Data Protection Policy

‍

Background

This practice’s primary purpose is to provide the best care possible for you. In order to do this we need to collect, store and share information about you.

This privacy notice is designed to explain what happens to any personal data that you give us or any information concerning you that is collected by other organisations, for instance, if you attend an Accident and Emergency department. This includes how your data is held and/or processed by us.

This notice includes:

• Who we are and how we use your information
• The kinds of information we hold and process
• The legal grounds for processing your personal data, including when it is shared with others
• What to do if your personal information changes
• The length of time that your information is stored and retained by us
• Information about your rights under the 2018 Data Protection Act incorporating the General Data Protection Regulations (GDPR)
• Information about our Data Protection Officer and Caldicott Guardian how to contact them

Under the 2018 Data Protection Act, the practice is known as the Data Controller. As such we are responsible for keeping your data up to date and accurate, as well as storing it and sharing it securely. If you have a question or a problem, please contact the Practice Manager in the first instance. The Act stipulates also that public sector organisations should provide access to an independent Data Protection Officer and their contact details are provided in the summary below.

‍

‍

The information we hold on you

Our practice keeps data on you relating to who you are, where you live, contact details, what you do, possibly your habits, your problems and diagnoses, the reasons you seek help, your appointments, if you have a carer, where you are seen and when you are seen, who by, referrals to specialists, tests carried out here and in other places, investigations and scans, treatments and outcomes of treatments, your treatment history, the observations and opinions of other health care workers within the NHS as well as comments and aide memoires reasonably made by healthcare professionals in this practice who are appropriately involved in your health care. All of this data helps us in providing you with the best possible care.

All health related data is seen as ‘special category’ or ‘sensitive data’ under the 2018 Data Protection Act which means that it is shared and processed with particular care. This applies to your data whether it is in electronic formats or on paper.

When registering for NHS care, all patients who receive NHS care are registered on a national database, the database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.

‍

‍

Why we hold and process your data

We hold and process your data in order to provide you with direct care. Anonymised and pseudonymised patient data, in other words data that cannot be used to identify you is also used to:

• Improve the quality and standard of care that we and other organisations provide
• Researching and developing new treatments
• Preventative treatment of illness and disease
• Monitoring standards of patient safety
• Planning future services.

Further details are provided below. You also have a choice over whether you wish to use your confidential data – i.e. data that CAN be traced back to you for these purposes. If you are content with this then you do not need to do anything. If you are not sure or wish to opt out, please see section on Opting-Out of Research and Planning below.

‍

‍

Who we share information with.

As Interface Specialist Care Ltd, we cannot provide all your treatment ourselves, so we need to delegate this responsibility to others such as GPs or hospitals.

If your care requires treatment outside the practice, we will exchange with those providing such care and treatment whatever information may be necessary to provide you with safe, high quality care. The practice also delivers services and treatment to our patients as part of, and in association with local primary care networks and beyond.

The sharing of data, within the practice and with those others outside the practice is assumed and is allowed by law (including the Data Protection Act 2018) however; we will gladly discuss this with you in more detail if you would like to know more.

We have an overriding responsibility to do what is in your best interests under the 2018 Data Protection Act ‘in performance of a public task’ (see legal bases in the summary below). The Practice team (clinicians, administration and reception staff) only access the information they need to allow them to perform their function and fulfil their roles. The summary also contains details of your rights in relation to your data under the Act and how to exercise them.

Interface Specialist Care Ltd does NOT share your data with insurance companies, except by your specific instruction or consent.

Your data is NOT shared for any marketing purpose.

‍

‍

Communication with Patients

Interface Specialist Care Ltd will use your contact details in order to inform you of progress in your treatment or to work with you in managing your health. Because we can communicate and get data to you more quickly and more securely, we prefer to use email and/ or text messaging services. Please ensure that we have your current email address and mobile telephone so that we can do this. If you would prefer us NOT to communicate with you in these ways, please let us know.

‍

‍

Safeguarding and the Caldicott Guardian

Interface Specialist Care Ltd is dedicated to safeguarding all its patients, including children and vulnerable adults. This means that information will be shared by the practice in their best interests. Such decisions are the ultimate responsibility of the practice’s Caldicott Guardian. The Caldicott Guardian is the senior person - always a doctor and often a partner within a practice- responsible for protecting the confidentiality of people’s health and care information. The duty to share data for the benefit of individuals is as important as the duty to protect patient confidentiality and actions taken as a result of safeguarding concerns will override data protection.

‍

‍

Risk Stratification

Electronic tools of prediction, based upon algorithms and artificial intelligence are used within the NHS to determine a patient’s future risks and treatment needs. Wherever we can, we want to prevent admissions to A&E and secondary care which would be otherwise necessary. Such preventative care may, for instance, use these tools to determine the risk and consequence of a future fall in an elderly patient. However, under the 2018 Data Protection Act, you do have the right to opt out of having your data processed in such automated ways. If you wish to opt out of this, please contact the practice.

‍

‍

Research and Planning

Interface Specialist Care Ltd takes part in research that uses anonymised or pseudonymised data. This means that patient data cannot be traced back to individuals and is therefore no longer personal data under the 2018 Data Protection Act.

Anonymised or pseudonymised patient data held by the practice may also be used to evaluate present services that provide direct care or to plan future ones within the practice or across the local area.

‍

‍

Opting-out from Research and Planning (The National Data Opt-out)

You can opt-out from having your confidential data (i.e. data that can identify you) being used for purposes beyond direct care, such as research and planning.  To this you need to access www.nhs.uk/your-nhs-data-matters on-line and read the information and follow the instructions if you wish to opt out. This opt-out is recorded against your NHS number on the NHS ‘spine’.

There are some situations where the opt-out will not apply. These include:

• Situations where data is needed in the “public interest”, e.g. in cases of epidemic where communicable diseases need to be diagnosed and the spread of their infection prevented or controlled;
• To manage risks of infection from food or water supplies or the environment.

You can find out more about how your patient information is used at https://www.hra.nhs.uk/information-about-patients/ and https//understandingpatinetdata.org.uk/what-you-need-know.

Please note that you can change your choice at any time.

All health and care organisations have until 2020 to put systems and processes in place to be compliant with the provisions of the national opt-out and apply your choice to your data. This practice is currently compliant with the national data opt-out policy.

‍

‍

How is your information stored?

Interface Specialist Care Ltd stores the main patient record via a contracted data processor in the cloud. The contracted processor for the Interface Specialist Care Ltd is Amazon Web Services.

‍

‍

How long is the information retained?

The medical record is retained at the patient’s practice for the lifetime of the patient, after which it is sent to Primary Care Services England (PCSE). If you move to another practice your records will be transferred to that practice.

‍

‍

Summary

‍