What is a Fair Processing Notice?
A fair processing notice is a statement by the trust to patients, service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose personal information which we hold.
Your Information and How we Use it
In the NHS we aim to provide you with the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
This fair processing notice tells you about the information we collect and hold about you, what we do with it, how we will look after it and who we might share it with. It also explains the choices you can make about the way in which your information is used and how you can opt-out of any sharing arrangements that may be in place.
Why we Collect Information About You
Your doctor and other health professionals caring for you, such as nurses, health visitors and physiotherapists, keep records about your health and treatment so that they are able to provide you with the best possible care.
These records may be stored in paper form or electronically.
Your health record may include:
- Basic details about you, such as your address, date of birth, and next of kin
- Contact we have had with you, such as clinical visits
- Notes and reports about your health
- Details and records about your treatment and care
- Results of x-rays, laboratory tests etc
Your health care record is used to ensure that:
- Health care professionals looking after you have accurate and up to date information about you to help them decide on any care you may require
- Full information is available should you see another doctor or be referred to a specialist or another part of the NHS
- There is a good basis for assessing the type and quality of care you have received. This will lead to better care both for you and for other patients in the future
- Your concerns can be properly investigated if you need to complain
How your records are used to help the NHS:
- Paying your GP or hospital for the care you have received
- The audit of NHS accounts, service evaluation and clinical audit of the quality of services provided
- Reporting and investigating complaints, claims and untoward incidents
- Planning services to ensure we meet the needs of our population in the future
- Preparing statistics on our performance for the department of health
- Reviewing our care to make sure that it is of the highest standard
- Teaching and training health care professionals
- Conducting health research and development
Records will be kept in line with the department of health records management code of practice which determines the minimum length of time that records should be kept for.
How we Keep Your Information Secure
Whenever information is used for your care, it will be handled in the strictest confidence. Derbyshire community health services (DCHS) will:
- Only use the minimum amount of information necessary for the purpose. Where possible, we will use information that does not identify you
- Ensure that anyone receiving information about you is under an obligation to keep it confidential and to only use the information for the specified purpose
- Have secure systems in place to help prevent unauthorised access to patient information held on its computers
- Have audit trails available on electronic systems to ensure we can identify who has accessed your record
We are committed to protecting your privacy and will only process personal confidential data in accordance with the general data protection regulation (GDPR), UK data protection bill, the common law duty of confidentiality and the human rights act 1998. The various laws and rules about using and sharing confidential information, with which DCHS will comply, are available in a guide to confidentiality in health and social care information leaflet.
DCHS is a data controller under the terms of the general data protection regulations (GDPR). We are legally responsible for ensuring that all personal confidential data that we collect and use i.e. hold, obtain, record, use or share about you is done in compliance with the data protection principles.
Our data protection officer is Hannah Edwards, who can be contacted at Hannah.firstname.lastname@example.org.
All data controllers must notify the information commissioner’s office (ICO) of all personal information processing activities. Our ICO data protection register number is Z2576474 and our entry can be found in the data protection register on the information commissioner’s office website.
Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS care record guarantee and NHS constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.
All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
Your information will not be sent outside of the United Kingdom where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.
Sharing your Information
You may receive care from other organisations, such as social care or voluntary healthcare providers. If so, there may be a need to share some information about you so that everyone involved in your care can work together for your benefit. Information about you will only be used or passed on to others involved in your care, if they need it.
DCHS works in partnership with a number of NHS and Non-NHS organisations to deliver joined up integrated services to users. DCHS is part of the Derbyshire partnership forum and is signed up to their overarching information sharing protocol which is available on their website.
Information about your health and treatment may be shared with other organisations caring for you. Information will only be shared for the purpose of direct care, and will only be viewed by individuals who are directly involved in your care. These organisations will ask for your consent to view your health record if it has been shared with them. Further information can be found on the Derbyshire health and social care community information sharing website.
If you do not want your health record to be shared with other services involved in your care, please ensure you inform the service(s) caring for you. You can choose to exclude parts of your record from being shared, or you can opt out of sharing your record altogether. In choosing this option, you accept that this request may limit the provision of services or treatment provided to you. You can also change your mind at any time about whether you wish to share your record.
If you ask us not to share information about you with another person or organisation we will respect your wishes unless there are exceptional circumstances. Not sharing information may mean that we have to alter the level of care we provide to you but this will be explained. The final decision will normally rest with you.
There are exceptional circumstances where information about you will be shared, even if you do not give us permission to do so. These are where information is shared for legal reasons or in the public interest.
Circumstances where information may be shared without your permission include:
- Where it is required by law, for example the notification of births, deaths and some infectious diseases
- Where a court order has been issued requesting the information
- Where there is a serious risk of harm to you or other individuals
- Where a child is believed to be at risk of harm (children’s act 1989)
- Where information is required for the prevention, detection or prosecution of a serious crime
- Where information you have supplied to us is about a serious crime that has been committed, such as murder, manslaughter, rape, treason or kidnapping (police and criminal evidence act 1984)
- Where information you have supplied to us is about suspected terrorism (anti-terrorism, crime and security act 2001 and terrorism act 2000)
- Where the disclosure is necessary in any legal proceedings
Use of Patient Data to Improve NHS Services
DCHS, like all NHS organisations, uses information about your care in order to review the quality of care. This enables us to be sure that standards are being met and helps us to improve the quality of care that we provide. This activity is carried out by clinical teams and may also involve service evaluation and clinical audit/other non-clinical trust staff who are experts in data collection. The trust oversees all of this activity through its authorisation processes.
Our Caldicott guardian is responsible for keeping the confidentiality of patient information safe. No patients can ever be identified in any subsequent reporting of results, unless we have previously asked and got your permission.
If you do not want your records or data to be used for service evaluation and clinical audit, please inform the service(s) caring for you.
DCHS has a research innovation group dedicated to ensuring we apply the strictest governance around your information in relation to research.
Wherever possible, DCHS will use information that does not identify individuals. Where identifiable information is required, DCHS will always gain your consent before using your information for research purposes.
Further information on data protection in relation to research can be found from the health research authority website.
Requesting a Copy of Your Records
You have the right to ask for a copy of all records about you under the general data protection regulations:
- DCHS will provide a copy of the information free of charge. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive
- DCHS may also charge a reasonable fee to comply with requests for further copies of the same information
- We must comply with your request within one month of receipt. However, we may extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary
To request a copy of your records please contact:
Outpatient and Health Records Manager
Corporate Governance Officer
Contacting us if You Have a Complaint or Concern
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint through the trust’s complaints procedure, which is available on our web site, or you can write to:
Patient Experience Team
Alfreton Primary Care Centre
If you remain dissatisfied with the trust’s decision following your complaint, you may wish to contact:
Information Commissioner’s Office
The information commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to the trust.