Dudley Integrated Health and Care NHS Privacy Statement
COVID-19 Data Sharing and interim processes
COVID-19 Privacy Notice Update
COVID-19 Data Sharing and interim processes
Updated 14th April 2020
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. This supplements the Trusts main Privacy Notice.
Throughout the COVID-19 pandemic across the Trust our services will be working under alternative agile conditions. This is to safeguard our service users and staff against the virus.
During this period of emergency we may contact you by alternative ensure that our staff can continue to provide a service to you. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation. Alternative contact methods include:
- Text Message
- Video conferencing; please be aware that by accepting the invitation and entering the consultation you are consenting to this.
- Telephone calls
If you have any concerns with how staff are contacting you please raise this with the staff members.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak.
There are new data sharing requirements that the Trust must comply with to support the national public health review of COVID-19. Information will be shared linked to COVID-19 for the following purposes:
- To ensure that services remain available and accessible
- To monitor trends in the virus
- To understand areas of risk of
- To monitoring and managing the response to COVID-19 contracting the virus
- To monitor the effectiveness of capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
- To support research and planning in relation to Covid-19.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.
All information shared linked to COVID-19 is inline with Data Protection 2018/GDPR as well as Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
Please note that this does not affect your usual rights under the Data Protection Act 2018. However; be mindful that if you do require access to your records or want to enforce any other rights under Data Protection there may be a delay in providing you a full response to these request as staff are focusing efforts on frontline services to assist with the demand faced by services due to COVID-19.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
Who is the Data Protection Officer?
The Data Protection Officer (DPO) is:
Katie Sparrow, Head of Information Governance (and DPO)
Tel: 0121 612 8017
The Data Protection Officer operates independently on how to deal with data protection matters putting patient rights at the heart of their decision making process. The Data Protection Officer will be the first point of call for individuals, such as patients, whose data is being processed, but will also be the person for staff to turn to relating to any data protection queries.
How do I access my health record?
Any request for access to health records should be forwarded on to:
Information Governance Team
Greets Green Road
West Bromwich B70 9PL
Telephone: 0121 612 8037
Why do we collect information about you?
Your doctor and the team of Health Professionals caring for you keep records about your health and any care or treatment you receive from the NHS. These records help to ensure that you receive the best possible care.
They will need to keep records, which may be written or held on computer, about your health and the care and treatment that you are receiving from them.
What will we collect?
The records that we keep about you will include:
- Personal details about you, such as name, address, date of birth, next of kin and telephone numbers.
- Sensitive details about you such as ethnicity, gender, what you are doing at the moment and what problems, if any, you may have.
- Any contact that we have had with you previously
- Notes and reports about your health and any treatment you have and may receive.
- Results of investigations and tests.
- Relevant information from people who care for you and know you well such as other health professionals and relatives.
It is essential that we have your correct details to ensure the appropriate care and treatment is provided to you, if your detail change please inform us as soon as possible.
What will we do with it?
Our staff will use this information to enable them to assess your health and to decide what care and treatment you will need. To maintain the accuracy of this information it will be regularly up dated and kept securely.
Your information can also be used for statistical purposes; in these cases we take strict confidentiality measures to ensure that the information is anonymous so individual patients cannot be identified.
Patient records can also be used within audit and for teaching purposes; in these cases we use anonymous information when possible.
In working together for your benefit we may need to share some information with others involved in your care.
If you are involved in a research project or your information is used for non-medical purposes, you will be asked for consent before your information is used.
We will only ever use or pass on information about you with others involved in your care where we have consent to do so. However there may be occasions where we have a statutory obligation to do so by law.
Do we share your information?
Yes the organisation does share information. We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it.
You may be receiving care from other people as well as the NHS (e.g. Social Services). We may need to share information about you with them so we can all work together for your benefit. We will only ever pass this information about you if:
• They have a genuine need for it such as where there is a danger of harm to a child or vulnerable adult or to aid the prevention and detection of serious crime
• There is a court order
• We have your consent
We will not disclose your information to a third party without your consent unless there are exceptional circumstances, such as when the health and safety of others is at risk or if the law requires us to.
How long do we hold your information?
We follow destruction and retention periods as set out in the NHS Record Management Code of Practice.
Our Record Management Policies and Procedures in relation to retention and destruction of information have been produced in line with the Code of Practice and is available via our Publication Scheme.
1) Restrict Disclosure of Information:
You do have the right to restrict the disclosure of your personal information. By choosing this option, it may make the provision of care or treatment you receive more difficult or unavailable and we will fully inform you of this. You can also change your mind at any time about a disclosure decision.
2) Access to your Information:
The General Data Protection Regulation allows you, the patient, or an individual acting on your behalf to view or have copies of your health record. The Act provides a right of access to your information; however the organisation is entitled to withhold information considered to be detrimental to the physical or mental health of the patient or other person, or if the information contains information given by a third party.
3) Right to Rectification (to correct information held):
You can ask for corrections to be made to your records and you are entitled to a copy of the correction, or, if the record is not corrected, the record holder’s note of the request and any discussion.
4) Right to be Forgotten:
You can ask for your information to be deleted/erased; however where the information we hold about you is for the provision of health not all information can be erased. You can request to have information erased via the Trust’s Information Governance Team (contact details are below)
5) Right to Restrict Processing:
You have the right to limit the way in which we can use your data; this includes who we share data with. Please note that there are limitations to this as we need to ensure that we can meet your Health and Care needs. You can request to restrict the use of your data via the Information Governance Team (contact details are below)
In addition to the above you also have the right to raise any complaints or concerns in relation to the use of your information with the Information Commissioner, who is the UKs supervisory body who oversees the Data Protection Act 2018 and GDPR.
We keep your health records secure
Everyone working for the NHS has a legal duty to keep information about you confidential and secure under the General Data Protection Regulation / Data Protection and the Caldicott principles. We use the minimum amount of information required to inform the people who need to know to provide you care.
Anyone who receives information from us is also under a legal duty to do the same and has a confidentiality clause in their contract. Breaking those rules can result in being dismissed.
Do we have a Lawful Basis for Processing your Information?
Yes; The organisation has the following Lawful basis for processing your information under Article 6 of the General Data Protection Regulation (GDPR);
1 (e) the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
In addition to this the organisation also uses special category data in line with Article 9 as follows:
2 (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3
Please note that this does not include the processing of our staff information in line with their employment, the legal basis for this will differ due to the employment contract.