Your information and how we use it
City Health Care Partnership’s Privacy Notice
This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.
We are the controller for your information. A controller decides on why and how information is used and shared.
Data Protection Officer contact details
Our Data Protection Officer is Claire Attwood and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at CHCP.firstname.lastname@example.org
How do we get information and why do we have it?
The personal information we collect is provided directly from you for one of the following reasons:
- you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care.
- you have sought funding for continuing health care or personal health budget support.
- you have signed up to our newsletter/patient participation group.
- you have made a complaint.
We also receive personal information about you indirectly from others, in the following scenarios: referrals from GP practices, information sharing with Hull University Teaching Hospital Trusts, Humber Foundation Trusts, Local Authority and ambulance services.
- from other health and care organisations involved in your care so that we can provide you with care
- from family members or carers to support your care
What information do we collect?
The doctors, nurses and team of healthcare professionals caring for you keep records about your health and any treatment and care you receive. Personal information is any information that can be used to identify a living person. For example, an individual's name, address, date of birth, email address, telephone number, or NHS number.
We currently collect and use the following personal information:
- personal identifiers and contacts (for example, name and contact details)
- medical information, test results and diagnoses.
- Notes and reports about your health, treatment and care
- Relevant information from people who care for you and know you well such as health professionals and relatives.
- Photographs, scans and/or x-rays
- CCTV footage
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please tell us about any changes as soon as possible.
More sensitive information
The UK GDPR gives extra protection to more sensitive information known as ‘special category data’. Information concerning health and care falls into this category and needs to be treated with greater care. Data that relates to criminal offences is also considered particularly sensitive.
We process the following more sensitive data (including special category data):
- data concerning physical or mental health (for example, details about your appointments or diagnosis)
- data revealing racial or ethnic origin
- data concerning a person’s sex life
- data concerning a person’s sexual orientation
- genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
- biometric data (where used for identification purposes)
- data revealing political opinions
- data revealing religious or philosophical beliefs
- data revealing trade union membership
- other [please state any other special category data]
- data relating to criminal or suspected criminal offences
Who do we share information with?
We may share information with the following types of organisations:
- Hospitals and NHS Trusts
- Community Care Teams
- Care homes
- Local Authorities
- NHS England
- third party data processors (such as Lorenzo, R4, Inform, Picture Archiving and Communication System.)
- planners of health and care services (such as Integrated Care Boards)
You may be receiving care from other people as well as the NHS, for example Social Care services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:
- Social care services
- Education services
- Local authorities
- Voluntary and private sector providers working with the NHS.
In some circumstances we are legally obliged to share information. This includes:
- when required by NHS England to develop national IT and data services
- when registering births and deaths
- when reporting some infectious diseases
- when a court orders us to do so
- where a public inquiry requires the information
We will also share information if the public good outweighs your right to confidentiality. This could include:
- where a serious crime has been committed
- where there are serious risks to the public or staff
- to protect children or vulnerable adults
We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.
What is our lawful basis for using information?
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:
(b) We have a contractual obligation
(c) We have a legal obligation
(e) We need it to perform a public task
(f) We have a legitimate interest
More sensitive data
Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):
(f) We need for a legal claim or the courts require it.
(g) There is a substantial public interest (with a basis in law).
(h) To provide and manage health or social care (with a basis in law).
(i) To manage public health (with a basis in law).
Common law duty of confidentiality
In our use of health and care information, we satisfy the common law duty of confidentiality because:
- you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
- we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
- we have a legal requirement to collect, share and use the data
- for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service
How do we store your personal information?
Your information may be stored both electronically or by paper, there are technical and organisational security measures in place to protect personal data, this can be through appropriate access controls in place. Everyone working within CHCP has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will: Adult records are held for 8 years after being discharged from the service.
- securely dispose of your information by shredding paper records, or putting your electronic hard drive data to ‘beyond use’ until the retention period of backups are written over. Medical records are deducted from the system.
- archive your information at a historically significant service’s record may be archived with the local Archive Service, which is run by the Local Authority].
What are your data protection rights?
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request).
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at CHCP.Accesstorecords@nhs.net Telephone: 01482 976821. Address: Access To Records Team Business Support Centre, 5 Beacon Way, Hull HU3 4AE if you wish to make a request.
National data opt-out
- we are applying the national data opt-out because we are using confidential patient information for planning or research purposes.
The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.
Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.
You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
How do I complain?
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com or Telephone 01482 976821
Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.
The ICO’s address is:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Freedom Of Information (FOI)
City Health Care Partnership CIC is not a public authority and therefore the Freedom of Information Act 2000 does not apply entirely to all services within the organisation. However, where our services fall within the scope these will be processed as per the act.
CHCP are a provider of healthcare services and work with our commissioners in support of healthcare services. You may wish to direct your FOI to one of our commissioners who may be able to support your request for information.
Humber and North Yorkshire Integrated Care Board
Address: Freedom of Information, Humber and North Yorkshire ICB Team, Health House Grange Park Lane, Willerby, HU10 6DT
East Riding of Yorkshire Council
Address: Freedom of Information, East Riding of Yorkshire Council, Democratic Service, County Hall, Beverley, HU17 9BA
Hull City Council
Address: Information Governance Team, Hull City Council, The Guildhall, Alfred Gelder Street, Hull, HU1 2AA
Address: NHS England, PO Box 16738, Redditch, B97 9PT
St Helen’s Council
Address: St. Helens Council, Contact Centre, Wesley House, Corporation Street, St Helens, WA10 1HF