Data Protection Privacy Notice

Similar documents
Occupational Health Privacy Notice

UK Renal Registry 20th Annual Report: Appendix A The UK Renal Registry Statement of Purpose

White Rose Surgery. How we collect, look after and use your data.

Sample. Information Governance. Copyright Notice. This booklet remains the intellectual property of Redcrier Publications L td

Frequently Asked Questions (FAQs) About Sharing Information for Patients

UK Renal Registry 13th Annual Report (December 2010): Appendix A The UK Renal Registry Statement of Purpose

GPs as data controllers under the General Data Protection Regulation

Acute kidney injury Keeping kidneys healthy: The AKI programme board. Dr Richard Fluck, National Clinical Director (Renal) NHS England

PRIVACY POLICY OF THE W & L SCHWAB CHARITABLE TRUST. (The I & F Westheimer Trust is a subsidiary of the W & L Schwab Charitable Trust)

How we use your information. Information for patients and service users

NATIONAL HEALTH SERVICE, ENGLAND

The non-executive director s guide to NHS data Part one: Hospital activity, data sets and performance

Research Code of Practice

Clinical Practice Guideline Development Manual

Your NHS number and how we use your information in the NHS

Implied Consent Model and Permission to View

I SBN Crown copyright Astron B31267

Student Privacy Notice

Personal Identifiable Information Policy

Standard Operating Procedures (SOP) Research and Development Office

Cambridgeshire County Council Public Health Directorate. Privacy Notice, February 2017

Fair Processing Notice or Privacy Notice

Newcastle Healthy Lungs Programme

You requested information related to the impact of the Francis Report on acute services. Specifically you asked for:

Access to Health Records Application (Subject Access Request)

EAST CALDER & RATHO MEDICAL PRACTICE YOUR INFORMATION

Access to Health Records under the Data Protection Act 1998 (As set out by the Department of Health)

Concerns, Complaints and Compliments

The National Patient Experience Survey Programme. Statement of information practices

Summary Privacy Notice

Protecting and managing personal data Changes on the horizon for hospitals and other health and care organisations

SOMERSET INFORMATION SHARING PROTOCOL

Fair Processing Strategy

Scottish Clinical Trials Research Unit (SCTRU) Data Protection Notice

HEALTHCARE INSPECTORATE WALES (HIW) PRIVACY NOTICE

POLICY STATEMENT PRIVACY POLICY

Annual Complaints Report 2017/2018

HSE Privacy Notice Patients & Service Users

DATA PROTECTION ACT (1998) SUBJECT ACCESS REQUEST PROCEDURE

In the entire Finland: Juha Tuominen, Chief Medical Officer Suomen Terveystalo Oy, Group Administration

Thank you for your request for information, which was received by Essex County Council on 28 th December 2011.

Name of Researcher: Professor Kimme Hyrich. PARTICIPANT INFORMATION SHEET Version 8.0; 19 th October 2016

Request under the Freedom of Information Act 2000 (FOIA)

STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

Your NHS health records

Care and Health Information Exchange Compliance Review with General Data Protection Regulations

England Infected Blood Support Scheme (EIBSS) Chronic hepatitis C stage 1 payment application form

consultation A European health service? The European Commission s proposals on cross-border healthcare Key questions for NHS organisations

Privacy Code for Consumer, Customer, Supplier and Business Partner Data

Beyond Data Breach Notification: What's new in Privacy for Dr Jodie Siganto October 2017

Lawful basis for processing personal and special category data guidance

Participant Information Sheet Main Trial. ATAFUTI A Trial Investigating Alternative Treatments for Adult Female Urinary Tract Infection

Principles of Data Sharing for GPs and LMCs

Privacy Notice - Diabetic Eye Screening

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

Freedom of Information Act 2000 (FOIA) Decision notice

Patient Rights and Responsibilities

Research Equipment Grants 2018 Scheme 2018 Guidelines for Applicants Open to members of Translational Cancer Research Centres

JOINT DECLARATION ON THE PROMOTION AND THE ENFORCEMENT OF CANCER PATIENTS RIGHTS

GDPR Records Management Policy

ANSWERS TO QUESTIONS RECEIVED FROM MEMBERS OF THE INFORMATION GOVERNANCE ALLIANCE (NHS TRUST REPRESENTATIVES)

