Fair Processing Notice or Privacy Notice

Similar documents
Principles of Data Sharing for GPs and LMCs

Occupational Health Privacy Notice

EAST CALDER & RATHO MEDICAL PRACTICE YOUR INFORMATION

How we use your information. Information for patients and service users

White Rose Surgery. How we collect, look after and use your data.

DATA PROTECTION POLICY

NHS England Complaints Policy

GPs as data controllers under the General Data Protection Regulation

Personal Identifiable Information Policy

Implied Consent Model and Permission to View

I SBN Crown copyright Astron B31267

STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

Frequently Asked Questions (FAQs) About Sharing Information for Patients

Standard Operating Procedures (SOP) Research and Development Office

The NHS Constitution

Research Code of Practice

Birmingham CrossCity Clinical Commissioning Group Deprivation of Liberty Safeguards (DoLS) Policy: Supervisory body Functions

Fair Processing Strategy

NHS Constitution The NHS belongs to the people. This Constitution principles values rights pledges responsibilities

DATA PROTECTION POLICY

Your NHS health records

SM-PGN 01- Security Management Practice Guidance Note Closed Circuit Television (CCTV)-V03

Student Privacy Notice

Addendum 1 Compliance indicators for the Australian Privacy Principles

Information for registrants. How to renew your registration

Sharing your information to improve care

BARNET LOCAL MEDICAL LIAISON MEETING

COMPLAINTS POLICY. Head of Complaints & Customer Service Improvement

HSE Privacy Notice Patients & Service Users

Application for Recognition or Expansion of Recognition

Privacy Policy - Australian Privacy Principles (APPs)

SOMERSET INFORMATION SHARING PROTOCOL

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

Guidance for care providers in Scotland using CCTV (closed circuit television) in their services

Standards conduct, accountability

Guideline on the Role of Directors of Area Addiction Services Appointed under the Substance Addiction (Compulsory Assessment and Treatment) Act 2017

Getting Ready for Ontario s Privacy Legislation GUIDE. Privacy Requirements and Policies for Health Practitioners

CCG Policy for Working with the Pharmaceutical Industry

Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

Precedence Privacy Policy

Personal Budgets and Direct Payments

ST AGNES CATHOLIC PRIMARY SCHOOL HIGHETT STANDARD COLLECTION NOTICE

ADVOCATES CODE OF PRACTICE

Information Governance: The Refresher Module (Revision and Update)

Complaints and Suggestions for Improvement Handling Procedure

Parkbury House Surgery

Mental Capacity Act POLICY

Complaints policy RM07

MEMORANDUM OF UNDERSTANDING THE CHARITY COMMISSION FOR NORTHERN IRELAND AND THE FUNDRAISING REGULATOR

How your health information is used in Lambeth

NOTICE OF PRIVACY PRACTICES

Cambridgeshire County Council Public Health Directorate. Privacy Notice, February 2017

Process for registering a political party

The Code of Conduct Professional standards for nurses and midwives

UoA: Academic Quality Handbook

Data Protection Privacy Notice

Bristol, North Somerset and South Gloucestershire. Connecting Care. Data Sharing Agreement

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

Working with Information Governance INFORMATION GOVERNANCE REFRESHER TRAINING WORK BOOK

Registration under the Care Standards Act Guide to the application process for Private Dentists

THE ADULT SOCIAL CARE COMPLAINTS POLICY

PRIVACY AND NATURAL MEDICINE PRACTITIONERS

KO41b GP Written Complaints

The National Patient Experience Survey Programme. Statement of information practices

Herefordshire Safeguarding Adults Board

THE PRIVACY ACT AND THE AUSTRALIAN PRIVACY PRINCIPLES FREQUENTLY ASKED QUESTIONS

Complaints Handling. 27/08/2013 Version 1.0. Version No. Description Author Approval Effective Date. 1.0 Complaints. J Meredith/ D Thompson

Raising Concerns or Complaints about NHS services

Code of Ethics & Conduct

I write in response to your request of 21 January 2009 (received 22 January 2009) requesting copies of your medical records.

