Skip to main content

This site is best viewed with a modern browser. You appear to be using an old version of Internet Explorer.

Consent for treatment

We are rolling out a digital consent application supplied by Concentric Health, to improve the consent process and support shared decision-making.


  • Fewer errors on consent forms
  • Improved documentation of the consent process
  • Consent can be given remotely
  • Better patient experience and understanding of decisions about their care
  • Greater efficiency
  • Reduction in cancellations and delays
  • Reduction in the use of paper forms

Concentric Health

Concentric Health is a UK-based company, registration number 10733991, with headquarters in Cardiff, Wales.

Concentric Health
Maindy Road
Cardiff CF24 4HQ

Concentric is a digital consent to treatment application used by Oxford University Hospitals to share consent information with patients and document consent to treatment.

This will replace paper consent forms.

Personal data

Personal data are held within Concentric, following either manual entry by a clinician or integration with the electronic patient record (EPR) used by the Trust.

Together with clinical information, these data form the consent information about a proposed treatment, and allow this to be shared with a patient and consent to be documented.

After reviewing the information provided, the patient can document their consent to the proposed treatment or ask their healthcare professional for further information.


Genuine communications from your clinician via Concentric will arrive either as an email from


or as an SMS text message from a mobile contact named


Data handling


Concentric Health uses Google Cloud Platform (GCP) for all hosting and data processing, within a data centre in the UK. GCP is compliant with all healthcare information governance requirements.

Once the consent episode is completed, a pdf version of the consent form is automatically transferred into the Trust's electronic patient record systems.


All data are protected following industry best practice with regard to access controls and encryption.

The Trust manages clinician's access and password strength rules are enforced. Patients are sent an email with a unique link and are required to enter their date of birth in order to verify their identity.

All data are stored using leading encryption methods and transferred securely.

Collection and processing

The following personal data are processed:

  • title (optional)
  • given name
  • family name
  • date of birth
  • gender
  • patient identification number (e.g. NHS / hospital number)
  • contact details (optional, either or both of email address and mobile phone number).

These data are required for clinical safety purposes, as (with the exception of contact details) they need to be displayed on-screen during all clinical interactions.

It is best practice to share consent information with patients, and therefore contact details may be stored to allow communication of the consent information digitally.

The following special category data (i.e. data relating to health) are also processed:

  • name of treatment
  • indication and purpose of treatment
  • alternatives
  • anaesthetic options
  • risks discussed
  • names and job titles of clinicians providing care.

This information is required as it forms part of the record of consent.

Data controller

Oxford University Hospitals is the data controller, with Concentric Health processing data on the organisation's behalf.

There is an agreement in place between the Trust and Concentric Health regarding the appropriate processing of data (Data Processing Agreement), and a Data Protection Impact Assessment (DPIA) has been undertaken and approved by the Trust's Information Governance Team.

DPIA considerations included:

  • how data are protected
  • how long data are stored
  • how data subject rights are met.
Last reviewed:09 May 2024