behalf we process patient data to our secure uMed Platform. This data includes names, contact details and demographics, as well as any communication back from patients such as answers to questionnaires or patient replies to text messages.

How does uMed send text messages?

We use FireText to send SMS messages. You can read the FireText privacy policy here.

What are the costs of uMed implementation?

uMed charges no fees to the practice to implement or maintain the platform.

What is a data processing agreement?

The agreement details how uMed will process data on behalf of the practice to support clinical studies. This includes processing to:

a) Match potential subjects in the practice population with study opportunities for review by the practice.

b) If approved by the practice, engagement of those patients on behalf of the practice to support recruitment, and data capture.

c) If approved by the practice, linkage of outcomes from the clinical record to the study CRF.

It is important to note that this is not a data sharing agreement. As a data processor, uMed cannot share or utilise practice data unless explicit permission is obtained from the practice (the data controller). In the same way, EMIS, Apollo, Accurx and other technology vendors cannot use practice data outside of that defined in their service agreement with practices.

Why is a data processing agreement required?

uMed provides services to the practice that support the execution of clinical studies. This requires an agreement between uMed and the practice in addition to usual research agreement between the study team and site.

How do patients opt out?

Patients remain in charge of their data at all times and can opt out of contact, sharing data, or study participation at any time. We will not contact patients who have registered for the national data opt out.

Does the uMed agreement affect other research my practice may be involved in?

No. uMed simply provides a technology service to support an array of academic and commercial studies, which can be both observational and interventional. There is no exclusivity and the practice is free to participate in other studies as normal.

Help & Support


Email us and we’ll endeavour to respond within two business days.


Monday - Friday
08:00 - 17:00

Working in Life Science and Research?

Book a complimentary demonstration

For a clear picture of how uMed could work for you, book a free session with our team.

Or get in touch

    First name

    Last name

    Company or Institution


    Direct Line

    Set time

    Select a preferred time for us to call you


    Thanks Robert, we’ll call you on 07338 238329 on Tuesday 27th July
    between 8am and 11am