Information Security

Kry/Livi believes that use of new technology, such as AI is critical in order for us to continue meeting our patients’ expectations on quality and availability. Kry/Livi is using AI based technology to provide better tools for our staff aiming to decrease their administrative workload and to minimise waiting times.  

In the UK we use AI based technology to decrease the amount of time which staff spend on administrative work, so that they can have more time with the patient. When you have a consultation, we use AI to create a text file (a transcript) generated from the dialog between the clinician and the patient, which helps to facilitate a number of administrative tasks, including to remind clinicians of action items discussed with the patient and to propose summaries and notes. The gathered information is always reviewed by healthcare staff, who make all decisions impacting patients, such as diagnosis, prescriptions, referrals, type of treatment and similar. We have systems in place aiming to remove all directly identifiable information about the patient, which the transcript may contain, such as name, NHS number, phone number or address is removed from the transcript before it’s processed by the AI system. The transcript is stored in Kry’s system for a week after the consultation for quality assurance purposes. 

As with all technology used by Kry/Livi, we take a number of legal and security measures before starting to use AI based technology. This includes reviews of technology suppliers, instructions for systems, tests and risk assessments around security and medical quality. Following implementation of the system, it’s carefully monitored to ensure it meets expectations and standards on performance, availability and confidentiality, and to enable detection and resolution of problems.   

Suppliers of AI technology are not allowed to use patient information as required to deliver their system and cannot use it to train their or otherwise improve their systems, for marketing or for similar purposes. 

You should keep your login information secure and not share it with anyone. Only use your own smartphone or tablet to use Livi, and do not access your account on any shared devices, for example a family tablet or company phone. Ensure you do not make a note of your login details on a shared device. 

All GP appointments should take place in a private place, never in a coffee shop, library or somewhere that’s open to the public. If it is difficult to find privacy, for example, you’re in the workplace longer than expected or you cannot find privacy away from others in the household, you can change your appointment within the app and book a time where you can find privacy.

You are only able to access the app using your device password, fingerprint or facial authentication (biometrics). If you do not have a password set on your device, you won't be able to use the Livi app.

All information concerning GP appointments is subject to strict confidentiality in accordance with national legal frameworks. Video consultations are not recorded and therefore not documented in any way aside from your updated medical records (held at your local GP surgery) as would be the case in an ordinary visit to a doctor.

We will never send personal information through email, text messages, push notifications or in any other marketing. All medical and personal information is kept within the app and shared with the GP only through the secure inbox.

All data at Livi is heavily encrypted. Your identity is verified using Onfido and your GP's identity is verified using their NHS smartcard.

You can read more about how Kry/Livi handles your information in our privacy notice.

1. What is the GDPR and what does this mean for me?

GDPR stands for the General Data Protection Regulation, which is a new, European-wide law that regulates how companies and organisations are allowed to handle the personal data of EU-residents. The GDPR came into effect on 25 May 2018.  

Don’t worry, this does not affect your use of Livi's services - your account with Livi still works as usual! However, you do now have the right to influence how your personal data is used. Your rights are described in detail in our integrity policy.

2. What is meant by “personal data”?

Personal data is any information relating to an identifiable individual. It can identify you as an individual directly or indirectly (i.e. in combination with other information) and  can include name, identification number, location data, or other factors specific to the physical, genetic, mental, economic, cultural or social identity of the person.

3. How does Livi handle my personal data? What type of security do you have?

Our goal is to always provide you with high quality healthcare and in order for us to do so, we collect personal data from you, as described above. Access to your data is restricted to the people providing you with the healthcare, or as part of our ongoing quality assurance and product development. We safeguard your personal data, and here at Livi we constantly work to ensure the continued security of our systems. We do this by utilising a combination of in-house experts, automatic and manual testing and regular audits by independent third parties.

4. What kind of personal data does Livi handle about me?

We handle basic contact details, such as your name, address, personal identification number and phone number. We also process medical data, submitted by you in the app.

5. So, where do you store my personal data?

Livi stores the majority of the personal data in our purpose built secure system. This system is hosted on servers provided by a third party that acts as data processor to us, located within the EU (primarily Ireland).

6. Does this mean you send my data outside of the EU?

We do not store any of your sensitive personal data (such as data relating to your health) outside of the EU. Occasionally, some of your personal data might be processed by our partners outside of the EU. If personal data is transferred to our partners outside of the EU, such transfer will only be conducted on the condition that the transfer is legal under applicable data protection laws.

7. For how long do you store my personal data?

When it comes to medical personal data, your clinical records are held through your local GP surgery on an NHS procured record system. None of your medical personal data is held through Livi.

Non-medical personal data will only be kept as long as necessary in order for us to provide the services in a satisfactory manner to you, in accordance with the GDPR, and other applicable legislation.

8. I would like to be “forgotten” and that you remove all my personal data from your systems. How do I go about it, how is this done and how long will it actually take?

When it comes to personal data such as the data provided when you signed into the Livi app, you are always free to contact our support function at support@livi.co.uk and we will assist you with your requests.

If you request to be forgotten, non-medical personal data will be removed from our systems as quickly as possible but no later than within thirty (30) days as of your request. We will notify you in writing and confirm which personal data has been erased and as per which date.

9. If I have further questions regarding personal data processing by Livi, who should I contact?

You are always welcome to contact us at support@livi.co.uk. We will do our best to assist you with your query.

Only the treating healthcare providers have access to your symptom descriptions.

Before the meeting, your healthcare provider will review the symptom descriptions you provided to prepare for your appointment.

You can always contact our Privacy team at privacy@kry.se if you have questions or concerns.