My Health and Wellbeing Clinic
My Health and Wellbeing Clinic is committed to the safe, ethical and responsible use of artificial intelligence (AI) to support clinical care, administration and service delivery. AI is used to enhance efficiency and quality of care but does not replace professional judgement. All clinical decisions remain the responsibility of a qualified healthcare professional.
AI systems are implemented in line with UK legislation, including the Data Protection Act 2018 and UK GDPR, and follow NHS standards such as the Digital Technology Assessment Criteria (DTAC) and NHS Digital Clinical Risk Management Standards. All AI use is subject to appropriate governance, clinical oversight and risk management.
AI supports care delivery but does not replace clinical judgement. All AI outputs are reviewed and validated by a clinician or appropriately trained staff member before being relied upon. AI systems are used only within their intended purpose and scope, and appropriate human oversight, monitoring and evaluation is maintained at all times.
AI systems used by the clinic comply with DCB0160 standards for deployment and use. Where systems are developed or configured internally, DCB0129 standards are followed. Where applicable, AI systems are treated as medical devices and must comply with Medicines and Healthcare products Regulatory Agency (MHRA) requirements, including UKCA or CE marking.
A Data Protection Impact Assessment (DPIA) is undertaken where processing is likely to pose a high risk, particularly when handling health data. A Clinical Safety Officer and designated clinical or digital lead oversee all AI-related activity. Systems are in place to report and learn from incidents, including significant event reporting, Learn from Patient Safety Events (LFPSE), and MHRA reporting where required.
AI is used to support administrative processes, communication and clinical decision-making. This may include ambient voice technology to transcribe consultations into structured clinical records, administrative AI tools such as Lyngo AI to support patient communication and appointment management, triage tools to assess urgency, and systems to assist with results processing.
Clinical decision support systems may assist clinicians in identifying possible diagnoses or investigations but do not make decisions independently. Generative AI may be used to draft clinical documents, referral letters and administrative correspondence, which are always reviewed before use. Predictive tools may be used to support operational planning, appointment scheduling and identification of potential patient needs.
All AI outputs are checked by a human before any clinical or administrative action is taken. AI systems are not used to make fully automated decisions that significantly affect patients without human involvement.
My Health and Wellbeing Clinic acts as the Data Controller for personal data processed through its services. AI providers, including Lyngo AI and ambient voice technologies, act as Data Processors and operate under legally compliant agreements. All third-party providers are subject to due diligence, including assessment of data protection, cyber security and contractual safeguards.
Personal data is processed lawfully, fairly and transparently. Only the minimum necessary data is used. Data is stored securely and retained only for as long as necessary in accordance with legal and clinical requirements. Where data is transferred outside the UK or EEA, appropriate safeguards are in place.
Patients are informed that AI may be used as part of their care and administration. This may include transcription of consultations, administrative support or clinical decision support. For direct care, implied consent applies where appropriate. Where required, explicit consent will be obtained. Patients have the right to ask questions, request further information or object to the use of AI where appropriate. Alternative non-digital options are available where possible.
All AI systems undergo clinical risk assessment before use. Clinical safety documentation including hazard logs, risk assessments and safety case reports are maintained. Risks are identified, assessed and mitigated before deployment. Staff are trained in the safe use of AI systems and in recognising their limitations. Systems are monitored continuously and reviewed following incidents or changes.
AI systems may produce errors, omissions or biased outputs. They may not fully reflect individual patient circumstances or clinical complexity. AI should not be relied upon as the sole basis for decision-making, and clinicians must exercise professional judgement at all times.
The clinic recognises risks such as bias, discrimination and unequal access. These risks are assessed and mitigated during procurement and use. Systems are monitored to ensure they do not disadvantage any group and to identify unintended consequences.
All incidents involving AI are reported and investigated. This includes errors, near misses and system failures. Learning from incidents is used to improve systems and processes.
Appropriate technical and organisational measures are in place to protect data. Access is restricted to authorised users and staff are trained in confidentiality and data protection. Any data breaches are managed in accordance with legal requirements.
Overall responsibility for AI governance lies with the clinic directors. Clinical governance processes include regular review of AI use, audits and quality improvement. The Clinical Safety Officer oversees safety and risk management. AI use is reviewed regularly to ensure it remains safe, effective and appropriate.
The clinic recognises that not all patients can access or use digital services. Alternative access routes such as telephone and in-person services are available. Access is monitored to ensure services remain inclusive and accessible.
Patients may raise concerns about the use of AI or their personal data. Complaints will be handled in line with the clinic’s complaints and data protection policies. Patients also have the right to complain to the Information Commissioner’s Office.
This policy is reviewed regularly and updated in line with changes in legislation, guidance and technology.