Enter and View Policy

The Care Programme Approach

Guidance on the use of Overt Closed Circuit Televisions (CCTV) for the Purpose of Surveillance in Regulated Establishments and Agencies

Making a complaint in the independent healthcare sector. A guide for patients

SPONSORSHIP AND JOINT WORKING WITH THE PHARMACEUTICAL INDUSTRY

Services. This policy should be read in conjunction with the following statement:

Diploma Unit 9 Unit code: HSC 028 Technical Certificate Unit 9 Unit code: Y/602/3118. Unit Information

POLICY STATEMENT PRIVACY POLICY

JOB DESCRIPTION. Service Manager AMH Inpatient Services. Enhanced CRB with Both Barred List Check

QASA Handbook for criminal advocates September 2013

Complaints Policy and Procedure

Policy No. AD I1 ** Information from collection to retention shall be managed according to relevant legislation.

Section 132 of the Mental Health Act 1983 Procedure for Informing Detained Patients of their Legal Rights

AUSTRALIAN RESUSCITATION COUNCIL PRIVACY STATEMENT

HEALTH PRACTITIONERS COMPETENCE ASSURANCE ACT 2003 COMPLAINTS INVESTIGATION PROCESS

NHS CHOICES COMPLAINTS POLICY

Counselling Policy. 1. Introduction

ANSWERS TO QUESTIONS RECEIVED FROM MEMBERS OF THE INFORMATION GOVERNANCE ALLIANCE (NHS TRUST REPRESENTATIVES)

CCG: CO01 Access and Choice Policy

Code of Ethics and Practice

Privacy Impact Assessment: care.data

How to complain about a doctor

Your NHS number and how we use your information in the NHS

NATIONAL HEALTH SERVICE, ENGLAND

COLLECTION STATEMENT

Cambridge House s Ethical Fundraising Policy & Procedures

Guidance on the provision of pharmacy services affected by religious and moral beliefs

WHISTLE BLOWING POLICY AND PROCEDURE. (Raising Concerns at Work)

Mental Capacity Act and Deprivation of Liberty Safeguards Policy and Guidance for staff

Trafford Housing Trust Limited

Transcription:

Fair Processing Notice or Privacy Notice What is a Fair Processing or Privacy notice? A privacy notice is an oral or written statement that individuals are given when information is collected about them. As a minimum, a privacy notice should tell people who we are, what we are going to do with their information and who it will be shared with. However, it can also tell people more than this, for example, it can provide information about their access rights or our information security arrangements. Its primary purpose is to make sure information is collected and used fairly. As stated a privacy notice doesn t have to be written but is should be genuinely informative. It should help individuals to understand how we will use their information and what the consequences of this are for them. It is also good practice to tell people how they can access the information we hold about them, as this may help them spot inaccuracies or omissions in their records. If this is done properly, it can make our organisation more transparent and should reassure people that they can trust us with their personal information. However, a privacy notice that uses overly legal terminology is unlikely to achieve this objective so we have decided that we will use the following approach for this project. The key workers are able to provide the public with a leaflet which will provide all the information that is required for a privacy notice. They will then discuss the information contained within the leaflet with the patient and explain the aims that: information will only be shared with their consent, that they can opt out of sharing personal information at any time (the consequences of this will also be explained) who to contact for copies of their information how to object to the processing of the data how to have any errors corrected. NEW Devon CCG - Your Information Patient Leaflet. 1