UK Cystic Fibrosis Registry. Data sharing policy

QUICK REFERENCE TO CALDICOTT & THE DATA PROTECTION ACT 1998 PRINCIPLES

The EU GDPR: Implications for U.S. Universities and Academic Medical Centers

Birmingham CrossCity Clinical Commissioning Group Deprivation of Liberty Safeguards (DoLS) Policy: Supervisory body Functions

Research Passport Application Form Version 3 01/09/2012

UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM

Privacy Policy - Australian Privacy Principles (APPs)

C-GALL PATIENT INFORMATION LEAFLET

NHS WOLVERHAMPTON CLINICAL COMMISSIONING GROUP CONSTITUTION

GDPR readiness at efinancialcareers. Our Responsibilities and the General Data Protection Regulation

Precedence Privacy Policy

ACC Privacy Policy. Policy Statement. Objective. Scope. Policy system. Policy standards. Collection

Freedom of Information Request NHS Continuing Healthcare

Fast Track Pathway Tool for NHS Continuing Healthcare

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

North Bristol NHS Trust

Draft Code of Practice FOR PUBLIC CONSULTATION

You requested information regarding wound care. Specifically you asked:

Complaints Handling. 27/08/2013 Version 1.0. Version No. Description Author Approval Effective Date. 1.0 Complaints. J Meredith/ D Thompson

CLINICAL SERVICES POLICY & PROCEDURE (CSPP No. 25) Clinical Photography Policy in the Pre-Hospital Setting. January 2017

Participant Information Sheet Adults

PATIENT INFORMATION SHEET Laser assisted versus standard ultrasound cataract surgery

Complaints and Suggestions for Improvement Handling Procedure

FREEDOM OF INFORMATION ACT 2000 Dudley CCG - Intermediate/Community Dermatology Service: RFI0423

DATA PROTECTION POLICY

Our ref: 06/15 Wednesday, 25 th February Re: Freedom of Information Act Request

Methods: Commissioning through Evaluation

Privacy Impact Assessment: care.data

NHS RESEARCH PASSPORT POLICY AND PROCEDURE

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

Quality Governance (Audit, Compliance and CQC) Manager

Guidance on the use of the draft model Grant Funding Agreement

Decision-making and mental capacity

CLINICAL REVIEW SERVICE SERVICE INFORMATION

Parkbury House Surgery

National Standards for the Conduct of Reviews of Patient Safety Incidents

COMPLAINTS POLICY. Head of Complaints & Customer Service Improvement

A Case Review Process for NHS Trusts and Foundation Trusts

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

Transcription:

Data Protection Privacy Notice Introduction This document explains why information is collected about you by the UK Renal Registry (UKRR) and how your information may be used this is called a Fair Processing Notice or Privacy Notice. It describes how the UKRR collects, uses and processes your personal information and how, in doing so, it complies with its legal obligations to patients. Your privacy is important and the UKRR is committed to safeguarding your data privacy rights. If you are interested in understanding what the UKRR does, you may also want to look at the patient information pages of the UKRR website: www.renalreg.org/patient-info/ Who are we? The UKRR is part of the Renal Association, a not for profit organisation registered with the Charity Commission and set up as the national association for kidney doctors and researchers into kidney diseases. The main aim of the UKRR is to report on the care of people with kidney disease and help improve their care in the future. This is primarily achieved through national audit by collecting and reporting data of people with kidney disease in the UK. The data are also used for research purposes, but only with careful controls over how the data will be used, as described below. The UKRR previously only collected data on people with end-stage kidney disease on renal replacement treatments dialysis therapies and kidney transplant recipients. The remit has recently been extended to include cases of acute kidney injury and chronic kidney disease not on dialysis. Clinical information about people with kidney disease collected by hospitals across the UK is electronically transferred in an encrypted form to the UKKR and stored in its secure databases. The UKRR uses this information to provide grouped anonymised information and reports for the benefit of patients, clinicians, commissioners, researchers and regulators in improving care. Why do we collect your information? The UKRR collects patient information to improve the care and outcomes of people with kidney disease. This is achieved through using the data to: Audit this is where the standards of care given to people with kidney disease in renal centres are compared against each other and against national guidelines Identify trends in the nature and frequency of kidney diseases and their outcomes within the population and subgroups of the population Provide information to patients to make better informed choices and have better understanding of diseases and treatments 1

