Privacy Notice
Mayflower Healthcare Alliance (MHA) takes your confidentiality and privacy rights very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) 2018.
How will we meet the Principles of the GDPR?
We will process your personal information fairly and lawfully by;
Only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights;
We do not rely on consent to use your information as a ‘legal basis for processing’. We rely on specific provisions under Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller.’
This means we can use your personal information to provide you with your care without seeking your consent. However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care.
Only collecting and using your information to provide you with your care and treatment and will not use it for anything else that is not considered by law to be for this purpose;
Only using enough of your personal information that will be relevant and necessary for us to carry out various tasks within the delivery of your care;
Keeping your information accurate and up to date when using it and if it is found to be wrong, we will make it right, where appropriate, as soon as we can;
Only keeping your information in a way that it will identify you for as long as we are legally required to, whilst ensuring your rights;
Having secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.
What information do we collect from you?
Health and social care professionals working with you – such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care – keep records about your health and any care and treatment you receive. This may include:
- Basic details such as name, address, date of birth, phone number, and email address – where you have provided it to enable us to communicate with you by email
- Your next of kin and contact details
- Notes and reports about your physical or mental health and any treatment, care or support you need and receive
- Results of your tests and diagnosis
- Relevant information from other professionals, relatives or those who care for you or know you well
- Any contacts you have with us such as home visits or outpatient appointments
- Information on medicines, side effects and allergies
- Patient experience feedback and treatment outcome information you provide
At present the majority of your records used by MHA are paper based, these record are access and managed securely to protect personal and sensitive information held about you.
New models of service delivery are being implemented. MHA are working toward closer working with GPs and other healthcare and social care providers. To assist this, the use of other electronic patient record systems to share your information will be implemented. When this takes place, You will be given the opportunity to say no and to opt-out of this sharing. To do this, please speak to MHA Data Protection Officer or clinician managing your care and treatment.
Why do we collect this information about you?
Your information is used to guide and record the care you receive and is vital in helping us to;
- have all the information necessary for assessing your needs and for making decisions with you about your care
- have details of our contact with you, such as referrals and appointments and can see the services you have received
- can assess the quality of care we give you
- can properly investigate if you and your family have a concern or a complaint about your healthcare
Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:
- Move to another area
- need to use another service
- See a different healthcare professional
Who might we share your information with?
Health and Social Care Professionals– Your information will be shared with the team who are caring for you and are providing treatment to you.
However, the NHS and other agencies, including social services and private healthcare organisations work together so we may need to share information about you, with other professionals and services involved in your care.
We do this in order to provide the most appropriate treatment and support for you, and your carers, or when the welfare of other people is involved. We will only share your information in this way if we have your consent and it is considered necessary.
You have the right to refuse/withdraw your consent to information sharing at any time. Please discuss this with your relevant health care professional as this could have implications in how you receive further care, including delays in you receiving care.
However, a person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record with other agencies. In these rare circumstances we are not required to have your consent. Examples of this are:
- If there is a concern that you are putting yourself at risk of serious harm
- If there is concern that you are putting another person at risk of serious harm
- If there is concern that you are putting a child at risk of harm
- If we have been instructed to do so by a Court
- If the information is essential for the investigation of a serious crime
- If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
- If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases
The information from your patient record will only be used for purposes that benefit your care – we would never share it for marketing or insurance purposes.
NHS Patient Survey Programme (NPSP)is part of the government’s commitment to ensure patient feedback is used to inform the improvement and development of NHS services. We may share your contact information with an NHS approved contractor to be used for the purpose of the NPSP.
NHS Digital, on behalf of NHS England assess the effectiveness of the care provided by publicly-funded services – we have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.
You have the right to object to us sharing your information to NHS Digital – this will not affect your care in any way. For information about how you can Opt-Out of sharing your data with NHS Digital please visit the NHS Digital National Data Opt-Out Programme Website.
Further information
You can find more about what personal information we share, to whom and for what purpose by looking on our webpages – or you can email our Data Protection Officer.
Improving Health, Care and Services through Planning
To help us monitor our performance, evaluate and develop the services we provide, it is necessary to review and share minimal information. The information we share would be anonymous so you cannot be identified and all access to and use of this information is strictly controlled.
In order to ensure that we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports.
Improving Health, Care and Services through Research
MHA actively promotes research with a view to improving future care. Researchers can improve how physical and mental health can be treated and prevented.
If we use your patient information for research, we remove your name and all other personal data which would identify you. If we need the information in a form that would personally identify you, we would ask for your permission first.
If you do not want the information from your patient record used to support research, please contact:
Gary Townsend
Caldicott Guardian
Mayflower Healthcare Alliance
Tel: 01277 657835
E-mail: Gary Townsend gary.townsend@nhs.net
How we keep your information safe?
We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.
MHA is registered to the Information Commissioner’s Office; registration number is ZA050651
All the Information Systems used by MHA are implemented with robust information security safeguards to protect the confidentiality, integrity and availability of your personal information. The security controls adopted by MHA are influenced by a number of sources including the 10 National Data Guardian Standards and guidelines produced by NHS Digital and other Government standards.
All MHA employees and our partner organisations are legally bound to respect your confidentiality, all staff must comply with our Information Governance/Data Protection policies and procedures. Any breach of these is treated seriously, and could result in disciplinary action, including dismissal.
If any of your personal information is to be processed overseas (i.e. outside the EU) a full risk assessment would be undertaken to ensure the security of the information.
How long do we keep your information?
All records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code). The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.
How can I access the information you hold about me?
You have a right to see the information we hold about you, both on paper or electronic, except for information that:
- Has been provided about you by someone else if they haven’t given permission for you to see it
- Relates to criminal offences
- Is being used to detect or prevent crime
- Could cause physical or mental harm to you or someone else
Your request must be made in writing and we will request proof of identity before we can disclose personal information. You can find out more about how to access your information by visiting our website page and clicking on ‘Access to your personal information’.
All applications for access to health records must be made in writing or email, and given to the service where you receive your care or alternatively sent to:
Gary Townsend
Mayflower Healthcare Alliance
Tel: 01277 657835
E-mail: gary.townsend@nhs.net
Complaints and Patient Experience Team
To get further advice or to report a concern directly to the UK’s independent authority you can do this by making contacting with: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
https://ico.org.uk/concerns/handling/