Your information and how we use it

City Health Care Partnership’s Privacy Notice

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

We are the controller for your information. A controller decides on why and how information is used and shared.

Data Protection Officer contact details

Our Data Protection Officer is Claire Attwood and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at CHCP.customercare@nhs.net

How do we get information and why do we have it?

The personal information we collect is provided directly from you for one of the following reasons:

you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care.
you have sought funding for continuing health care or personal health budget support.
you have signed up to our newsletter/patient participation group.
you have made a complaint.

We also receive personal information about you indirectly from others, in the following scenarios: referrals from GP practices, information sharing with Hull University Teaching Hospital Trusts, Humber Foundation Trusts, Local Authority and ambulance services.

from other health and care organisations involved in your care so that we can provide you with care
from family members or carers to support your care

What information do we collect?

Personal information

The doctors, nurses and team of healthcare professionals caring for you keep records about your health and any treatment and care you receive. Personal information is any information that can be used to identify a living person. For example, an individual's name, address, date of birth, email address, telephone number, or NHS number.

We currently collect and use the following personal information:

personal identifiers and contacts (for example, name and contact details)
medical information, test results and diagnoses.
Notes and reports about your health, treatment and care
Relevant information from people who care for you and know you well such as health professionals and relatives.
Photographs, scans and/or x-rays
CCTV footage

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please tell us about any changes as soon as possible.

More sensitive information

The UK GDPR gives extra protection to more sensitive information known as ‘special category data’. Information concerning health and care falls into this category and needs to be treated with greater care. Data that relates to criminal offences is also considered particularly sensitive.

We process the following more sensitive data (including special category data):

data concerning physical or mental health (for example, details about your appointments or diagnosis)
data revealing racial or ethnic origin
data concerning a person’s sex life
data concerning a person’s sexual orientation
genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
biometric data (where used for identification purposes)
data revealing political opinions
data revealing religious or philosophical beliefs
data revealing trade union membership
other [please state any other special category data]
data relating to criminal or suspected criminal offences

Who do we share information with?

We may share information with the following types of organisations:

Hospitals and NHS Trusts
GPs
Community Care Teams
Care homes
Local Authorities
NHS England
third party data processors (such as Lorenzo, R4, Inform, Picture Archiving and Communication System.)
planners of health and care services (such as Integrated Care Boards)

You may be receiving care from other people as well as the NHS, for example Social Care services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:

Social care services
Education services
Local authorities
Voluntary and private sector providers working with the NHS.

In some circumstances we are legally obliged to share information. This includes:

when required by NHS England to develop national IT and data services
when registering births and deaths
when reporting some infectious diseases
when a court orders us to do so
where a public inquiry requires the information

We will also share information if the public good outweighs your right to confidentiality. This could include:

where a serious crime has been committed
where there are serious risks to the public or staff
to protect children or vulnerable adults

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

(b) We have a contractual obligation

(e) We need it to perform a public task

(f) We have a legitimate interest

More sensitive data

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

(f) We need for a legal claim or the courts require it.

(g) There is a substantial public interest (with a basis in law).

(h) To provide and manage health or social care (with a basis in law).

(i) To manage public health (with a basis in law).

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
we have a legal requirement to collect, share and use the data
for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service

How do we store your personal information?

Your information may be stored both electronically or by paper, there are technical and organisational security measures in place to protect personal data, this can be through appropriate access controls in place. Everyone working within CHCP has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will: Adult records are held for 8 years after being discharged from the service.

securely dispose of your information by shredding paper records, or putting your electronic hard drive data to ‘beyond use’ until the retention period of backups are written over. Medical records are deducted from the system.
archive your information at a historically significant service’s record may be archived with the local Archive Service, which is run by the Local Authority].

What are your data protection rights?

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request).

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at CHCP.Accesstorecords@nhs.net Telephone: 01482 976821. Address: Access To Records Team Business Support Centre, 5 Beacon Way, Hull HU3 4AE if you wish to make a request.

National data opt-out

we are applying the national data opt-out because we are using confidential patient information for planning or research purposes.

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
monitoring safety
planning services

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

How do I complain?

If you have any concerns about our use of your personal information, you can make a complaint to us at chcp.customercare@nhs.net or Telephone 01482 976821

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.

The ICO’s address is:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

Freedom Of Information (FOI)

City Health Care Partnership CIC is not a public authority and therefore the Freedom of Information Act 2000 does not apply entirely to all services within the organisation. However, where our services fall within the scope these will be processed as per the act.

CHCP are a provider of healthcare services and work with our commissioners in support of healthcare services. You may wish to direct your FOI to one of our commissioners who may be able to support your request for information.

Humber and North Yorkshire Integrated Care Board
Email: hnyicb.foi@nhs.net
Address: Freedom of Information, Humber and North Yorkshire ICB Team, Health House Grange Park Lane, Willerby, HU10 6DT

East Riding of Yorkshire Council
Email: foi@eastriding.gov.uk
Address: Freedom of Information, East Riding of Yorkshire Council, Democratic Service, County Hall, Beverley, HU17 9BA

Hull City Council
Email: info@hullcc.gov.uk
Address: Information Governance Team, Hull City Council, The Guildhall, Alfred Gelder Street, Hull, HU1 2AA

NHS England
Email: england.contactus@nhs.net
Address: NHS England, PO Box 16738, Redditch, B97 9PT

St Helen’s Council
Email: contactcentre@sthelens.gov.uk
Address: St. Helens Council, Contact Centre, Wesley House, Corporation Street, St Helens, WA10 1HF

Federated Data Platforms (FDP)

NHS services such as CHCP use this platform to directly support your care by holding your information within it. This supports your care teams by collating relevant information about you in the same place making it available for use.

The OPTICA Community product in use within CHCP uses the information held on the platform to support your care teams to work together to make sure you have all the additional care, equipment, medication, and support that you might need to be discharged safely and as soon as possible.

Processor acting on behalf of CHCP

The data platform contractor, Palantir Technologies UK LTD is a processor acting on behalf of the NHS who are using this Product. They provide the data platform and the technology that the Product uses and only act on our instructions.

For more information, please see below links for NHS England privacy information.

NHS England » NHS Federated Data Platform privacy notice

NHS England » FDP products and product privacy notices