Provide commissioners and policy makers with information to improve the delivery of renal services Assess the impact of quality improvement initiatives Facilitate research - this is where the data is used to improve understanding of diseases, treatments and interventions Support clinical trials that will provide the evidence to change clinical practice What happens to your data? Local hospital IT systems collect and store identifiable information, treatment information and laboratory results for routine use by clinical teams delivering care to people with kidney disease A list of these data items has been agreed to be necessary to monitor the quality of care provided by the NHS and its sub-contracted providers to people with kidney disease. Only these items are shared with the UKRR The hospital sends the UKRR a file via secure encrypted email This is stored securely in the UKRR with access only for people with permission to see and use it If the permissions to keep data expire or the data is no longer required, it is deleted in a secure permanent way Your data may be shared with other parties but only in very strictly controlled circumstances as described here. Who is your information shared with? No personal information is shared with other parties beyond those described here. Grouped, anonymised data are shared with other parties in the form of summaries and reports produced by the UKRR. In addition, applications can be made by external parties to the UKRR for grouped data where a detailed justification for having the data is given and safeguards are in place for how the data will be stored, used and deleted once their work is completed. This data will contain no personal information or patient identifiable information. External research groups are able to apply to the UKRR for individual level patient data through a formal application process. This data always has identifiable information removed and safeguards are in place to prevent the re-identification of patients. The application process places paramount importance on data security and confidentiality which is formalised in a signed data sharing agreement. Once the project is completed, an agreed timeframe for the secure deletion of the data will then take place. The UKRR links data with other databases to improve understanding of kidney disease in the context of wider health conditions and services. Such data linkages are permitted under the various legal bases for audit and research work and require signed data sharing 2

agreements between the two data controllers of each database. Examples include linking UKRR data with Public Health England to identify bloodstream infections in dialysis patients; Hospital Episode Statistics (HES) data to identify differences in the case-mix of patients to allow for better comparison of survival between renal centres; Office for National Statistics (ONS) mortality tracking data to monitor how long people live and the causes of death on different treatments. Personal identifiable information is used to link patient data between the databases but is then removed once the linkage has been made. We will also share information as required by law, for example, to comply with a court order. How does the UKRR keep your data safe? We are very careful with the information hospitals provide about patients and their care. We have strict rules about how the data is used and who can use it. We are committed to protecting your privacy and will only use information collected lawfully in accordance with: Data Protection Act (2018) General Data Protection Regulation (GDPR EU) (2016/679) Human Rights Act (1998) NHS Act 2006 Health and Social Care Acts 2001/2012 Common Law Duty of Confidentiality NHS Codes of Confidentiality, Information Security and Records Management. The information is kept strictly confidential and is stored, processed and analysed in a very secure environment. System security is externally audited on a regular basis. Only appropriate staff can access the data and all employees working at the UKRR are required to sign a confidentiality agreement as part of the employment contract. If a sub-contractor acts as a data processor for UKRR an appropriate contract will be established for the processing of your information. What is the lawful basis for collecting your data? The UKRR collects information that is part of the essential activity of the NHS and the data is used in important medical audit and research. There are times when the rules about using data differ depending on whether data is being used for audit or research. Audit is a way of finding out whether clinical teams are doing what they should be doing by asking if they are following guidelines and applying best practice Research is designed to provide new knowledge which can be generalised to other patients 3

Research may generate questions about health conditions or treatments and may also try and answer those questions for example through comparing the results of different treatments. Neither the audit or research work carried out by UKRR on your data in any way alters the care that you receive in your hospital. There may be times when you are asked by staff at your hospital whether you want to enrol in a research trial, but this is a separate matter and the hospital staff would discuss that with you and would need you to sign a consent form. The word consent means you give permission or agree for something to happen. In accordance with the regulations described above, the audit and research work of the UKRR have section 251 approval from the Secretary of State for Health. This means the UKRR can use patient identifiable data for audit and research without individual patient consent in circumstances when it is not possible to use anonymised information and when seeking individual consent is not practical. Under the GDPR, the UKRR (as part of the Renal Association, a registered charity mandated to carry out a public duty) will be lawfully using your information in accordance with: and and and Article 6(1)(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child Article 9(2)(h): processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 Article 9(2)(i): processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy 4

