Patient confidentiality,
by design

ReflectioEM was built with patient confidentiality as a foundational requirement — not a feature added later. Every part of the application has been designed to protect against the inadvertent disclosure of patient identifiable information.

ReflectioEM is designed in accordance with NHS Information Governance principles, GMC confidentiality guidance, and the Caldicott Principles — with automated confidentiality safeguards and mandatory user attestation built into every submission.

Core principles

Privacy by design

Privacy is embedded into the architecture from the ground up, as required by Article 25 UK GDPR.

Data minimization

Only the minimum data necessary to generate educational content is ever processed — aligned with Caldicott Principle 3.

No persistent storage

No clinical text or images are stored on any server. Photos are deleted immediately after processing.

User accountability

Mandatory attestation before each submission maintains professional responsibility, in line with GMC guidance.

Our commitments to you

Patient identifiable information is automatically detected and removed before any content is generated. This covers both direct identifiers — names, dates of birth, NHS numbers — and indirect identifiers that could make a patient recognisable without explicit personal details.
No clinical text, images, or case descriptions are stored on any server. What you type stays on your device unless you choose to save it locally.
Photos uploaded to the app are processed on your device and deleted immediately. They are never transmitted or stored anywhere.
Where content is sent externally for generation, it is anonymised first, transmitted securely over HTTPS, and not retained after the response is returned.
The AI model that generates your content is explicitly instructed never to reintroduce patient identifiers — including subtle or indirect ones — in its output.
No analytics, advertising, or third-party tracking services are used within the application.

Your responsibility

The automated safeguards in ReflectioEM are a technical failsafe — not a substitute for professional responsibility. Under GMC confidentiality guidance, the duty to protect patient information rests with you as the clinician.

Every form displays this reminder:

⚠️ Do not include patient identifiable information (e.g. name, date of birth, address, exact location). This tool follows NHS, GMC and Caldicott confidentiality guidance.

And every submission requires your confirmation:

I confirm that no patient identifiable information has been included in this submission, in accordance with my professional and legal obligations under UK data protection law and GMC confidentiality guidance.

Strong, ARCP-ready content can always be generated from fully anonymised clinical descriptions. You do not need to include any patient identifiable information to get excellent results.

Regulatory alignment

ReflectioEM is designed to align with the following frameworks and professional standards:

NHS Information Governance Caldicott Principles GMC Confidentiality Guidance (2017) UK GDPR Article 25 ICO Privacy by Design Data Protection Act 2018 RCEM ePortfolio Standards

For full details of how data is processed, transmitted, and retained, please contact reflectioem@gmail.com.

Patient confidentiality,by design