What is a privacy notice?
A Privacy Notice is a statement by the Trust to patients, service users, visitors, carers, the public, and staff, that describes how we collect, use, retain and disclose personal information which we hold.
Why issue a privacy notice?
Cambridgeshire Community Services NHS Trust recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties.
This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open, and commitment to our values of Honesty, Respect, Empathy and Ambition.
This notice also explains what rights you have to control how we use your information.
Who are we?
iCaSH is one of a wide range of integrated health services provided by Cambridgeshire Community Services NHS Trust (CCS).
We serve a population across four counties and we employ over 2,000 staff covering a range of expertise and specialisms
We are the Data Controller for the information which we hold.
Our Head Office address is Cambridgeshire Community Services NHS Trust Unit 3, Meadow Lane, St Ives, Cambs, PE27 4LG.
Our Data Protection Officer is our Information Governance Manager and they can be contacted on: 01480 308222 or Ccsfirstname.lastname@example.org
Why and how we collect information
We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment. This is to support the provision of high quality care.
These records may include:
- Basic details, such as name, address, date of birth, next of kin.
- Contact we have had, such as appointments and home visits.
- Details and records of treatment and care, including notes and reports about your health
- Results of x-rays, blood tests, etc.
- Information from people who care for you and know you well, such as health professionals and relatives.
It may also include personal sensitive information such as:
- your religion or beliefs, and
- whether you have a disability, allergies or health conditions.
It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.
Information is collected in a number of ways, via your healthcare professional, referral details from your GP or directly given by you.
How we use information
- To help inform decisions that we make about your care.
- To ensure that your treatment is safe and effective.
- To work effectively with other organisations who may be involved in your care.
- To support the health of the general public.
- To ensure our services can meet future needs.
- To review care provided to ensure it is of the highest standard possible.
- To train healthcare professionals.
- For research and audit.
- To prepare statistics on NHS performance.
- To monitor how we spend public money.
It helps you because;
- Accurate and up-to-date information assists us in providing you with the best possible care.
- If you see another healthcare professional, specialist or another part of the NHS, they can readily access the information they need to provide you with the best possible care.
Where possible, when using information to inform future services and provision, non-identifiable information will be used.
There is huge potential to use your information to deliver care and improve health and care services across the NHS and social care. The information can be used to help:
- Improve individual care.
- Understand more about disease risks and causes.
- Improve diagnosis.
- Develop new treatments and prevent disease.
- Plan services.
- Improve patient safety.Evaluate Government, NHS and Social Care policy.
How information is retained and kept safe?
Information is retained in secure electronic and paper records and access is restricted to only those who need to know. It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded;
- by removing your identifying information,
- using an independent review process,
- adhering to strict contractual conditions and
- ensuring strict sharing or processing agreements are in place.
The GDPR and Data Protection Act 2018 regulate the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.
Cambridgeshire Community Services NHS Trust is registered with the Information Commissioners Office (ICO). Details of our registration can be found on https://ico.org.uk/esdwebpages/search
Enter our registration number (Z2187662) and click ‘search register’.
How do we keep information confidential?
Everyone working for the Trust is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law.
Under the NHS Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
All Trust staff are required to undertake annual training in data protection, confidentiality, IT/cyber security, with additional training for specialists, such as healthcare records, data protection officers and IT staff.
Teaching clinicians - Some medical files are needed to teach student clinicians about rare cases. Without such materials, new doctors and nurses would not be properly prepared to treat you.
Clinical placements - Clinical placements for students commonly take place within the NHS.
Students, such as student nurses, medical students, social work students, could be receiving training in the service that is caring for you. This may be when you are in a community setting such as a day hospital, or when you are being visited by health or staff at home.
If staff would like a student to be present they will always ask for your permission before that meeting or episode of care. The treatment or care you receive will not be affected if you refuse to have a student present during your episode of care.
Occasionally, for assessment purposes, students may request that their supervisor be present. You may refuse this if it makes you feel uncomfortable.
Who will the information be shared with?
To provide best care possible, sometimes we will need to share information about you with others.
We may share your information with a range of Health and Social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you.
We will share information about you if:
- you ask us to do so
- you consent to us sharing your information
- a formal court order has been served on us
- to assist the police in the prevention and detection of crime
- to protect children and vulnerable adults
- we have special permission for health and research purposes (granted by the Health Research Authority) or
- it's for the health and safety of others, for example to report an infectious disease such as meningitis or measles
- you order an iCaSH Express Test, when the information you provide will be passed to our (third party) lab provider, who will process this information in line with the requirements of confidentiality.
We work with a number of other NHS, partner agencies and other organisations to provide healthcare and other services for you. We may also share de-identified statistical information with them for the purpose of improving local services, for example understanding how conditions spread across our local area compared against other areas.
We also contract with other organisations to provide a range of services for us, for example providing some human resource services for our staff. In these instances we ensure that our partner agencies handle our information under strict conditions and in line with the law.
All CCS staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. Staff with access to patient identifiable information receive appropriate ongoing training to ensure they are aware of their responsibilities. Our staff are granted access to personal data on a need-to-know basis only.
We may also be asked to share basic information about you, such as your name and parts of your address, which does not include sensitive information from your health records. Generally, we would only do this to assist non-NHS organisations to carry out their statutory duties (such as usages of healthcare services, public health or national audits).In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Privacy Notice, under the Data Protection Act and GDPR.
Where patient information is shared with other non-NHS organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.
Non-NHS organisations may include, but are not restricted to:
- social services,
- education services,
- local authorities,
- the police,
- ·voluntary sector providers and
- private sector providers.
What are your information rights
Under the GDPR and Data Protection Act, you have the following rights:
- The right to request a copy of your personal data which the Trust holds about you;
- The right to request that the Trust corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the Trust to retain such data;
- The right to withdraw your consent to the processing at any time, where we have sought your consent for this processing.
- The right to withdraw/refuse consent to share, where consent has been sought.
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability, where certain conditions are met
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data
- The right to lodge a complaint with the Information Commissioners Office.
If you would like further information about any of these rights, please contact the Trust’s Data Protection Officer or visit our website.
Contacting us about your information
Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian. They are supported by the Data Protection Officer.
You can contact the Trust’s Caldicott Guardian or Data Protection Officer on 01480 308222 or Ccsemail@example.com
If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact the Information Governance team.
Further processing of information
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contacting us if you have a complaint or concern
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint through the Trust’s Complaints Procedure, which is available on our web site, or you can write to:
The Complaints Department
PALS & Patient Experience Team
3 Meadow Park
Cambs, PE27 4LG
Tel: 0300 131 1000
If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:
Information Commissioner’s Office
Their web site is at www.ico.gov.uk