Article 9(2)(j): processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. How long will your data be stored? The data is retained as long as is approved by NHS commissioners. What are your individual rights? This next section describes how you can access, amend, erase and move your personal data, withdraw your consent and object to or complain about the data that the UKRR holds about you. What are my rights to access my data? You have the right to see or have a copy of your personal information at the UKRR without any charge. If you want to access your information at the UKRR, you should make a written request to the UKRR see the section below on How to contact the UKRR. We will normally provide your information within one month of receiving all the information we need to respond to your request.. What is my right to rectify my data? (right to amend your data) You have the right to have your information amended. Please contact the unit/hospital treating you if you want information at the UKRR corrected. The unit/hospital treating you regularly sends your information to UKRR and information should be corrected on the unit/hospital records. A corrected file will then be sent to the UKRR by your unit/hospital. Can I opt out of the UKRR being sent my data? If you are happy for us to use your information you need do nothing further. You have the right to opt-out of the UKRR being sent information which identifies you. This will not affect the standard of care or treatment you receive in any way. Clinical information as required for national audit will still be submitted and remain part of the audit database but we will not be able to link your records or use your records in any research. If you wish to opt-out please contact your renal unit to arrange this. Alternatively, you can contact the UKRR see the section below on How to contact the UKRR and we can contact your renal unit to let them know. 5

Can I request that my data be erased from the UKRR? As the lawful basis for processing your data is section 251, there is no right to erasure for national audit but there is for research. You can request in writing to have your information erased from any UKRR research database. We will respond to your request within one month. Can I transfer my data from the UKRR? (right to move your data) You have the right to request a secure transfer of your data from the UKRR to another data controller. The UKRR will transfer your data to your unit/hospital (the data controller) for them to transfer on to the new data controller. You should make the request in writing to the UKRR see the section below on How to contact the UKRR. No fee will be payable and the information will be transferred within one month. Do I have a right to object? The UKRR uses your information for the purposes described here. If you do not agree with this you have the right to object. See the section below on Objections and complaints that explains who to contact if you have an objection. The UKRR will respond to your objection within a month (although we may be allowed to extend this period in certain cases). Can I complain to the regulator? Details on how you can do this are included in the section Objections and complaints. What to do if I have an objection or complaint? Should you have any concerns about how your information is managed, please contact the data protection officer for the UKRR see the section below on How to contact the UKRR. If you are still unhappy following a review by the data protection officer, you have a right to lodge a complaint with the Information Commissioner: Information Commissioner: Wycliffe house Water Lane Wilmslow Cheshire SK9 5AF Tel: 01625 545745 www.informationcommissioner.gov.uk 6

How do I contact the UKRR? Our address for communications is: UK Renal Registry c/o The Renal Association Learning and Research Building Southmead Hospital Bristol BS10 5NB Our telephone number is 0117-414-8152 Our email-address is: renalregistry@renalregistry.nhs.uk The UKRR are registered to process personal and sensitive information under the Freedom of Information Act 2000 our registration number is Z8096557. Our Caldicott guardian (senior person responsible for sharing of patient information) is Dr Fergus Caskey. Dr Caskey can be contacted via email at fergus.caskey@bristol.ac.uk. The responsible officer for the UKRR is Mr Ron Cullen and he can be contacted via email at Ron.Cullen@renalregistry.nhs.uk. Our senior information risk owner is Dr Retha Steenkamp. She can be contacted via email at Retha.Steenkamp@renalregistry.nhs.uk. Our data protection officer is Mr Curtiss Green, GR Governance & Consultancy Service. He can be contacted at curtiss@grgserv.co.uk. The postal address for the data protection officer is: C/o The Renal Association, Learning and Research Building, Southmead Hospital, Bristol, BS10 5NB. Changes to this notice We may amend this privacy notice from time to time. If you are dissatisfied with any aspect of our privacy notice, please contact the data protection officer. 7

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback