What is a Privacy Policy?
A Privacy Policy is a statement by an organisation to patients, service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose personal information which we hold. This privacy policy is part of our commitment to ensure that we process your personal information/data fairly and lawfully.
Why and how we collect information about you
The doctors, nurses and our team of healthcare professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care. They may be written down in paper records or held on computer.
Information is collected in a number of ways, via referral from your GP, other healthcare professionals or directly given by you.
Information is processed on the following legal basis:
The processing of your personal data in the delivery of direct care and supportive administrative purposes within our clinics and in support of direct care you maybe provided elsewhere is supported under the following article conditions of the General Data protection Regulation:
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
What information do we collect and hold about you?
We may collect and hold the following personal and sensitive information about you in the delivery of your care:
- Basic details about you such as name, address, date of birth, telephone number, email address etc
- Next of kin and carer details
- NHS number
- Contact we have had with you such as appointments or clinic visits
- Notes and reports about your health, treatment and care
- Results of tests
- Relevant information from people who care for you and know you well such as health professionals and relatives
This may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or wider health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.
How your personal information is used:
- To help inform decisions that we make about your care
- To ensure that your treatment is safe and effective
- To work effectively with other organisations who may be involved in your care
- To support the health of the general public
- To ensure our services can meet future needs
- To review care provided to ensure it is of the highest standard possible
- To train healthcare professionals
- For audit
- To contribute to statistics on local and national NHS performance
- To monitor how we spend public money
- To investigate any complaints that you raise
There is huge potential to use your information to deliver care and improve health and care services across the NHS and social care. The information can be used to help:
- Improve individual care
- Understand more about disease risks and causes
- Improve diagnosis
- Develop new treatments and prevent disease
- Plan services
- Improve patient safety
- Evaluate internal and NHS and Social Care policy
This helps you because:
- Accurate and up-to-date information assists us in providing you with the best possible care
- If you see another healthcare professional, specialist or another part of the NHS, they can readily access the information they need to provide you with the best possible care
- Where possible, when using information to inform future services and provision, non-identifiable information will be used
How long will we store your information for?
As a provider of NHS services, you data will be stored in line with the law and national guidance. For more information please refer to https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or contact us for further information
Who do we share personal information with?
To provide the best care possible, sometimes we will need to share information about you with others. We may share your information with a range of Health and Social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; and they will have a duty to tell you why they have contacted you. All information sharing is governed by specific rules and law.
We will share information with the following main partner NHS organisations:
- NHS Trusts and hospitals that are involved in your care
- Clinical Commissioning Groups and other NHS bodies
- General Practitioners (GPs)
- Ambulance Services
For your benefit, we may also need to share information from your records with non-NHS organisations, from whom you are also receiving care, such as:
- Social Care Services
- Education services
- Local Authorities
- The Police
- Voluntary sector providers
However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.
How we store your information and kept it safe?
Information is stored in secure electronic and paper records and access is restricted to only those who need to know.
The Data Protection Act 2018 and General Data Protection Regulation 2018 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. Communitas Clinics is registered with the Information Commissioners Office (ICO). Details of our registration can be found on https://ico.org.uk/esdwebpages/search Enter our registration number (Z2911737) and click ‘search register’.
Technology allows us to protect information in a number of ways, in the main by restricting access and operating within secure NHS systems and network connections. Our guiding principle is that we are holding your information in strict confidence.
Everyone working for Communitas is subject to the Common Law Duty of Confidentiality and the General Data Protection Regulation.
Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law. Under the NHS Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
All Trust staff are required to undertake annual training in data protection, confidentiality, IT/cyber security, with additional training for specialist, such as healthcare records, data protection officers and IT staff.
Disclosure of information
You have the right to restrict how and with whom we share the personal information in your records that identifies you. This must be noted explicitly within your records in order that all healthcare professionals and staff treating and involved with you are aware of your decision. By choosing this option, it may make the provision of treatment or care more difficult or unavailable. You can also change your mind at any time about a disclosure decision.
How you can access your records
The General Data Protection Regulation gives you a right to access the information we hold about you on our records. This is commonly known as a Subject Access Request.
If you require access to your records please download, complete and return a Subject Access Request Form which can be accessed here.
You will not be charged a fee pay a fee for most requests to access your information although a reasonable fee for administrative costs may be charged if a request is manifestly unfounded or excessive, for example, if it is repetitive. We will respond to your request within 30 calendar days from receipt of a signed copy of the completed Subject Access Request Form.
Subject Access Requests should be posted to our administration office or emailed to intermediate.services@nhs.net
Your right to complain
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.
You can submit a complaint through the Companies Complaints Procedure, which is available on our website or you can write to:
Communitas Clinics
The Complaints Department
83 Brigstock Road
Thornton Heath
Surrey CR7 7JH
If you remain dissatisfied with the decision following your complaint, you may wish to contact: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to the Trust. Their web site is www.ico.gov.uk
You have the right to complain to the Information Commissioner’s Office, you can use this online at https://ico.org.uk/global/contact-us/
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Additional Information
| Data controller
The Data controller responsible for keeping your information confidential is: Communitas Clinics Ltd Brigstock Family Practice 83 Brigstock Road Thornton Heath CR7 7JH Telephone: 0208 683 6734 Website: communitasclinics.nhs.uk |
Data Protection Officer
The Data protection officer DPOs assists in the monitoring of internal compliance and acts as a contact point for data subjects and the supervisory authority: DPO – Umar Sabat
Telephone: 0208 683 6734 Email: umar.sabat@nhs.net |