Why we keep personal information about you
We aim to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you. Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practices for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes and is not sold to any other third parties. In most cases, your information is held in the UK. If we do transfer your personal information outside the of the UK we will make sure that it is protected to the same extent as it would be within the UK. Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.
What information do we keep about you?
The information we hold may include:
- Basic details, such as your name, address and next of kin.
- Contacts we have had with you.
- Assessment information
- Notes and reports about your health and any treatment or care you needed.
- Health data, social care data
Community Services Data Set
The Department of Health and NHS England tell us to collect certain data in addition to what we collect for your direct care, so they can learn about specific areas of policy interest. The CSDS re-uses clinical and operational data for purposes other than direct patient care, such as, for example, reporting for effective commissioning, monitoring outcomes or addressing health inequalities.
CSDS sets out national definitions for the extraction of data about children and adults including personal and demographic social and personal circumstances, ethnicity, including long-term conditions and disabilities, etc. You can however decline to have your data included within the CSDS. You can find more information on Community Services Data Set – NHS Digital Community Services Data Set – NHS Digital
We collect information about you in a number of ways:
Information you tell us: Our services accept self-referrals which means that you can contact us directly to arrange an appointment and do not need to be referred by your GP. You will be asked for certain information when you contact us by phone or online chat service to enable us to book you an appointment, answer your queries and be able to provide appropriate care. You may also be asked to complete a form online so that we have pertinent information to be able to help you.
Information others tell us: Where you are referred to us by another health care professional, for example, your GP, they will share relevant information about the care you have received from them to enable us to provide effective and safe care to you. We may also request to see the information held in your GP Record where we consider this to be relevant to your care.
How do we hold your information?
We create and hold your records electronically. We store your health record on a system called Priority Digital Platform. Any records we hold about you are held securely and are only accessible to those who are involved in your care or have a legitimate need to access them.
All of our staff and contractors receive appropriate and ongoing training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Staff only have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis
We will keep personal data for no longer than necessary, in line with the NHS records retention schedule, within the NHS records management code of practice.
How do we use your information?
- Information collected about you to deliver your health care is also used to assist with:
- Making sure your care is of a high standard.
- Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care.
- Helping train staff and support research (anonymised data).
- Supporting the funding of your care (anonymised data).
- Reporting and investigation of complaints, claims and untoward incidents.
- Reporting events to the appropriate authorities when we are required to do so by law.
We might use the following lawful basis for the processing of your data:
- As a provider of Public Health care, we have a public duty to care for our service users as guided by the Department of Health.
- It is necessary for the purposes of preventative or occupational medicine.
- Consent
Where consent is the lawful basis they have the right to withdraw the consent at any time.
There might also be situations when we are under a duty of care to share your information. We are required by law to report certain information to the appropriate authorities. Occasions, when we must pass on information, include infectious diseases that may endanger others, where a formal court order has been issued and shared with the Care Quality Commission (CQC) to inspect the quality and safety of the care that we provide. We may also have to share your information when it is absolutely necessary for the prevention or detection of crime or prosecution of offenders or where there are serious risks to the public or our staff.
We may also use your information to request feedback from you, such as requesting to complete them in order to help improve the quality of services to you and our service users, particularly the quality of experience undergone by patients.
Who can see your information?
Your information is only accessible to those involved in your care or administration on a need-to-know basis. It may include one of the following organisations working in partnership to deliver the Essex Wellbeing Service
- Terrence Higgins Trust
- Age Well East
- Rural Community Council for Essex
- HCRG Care Group Services Limited
- Priority Digital Health Ltd
- Provide CIC
The members of staff are bound by a strict confidentiality code of conduct. Organisations that we often share information with include: Social Care NHS Hospitals & Clinics General Practitioners Ambulance Services Voluntary Sector Organisations Other Community Health Providers, Mental Health Trusts Also, Subject to Strict Protocols: Education Services, Local Authority Services, Private Sector Providers, Children’s Centre’s, Commissioners of our Services, the Department of Health, the Family Health Service Authority (FHSA) and the Health Protection Agency. Age Well East may also share limited information with Salesforce for the purpose of recording patient interactions and reporting. We will only share information with those who have a legitimate right to know.
Your rights
Data Protection laws give individuals rights in respect of the personal information that we hold about them. You have the right to:
ask for access to your information
- Ask for your information to be corrected if it is inaccurate or incomplete.
- Ask for your information to be deleted or erased. Please note that this does not apply to your health or care record, or where we process information for public health or scientific research purposes.
- Ask us to restrict the use of your information in some circumstances.
- We may use automated decision making in processing your personal information for some services. You can request a manual review of the accuracy of an automated decision if you are unhappy with it.
- Request your personal information to be transferred to other providers on certain occasions.
Should you have any further queries on the uses of your information, please speak to your health professional, our Customer Services Team, or our Data Protection Officer – by contacting provide.infogov@nhs.net
Should you wish to lodge a complaint about the use of your information, please contact our Customer Service Team – provide.enquiries@nhs.net
If you are still unhappy with the outcome of your enquiry you can write to:
The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 01625 545700.11