GDPR Privacy Notice for Patients
Data Controller: LHM Healthcare Ltd.
Data Protection Officer: Philip Sayers (Registered Manager)
How and why we keep information about you and how you can choose who sees it
The General Data Protection Regulation (GDPR) is a single EU-wide regulation May 2016 and it entered into force in the UK on the 25th May 2018, repealing the Data Protection Act (1998). For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) and the Data Protection Act 2018 the company responsible for your personal data is LHM Healthcare Ltd. (data controller).
This Notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
How we use your information and the law
LHM Healthcare is what’s known as the ‘Controller’ of the personal data you provide to us.
We collect basic personal data about you, which does not include any special types of information or location-based information. This does however include your name, address and contact details such as emails and mobile numbers etc.
During the services we provide to you, and or linked to your healthcare through other health providers, or third parties we will also collect sensitive confidential data known as “special category personal data”. This is in the form of health information, religious belief (if required in a healthcare setting) ethnicity, and sex.
Why do we collect information about you?
In order to support your care, our health professionals maintain records about you. We take great care to ensure your information is kept securely, that it is up to date, it is accurate and used appropriately. All of our staff are trained to
understand their legal and professional obligations to protect your information and will only look at your information if they need to. They will only look at what they need to in order to do things like book you an appointment, give general health advice, provide you with care and if necessary refer you on to other services.
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.
What information do we hold about you?
- Your DOB / age, contact details including address and telephone numbers, and next of kin.
- Carers, emergency contacts.
- Details of your appointments, clinic visits etc.
- Records about your health, illness, treatment and care.
- Results of investigations, like laboratory tests, x-rays, etc.
- Information from other health professionals, relatives or those who care for you.
Your records are used to facilitate the care you receive to ensure you are provided with the best possible care. Your Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the unit for clinical audit to monitor the quality of the service provided.
How do we lawfully use your data?
We need to know your personal, sensitive and confidential data in order to provide you with healthcare services as a General Practice. Under the General Data Protection Regulation we will be lawfully using your information in accordance with:
Article 6, “e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”
Article 9, “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems”.
This Privacy Notice applies to the personal data of our patients and the data you have given us about your carers/family members.
When is your information shared?
We will only use or pass on information about you to other health professionals to support your care. If we feel that it is in your best interests to share your information with someone else, e.g. Social Care or a Voluntary Organisation, that could support you we will ask your permission to do so. Everyone who has access to your information is required by law to keep it confidential. We will not disclose your information to anyone else without your permission unless in exceptional circumstances e.g. a life or death situation. We are also required by law to share certain information such as infectious diseases that may put you or others at risk or where a Court has decided we must.
Who are our partner organisations?
We may share your information, subject to strict agreements on how it will be used, with the following organisations:
- NHS Trusts / Foundation Trusts (hospitals)
- Other Hyperbaric units, who are involved in your care.
- NHS Commissioning Support Units
- Clinical Commissioning Groups
- NHS England (NHSE) and NHS Digital (NHSD)
- Other ‘data processors’ which you will be informed of
You will be informed who your data will be shared with and in some cases asked for consent for this happen when this is required.
You have the choice to share or not to share
You can ask for all or some of your information not to be shared outside of our unit. If you decide not to share at all this will not affect your entitlement to care. However, it may result in the delivery of your care being less efficient as other health professionals will not see your full medical history. If you have any concerns about how your information is shared or held, please contact the Patient Administration Manager. If you dissent to share your information outside the unit please make this clear by speaking to LHM Healthcare’s duty doctor who will make the necessary arrangements.
How your records are stored
Our company uses the Trust’s electronic clinical records programme called Cerner which is where all of your information will be stored unless we hold paper records about you which will remain on paper (see next section). Other services within our host Trusts that use Cerner will ask your permission to see your information when they first see you.
All access to Cerner is controlled via NHS smartcards and password. The data is stored off site in an NHS secure location and is only available on the Trust’s computers with access via a smartcard.
We also have archived paper records. These are stored in a secure records archive in our Units that can only be accessed by staff with appropriate security access. Information from these records are summarised onto the clinical IT system.
All the personal data we process is processed by our local staff and is but may also be located on the BartsHealth Trust’s secure server.
No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.
We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records Management Code of Practice for health and social care and national archives requirements. More information on records retention can be found online at: https://digital.nhs.uk/article/ 1202/Records-Management-Code -of-Practice-for-Health-and-Social-Care-2016)
Right to portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. Doing this enables you to take advantage of applications and services that can use this data in a number of ways. The right only applies to information an individual has provided to a controller.
When you are discharged from our facility your electronic records are closed and may only be accessed by LHM staff with valid reasons. Your paper records are archived by LHM Healthcare and held in the facility for 10 years.
Access to your health information
You have a right to access or view information LHM Healthcare holds about you, and to have it amended or removed should it be inaccurate. You can make what is called a ‘Subject Access Request’ and we will:
• describe the information we hold about you
• tell you why we are holding that information
• tell you who it might be shared with
• at your request, provide a copy of the information in an easy to read form There is no charge to have a copy of the information held about you.
• We must respond within one month of the request
• You will need to provide identification
If you would like to make a ‘Subject Access Request’, you can request electronically or in person by completing the Trust’s ‘Access Request Form’ held by the Trust’s Access to Healthcare Records department.
Can my information be used for any other reason?
The NHS currently uses your information in an anonymous and safe way to:
• protect the health of the public
• help us anticipate, plan and provide care
• audit and monitor the quality of services provided
Information used for these purposes will not identify you but if you would like further details about this, or if you do not want us to use your information in this way, please contact the Data Protection Officer/Patient Administration Manager.
What should you do if your personal information changes?
You should tell us so that we can update our records. Please contact our Patient Administration Manager as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number). LHM Healthcare will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.
Objections / Complaints
If you are happy for your data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything. If you have any concerns about how your data is managed or shared, then please contact the Practice Data Protection Officer. If you are still unhappy following a review by LHM’s Data Protection Officer, you have a right to lodge a complaint with a supervisory authority. UK supervisory Authority as below:
Tel: 01625 545745