Your information What you need to know Please click here to view this leaflet. Who are we? NHS Northern, Eastern and Western Devon Clinical Commissioning Group Newcourt House Old Rydon Lane Exeter EX2 7JU Tel: 01392 205205 What we do We are responsible for buying (also known as commissioning) health services from healthcare providers such as Hospitals, GP Practices, Dentists and Pharmacists for our local population. We also have a performance monitoring role of these services, which includes responding to any concerns from our patients on the services through, for example the patient advice and complaints team (PACT) or by referring them to NHS England as appropriate. Why we collect information about you In carrying out some of these roles, we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or on a computer. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments. How your records are used to help the NHS Your information may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development and monitor NHS performance. Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. Anonymous and pseudonymised statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units and research institutions. Where it is not sufficient to use anonymised information, person identifiable information may be used, but only for essential NHS purposes for direct patient care. This may include research and auditing services. This will only be done with your consent, unless the law requires information to be passed on to improve public health or is in the public interest. How we keep your records confidential Everyone working for the NHS is subject to the Common Law Duty of Confidence and governed by the Data Protection Act. Information provided in confidence will only be used for the purposes advised and consented to by the patient, unless there are other circumstances covered by the law. 2

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. Other organisations with whom we may share your personal information We may share your information for health purposes with other organisations such as NHS England, NHS Trusts, General Practitioners (GPs) and other contracted service providers. We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional. Occasions when we must pass on information include:- Notification of new births Where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS) Where a formal court order has been issued Our guiding principle is that we are holding your records in the strictest confidence. Information Sharing with Non-NHS Organisations Information may also be required to be shared for your benefit with other non NHS organisations, from which you are also receiving care, such as social services and other providers from which we commission services. Where information sharing is required with third parties, we will not disclose any health information without your explicit consent, or where an information sharing agreement exists, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it. We may be asked to share basic information about you for direct patient care, such as your name and address, which does include sensitive information. This would normally be to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice or a privacy notice, under the Data Protection Act. This organisation is bound by a number of information sharing agreements which are drawn up to ensure information is shared in a way that complies with relevant legislation. These NHS and non-nhs organisations may include, but are not restricted to social services, education services, local authorities, police, and public health. Your right to withdraw consent for us to share your personal information At any time, you have the right to refuse/withdraw consent to information sharing. The possible consequences will be fully explained to you and could include delays in receiving care. How can you get access to your own health records? The Data Protection Act 1998 gives you the right to see or have a copy of your health records. You do not need to give a reason, but you may be charged a fee. If you want to access your health records, you should make a written request to the NHS organisation(s) where you are being, or have been treated. You should also be aware that in certain circumstances, your right to see some details in your health records may be limited in your own interest or for other reasons. The Information Governance Manager for NEW Devon CCG will be responsible for ensuring all rights under section 7 of the DPA are upheld and dealt with in accordance with legislation. 3

All subject access requests must be referred to: Information Governance Lead, NHS NEW Devon CCG, Corporate Governance, Newcourt House, Old Rydon Lane, EXETER, EX2 7JU. FLOWCHART OF KEY QUESTIONS FOR INFORMATION SHARING Further Information If you would like to know more about how NHS Northern, Eastern and Western Devon Clinical Commissioning Group uses your information, please contact our Information Governance team on 01392 205205. Further information can also be obtained from Data Protection Act 1998, the Care Record Guarantee and the NHS Confidentiality Code of Conduct, accessible via the internet or Library. If you would like a large print version or a translation of this leaflet in another language, please contact the Communications Team, NEW Devon CCG, Newcourt House, Old Rydon Lane, EXETER, Devon 4

Appendix A - Our obligations under the Data Protection Act 1998 & the Human Rights Act 1998 Data Protection Act 1998 The data protection act 1998 says: Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. This is the first data protection principle. In practice, it means that you must: have legitimate grounds for collecting and using the personal data; not use the data in ways that have unjustified adverse effects on the individuals concerned; be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data; handle people s personal data only in ways they would reasonably expect; and make sure you do not do anything unlawful with the data. Fairness generally requires you to be transparent clear and open with individuals about how their information will be used. Transparency is always important, but especially so in situations where individuals have a choice about whether they wish to enter into a relationship with us. Once it has been established that a data controller does have the lawful power to share personal data it would then need to satisfy a Schedule 2 condition for processing and where sensitive personal data is involved, a Schedule 3 condition. It should be remembered though that even where a condition or conditions for processing can be met this will not on its own ensure that the processing is fair or lawful. These issues need to be considered separately. It is also worth briefly looking at the issue of consent To the ICO consent means just that. For example someone is asked if their information can be used in a certain way. If they agree release of information can proceed, but if they refuse their consent, then in the view of the ICO, their wishes should be respected and the information should not be used. In addition it needs to be remembered that in data protection terms consent is but one condition that could be relied on to process personal and sensitive personal data. There are several other conditions that it may be possible to rely on depending on the purpose of the processing (and which are set out in Schedule 2 and in Schedule 3). In terms of meeting a Schedule 2 condition there are two that could be relied on these are: 5. The processing is necessary 5

(d) for the exercise of any other functions of a public nature exercised in the public interest by any person. or 6. (1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject. Meeting a Schedule 3 condition is more difficult (and which is the way it should be). However in these circumstances the ICO considers that a condition provided for in SI 417 (2000) 1 could be met, namely: The processing (a) is in the substantial public interest; (b) is necessary for the discharge of any function which is designed for the provision of confidential counselling, advice, support or any other service; and (c) is carried out without the explicit consent of the data subject because the processing (iii) must necessarily be carried out without the explicit consent of the data subject being sought so as not to prejudice the provision of that counselling, advice, support or other service. The ICO stresses that where these conditions are being relied upon that there is the provision of fair processing information to the individuals involved, with more information being required where the data sharing is more extensive. Privacy notices should make it clear to individuals about how their information is being used and where they can find out more about the processing and/or object to the processing (s10 of the DPA). As the conditions above require that the sharing is either in the substantial public interest or is for confidential counselling purposes added to the fact that public authorities must not act in any way that is incompatible with the Human Rights Act we will seek the explicit informed consent of the patient or individual. It is also important to ensure that the other Data Protection principles are complied with e.g. the information shared needs to be relevant and not excessive, it must be accurate and kept up to date, not kept for longer than necessary and kept secure. If individuals know at the outset what we propose to use their information for, they will be able to make an informed decision about whether to: (a)enter into a relationship with us, or perhaps to try to renegotiate the terms of the relationship; (b) consent or dissent to the use of their information. 1 Statutory Instrument 2000 No. 417 The Data Protection (Processing of Sensitive Personal Data) Order 2000 6

If anyone is deceived or misled when the information is obtained, then this is likely to be unfair and will be a breach of the DPA. The Data Protection Act says that information should be treated as being obtained fairly if it is provided by a person who is legally authorised, or required, to provide it. The Data Protection Act does not define lawfully. However, lawful refers to statute and to common law, whether criminal or civil. An unlawful act may be committed by a public or private-sector organisation. If processing personal data involves committing a criminal offence, the processing will obviously be unlawful. However, processing may also be unlawful if it results in: a breach of a duty of confidence. Such a duty may be stated, or it may be implied by the content of the information or because it was collected in circumstances where confidentiality is expected medical information, for example; the organisation exceeding its legal powers or exercising those powers improperly; a breach of industry-specific legislation or regulations; a breach of the Human Rights Act 1998. The Act implements the European Convention on Human Rights which, among other things, gives individuals the right to respect for private and family life, home and correspondence. For more information please see the Information Commissioners website: http://ico.org.uk/ Human Rights Act 1998 S6 Human Rights Act 1998 (HRA) makes it unlawful for a public authority to act in a way that is incompatible with a person's rights under the European Convention on Human Rights. Another way of putting this is to say that all public authorities must comply with the Human Rights Act and their decisions can be challenged in court. Therefore staff must be aware of convention rights and must understand the positive obligations of the Act. The NHS Constitution also outlines the rights of patients and what they can expect from the NHS http://www.nhs.uk/choiceinthenhs/rightsandpledges/nhsconstitution/pages/overview.aspx For further information please see the Your rights website http://www.yourrights.org.uk/ 7

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback