Livewell Southwest logo

Policies

Livewell Southwest: Privacy Statement

Updated on 16th August 2024

Your information and what we do with it……

Livewell Southwest CIC (“We”) takes your confidentiality and privacy rights seriously. This privacy statement is issued by us to patients, service users, visitors, carers, the public and staff to explain how we collect, use and manage the personal data we hold about you. This includes how we share information with other NHS and non NHS organisations, and how we maintain confidentiality.

What is personal data?

Personal data is information about a living, identifiable individual. Your personal data is any information that can be connected to you personally including your name, date of birth, next of kin, health conditions and treatment you receive. If you can be identified from the information, it becomes your personal data. Examples of personal data used and held by us include:

  • Name, address, date of birth, NHS number
  • Contact information such as telephone numbers, next of kin
  • Details of any allergies and physical or mental health conditions
  • Notes and reports about your health and any treatment and care you have received
  • Religion or other beliefs of a similar nature
  • Family, lifestyle and/or social circumstances
  • Employment details
  • Financial details

 

Why and how we collect data

We need to collect and keep records containing your personal data to support the delivery of the appropriate care and treatment at the right time, in the right place. This helps ensure you receive the best possible care from us and that full information is available should you need to see a different medical professional, or are referred to a specialist service. We collect information in a number of ways such as from other health or social care professionals, from your GP or directly from you.

We also collect and keep records relating to staff, which includes details of pay, appointments or removals, discipline, work management, training or other personnel matters. This ensures that employment is managed to a high standard and staff are provided with the right information and training required to carry out their roles.

Your information may also be collected for other purposes such as CCTV recordings used for crime prevention, if you make an enquiry/complaint, or complete a survey. In all situations, we use your personal data

Your health and social care record is used by staff:

  • To ensure staff involved with your care and treatment have accurate and up-to-date information about you and your needs
  • To assist with decision making and care planning to ensure your treatment is safe and efficient
  • Keeping you informed and contacting you in relation to your care and treatment
  • Full information is available should you need to see another health or social care professional or be referred to a specialist service
  • There is a good accurate basis for assessing the type and quality of care you have received
  • If you need to complain, your concerns can be investigated properly

 

When we collect your mobile telephone number we use this to send you helpful reminders of your appointments. If you do not wish to receive these alerts, please let a member of staff know. We may also send you a text or phone you asking for feedback in relation to your experience with our services, this helps us to improve, please let us know if you do not wish to be contacted.

Summary Care Record

Livewell Southwest utilises the Summary Care Record (SCR) system to support patient care. The SCR is a copy of key information from your GP record. It provides authorised healthcare staff with faster, secure access to essential information about you when you need unplanned care or when your GP practice is closed. You can find out more about SCR here Summary Care Record

In addition to your information being used for health and social care purposes, your records may be used to help the NHS in the following ways:

  • Looking after the health, safety and needs of the general public and local health economy – for example notifying central NHS groups of outbreaks of infectious diseases
  • Preparing NHS statistics on NHS performance
  • To ensure health and social care provisions meets the needs of the local communities now and in the future
  • Reporting events to the appropriate authorities when we are required by law to do so
  • Sharing key information with other health and social care providers to ensure an integrated approach, improved patient experience, and cost effective delivery of services
  • Reporting and investigating complaints, legal claims or incidents
  • To review the care and services we provide by service evaluation and clinical audit
  • For training and education
  • For health research and development

 

Devon & Cornwall Care Record

Livewell records also contribute to the Devon & Cornwall Care Record so that our partner organisations can have the information available to best help you. Please see more details regarding this at the end of the document. Only individuals in those organisations that have a legitimate relationship with you by providing a service would access your record. You many opt out of this at any time, please see how to at the end of this document.

 

Information used for Healthcare Planning and Professional assessors

LSW, as a provider of healthcare and commissioned by NHS England, has a legal requirement to submit certain data to the Secondary Uses Service (SUS) which is used for many purposes such as:

  • Healthcare planning
  • Commissioning services
  • Payment by Results
  • Improving public health
  • Developing national policy

 

Data within SUS can be patient identifiable (your name, address and other information is sent), anonymised (you are unidentifiable) or pseudonymised (difficult to identify you from the information sent). You can request that identifiable data items are removed from any information about your care which we send to SUS. In which case, your NHS Number, local patient identifier, name, postcode of usual address and birth date will all be omitted.

We must continue to send non-identifiable information about your care to SUS in order to fulfil our legal obligations and to receive payment for the treatment we provide. Further information about the Secondary Uses Service can be found here.  You can request that your identifiable information is omitted from data sent to SUS by completing this form.

All NHS Trusts are assessed by approved Department of Health bodies. As part of this process, the professional assessors will visit and look at a small number of health records and incident report forms. The assessors are not concerned with individual patient details and they don’t take them away. If you wish to object to your records being made available during an assessment, please let a member of staff know.

 

Healthy Living Partnership (formerly Integrated Care Partnership)

University Hospitals Plymouth NHS Trust and Livewell Southwest CIC (LSW) have formed a partnership so that people across Plymouth and the wider Devon locality can benefit from more joined-up health and social care. The Healthy Lives Partnership’s (HLP) close working relationship between several organisations and stakeholders, who are responsible for delivering care in our community will ensure that those with complex or long-term conditions have their needs met more seamlessly. This includes GPs, Plymouth City Council, and the voluntary sector.

The HLP will share your data for continuing healthcare when it is legal to do so. This will include routine continuation of health & social care or when it is part of an initiative to improve the support you are receiving. For example:

Patients who are frequent visitors to UHP’s Emergency Department may have their details passed to LSW who will review your patient record to assess if there is further support that can be offered to you.

Further information can be found here.

 

Other Partner Organisations

We contract with other organisations who provide us with additional expertise to support the work of LSW. On some occasions, they may access personal data, for example, IT Services may have to access computer systems to fix a fault. We ensure the external data processors that support us are legally and contractually bound to operate this process via contracts / Data Processing Agreements. These re-enforce their responsibilities as a data processor to ensure your data is securely protected.

 

Purposes where consent is required

There are also other areas of processing undertaken where consent is required from you. Under GDPR, consent must be freely given, specific, you must be informed and a record must be made that you have given your consent, to confirm you have understood.

If you have asked us to keep you regularly informed and up to date about the work of LSW or if you are actively involved in our engagement and consultation activities or patient participation / wellbeing groups, we will collect and process personal confidential data which you consent to share with us.

Where you submit or publish your details to us for involvement purposes, we will only use your information for this purpose and only with your written consent. You can contact us at any point to withdraw your consent for us to use your photograph, film and words for any new purposes.

Please remember that once an article is published and in circulation it may be copied and used by others (especially online). If you ask us to stop using your photo, film or words in the future we will comply with your request, but we cannot guarantee that other parties will do so.

 

What we do not use your information for

Your health information is never collected for direct marketing and is not sold onto third parties. We do not use your information to make automated decisions with no human intervention.

Using anonymous or aggregate information

This type of data is used to help assess the needs of the general population and / or in the area and surrounding Plymouth. This helps improve the local health population:

  • The quality and efficiency of the health services provided in the area
  • To work out what illnesses people will have in the future, so planning and prioritising of services and ensure these meet the needs of patients in the future
  • Where information is used for statistical purposes, secure measures are taken to ensure individuals cannot be identified

 

How do we keep your personal data safe and maintain confidentiality?

You have the right to privacy and confidentiality under the Data Protection Act (2018) & General Data Protection Legislation (2016), the Human Rights Act (1998) and the Common Law Duty of Confidence. The Equality Act (2010) may also apply in some circumstances. Everyone working for the NHS or providing services on behalf of the NHS has a legal duty to maintain the highest level of confidentiality.

Your information may be stored within electronic or paper records, or a combination of both. We are committed to keeping your personal information safe and secure. All our records are restricted from unauthorised access, use or disclosure. Only those with a legitimate reason can access your personal data. This may be through the use of technology, such as computers, controlled and secured servers or other environmental safeguards. We have training, systems and policies and procedures in place so that everyone working for us is aware of the high standards we expect them to adhere to when handling personal data.

Livewell  Southwest  has  a  senior  person  responsible  for  protecting  the  confidentiality  of  your personal data and ensuring we comply with the law. This is known as the Data Protection Officer, and within our organisation this role sits with our Information Governance Lead

 

Who do we share your personal data with?

We work closely with other NHS and non-NHS organisations to deliver joined up integrated health and social care services to provide you with the best and appropriate care and treatment. Therefore, it may be necessary to share your personal data with these organisations.

We may also share your personal data with regulatory bodies. We will try to share the minimum amount of personal data required, even anonymising data where possible. In such instances, we will ensure the information shared is adequate for the safe provision of care and treatment. We ensure that robust assurances and agreements are in place with the Organisations that we share your information with.

We may share personal data with the following organisations for the purposes of delivering or improving health and social care, or where there is a legal requirement for us to do so:

  • Clinical Commissioning Groups (CCG’s)
  • Health authorities
  • NHS organisations
  • Providers of services on behalf of the NHS
  • General Practitioners (GP’s)
  • Other NHS common service agencies, such as primary care agencies, dentists
  • Ambulance Service
  • Police
  • Social Services
  • Department for Work and Pensions
  • Education Services
  • Voluntary and Private sector providers

 

We share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.

There are certain circumstances where we will process  /  share  personal  information  without  your  consent  and  where  there  is another legal statute or law allowing us to do this which are:

  • To protect children and vulnerable adults
  • When a formal court order has been served upon us; and / or
  • When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
  • Emergency Planning reasons such as for protecting the health and safety of others, or during a critical public emergency
  • When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals (see section on Section 251 of the NHS Act 2006).

 

When analysing current health services and proposals for developing future services, it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking primary care GP data with secondary uses service (SUS) data (inpatient, outpatient and A&E).

In some cases, there may also be a need to link local datasets, which could include a range of acute-based services such as radiology, physiotherapy and audiology, as well as mental health and community-based services such as district nursing and podiatry. When carrying out this analysis, the linking of these datasets is always done using a pseudonym. This means that the data is coded and individuals are not identifiable.

 

What are your information rights?

You have a number of rights under the Data Protection Legislation:

  • To be informed why, where and how we use your information
  • To ask for access to your information
  • To ask for your information to be corrected if it is inaccurate or incomplete
  • To ask for your information to be deleted or removed where there is no need for us to continue processing it. This does not apply to current health records that are within their retention dates.
  • To ask us to restrict the use of your information in certain circumstances
  • In limited circumstances to ask us to copy or transfer your information from one IT system to another
  • To object to how your information is used
  • To challenge decisions made without human intervention (automated decision making)

 

Do you have the right to withdraw or withhold consent for us to share your personal data?

You can withdraw or withhold your consent for information sharing at any time. This is sometimes referred to as ‘opting out’. The possible consequences of withholding your consent will be fully explained to you at the time, should this situation occur. If you chose to prevent your information from being shared to other people involved with your care and treatment, it may mean the care and treatment provided is limited or delayed. In some cases, it may mean certain treatment options cannot be offered.

 

National Data Opt-out Programme

NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how identifiable health and care information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. To find out more:  NHS Digital national data opt out

 

How long do we retain your records?

The Records Management Code of Practice for Health and Social Care 2021 sets out the appropriate length of time each type of NHS record should be retained for. All our records are retained and destroyed in accordance with the Retention Schedule contain with the code of practice. We do not keep your records for longer than necessary.

All records are appropriately reviewed once they have reached their retention period. We will then decide whether the record requires further retention or should be confidential destroyed. All decisions and destructions are documented.

 

How can I access the information you hold about me?

Under the Data Protection Act (1998) and the General Data Protection Regulation (2018), you have the right to request a copy of the information we hold about you, both on paper and electronic. Except for information that:

  • Has been provided about you from someone else if they have not given permission for you to see it
  • Relates to a 3rd party or individual
  • Relates to crime offences and/or is being used for the detection or prevention of crime
  • Could cause physical or mental harm to you or someone else

 

Your request must be made in writing (email is acceptable) and needs to include your full name, any pervious names know by, address, date of birth, NHS number (if known). You will also need to confirm if you require all records or records from care and treatment received at a specific service. You will be required to attend an identity verification appointment with proof of your identity to ensure we maintain your confidentiality.

Your request for access to your health record can be made using one of the following methods:

  • Post: Data Disclosure Team, Livewell Southwest, Hatfield House, Burrington Way, Plymouth, PL5 3LZ
  • Email: [email protected]

 

For help and advice on accessing health records, please feel free to contact the Data Disclosure team on 01752 435111.

For access to your social care information, you will need to contact Plymouth City Council. More information on their procedures or for a copy of their application form, please visit: https://www.plymouth.gov.uk/aboutcouncil/accessinformation/dataprotection

 

Raising a complaint

The Customer Service team are available to assist you if you have any comments, concerns, compliments or complaints about the care or treatment you have received. The team are independent from our clinical services to ensure your concerns/complaints are investigated and responded to in an effective and timely manner. The team can be contact at:

  • Post: Customer Services, Livewell Southwest, 1st Floor, Windsor House,Plymouth, PL6 5UF
  • Email: [email protected]
  • Tel: 01752 435201

Additionally, the Information Commissioners Office (ICO) is the UK’s Data Protection regulator. The ICO has the responsibility of ensuring organisations that hold, use and manage personal data do so in accordance with the law. All data controllers must notify the ICO of all personal data processing activities. Our ICO data protection registration number is Z2807096.

If you are dissatisfied with the way we have handled or shared your personal data you can have the right to raise a complaint with the ICO. This can be done using one of the following methods:

  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Tel: 0303 123 1113 (or 01625 545745 or 44 1625 545745 if calling from overseas)

 

More information on the role of the ICO can be found by visiting: https://ico.org.uk/

 

How to contact us if you have any queries or concerns with this privacy statement

If you have any queries or concerns regarding the personal data we hold about you or questions relating to this privacy statement, please contact our Information Governance team:

  • Post: Data Protection Officer, Livewell Southwest, 1st Floor, Windsor House, Plymouth, PL6 5UF
  • Email: [email protected]
  • Tel: 01752 435110

 

Changes to this statement

We will occasionally update this Privacy statement to reflect company and customer feedback. We therefore encourage you to periodically review this statement in case of any changes.

 

Further information

To learn more about how we use, manage and maintain confidentiality of your personal data, please speak to the health and social care professionals involved with your care.

 

Additional Information

Livewell Sharing into the Devon & Cornwall Care Record (DCCR)

Health and care organisations in Devon and Cornwall collect information on its patients and keeps records about the care and services they’ve provided.

The Devon and Cornwall Care Record pulls together the information from these different health and social care records and displays it in one combined record.

Keeping your personal data safe is a crucial aspect of the Devon and Cornwall Care Record and we take every required measure to keep information secure and confidential.

Shared care records are subject to UK data protection legislation, and individuals with the authority to view records work under strict codes of conduct.

This page provides more detail on the laws that allow us to use your data, who can access your data and how you can object to your data being shared.

The legal basis for using your data is:

Article 6 Condition: ‘Personal data’
Provision of care:
The key basis for processing personal data is:
6(1)(e) Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
Article 9 Condition: Special categories of personal data
The key basis for processing the special category personal data is:
9(2)(h) ‘processing is necessary for the purposes of… the provision of health or social care treatment or services… on the basis of Union or Member state law’.
The Health & Social Care (Safety & Quality) Act 2015 places a duty on organisations providing health and adult social care services to share data where it facilitates the provision of care to an individual in their best interests, unless the individual objects or it relates to an anonymous access service.

Need-to-know access

Only organisations and individuals involved in your care, and who have a legitimate reason, are allowed to view your records. A system is in place to ensure this.

How long is your information held?

Your information will be held according to the NHSX Records Management Code of Practice 2021, which you can read on the NHSX website.

If you’d like to find out more, please contact your health or social care provider directly.

 

Your rights

You have the right to ask for a copy of any information organisations hold about you. If you’d like to see information held about you on your health and care records, please contact the organisations providing your care.

The information displayed in the Devon and Cornwall Care Record is only a partial record of what is held about you by the partner organisations.

If you have any concerns about your health and care data – including possible errors or out-of-date information – please contact the organisations that have provided your care, so it can be corrected.

You can find out more about how information is used in the public interest on the Information Commissioner’s Office website . Your health or care provider’s website will also have more details on how your data is used.

 

Objecting to sharing your data

The Devon and Cornwall Care Record allows health and care staff to see a more complete picture of your medical history. It includes vital information such as allergies, medication, test results, and any interventions you may be receiving, or have had in the past.

When staff are more informed, it helps them to make the right decisions quickly, providing better and safer care. This is especially important during emergency situations or out of normal working hours. Only staff involved in your care, and who have a legitimate reason are allowed to view your records.

If you have concerns about your data being shared in this way, you can raise an objection. The best way to do this is by contacting the staff who are providing your care, but if you’re not sure which organisations provide your care, you can raise an objection directly with the Devon and Care Record using the form below.

However, if you do register an objection, you should understand that it could negatively impact the care you receive. If health and care staff are unable to access your medical record:

  • It might mean that tests or investigations are repeated because results from other organisations can’t be accessed.
  • You may need to repeat the same information to different staff.
  • The staff treating you won’t be able to see what has happened to you in different parts of the NHS. They will only be able to see the record in their organisation such as that particular hospital or GP practice.
  • They might not know what medication you’re taking.
  • It may delay treatment.
  • It will not stop health and care staff contacting one another to ask questions about your history.
  • You may not be conscious or able to share details about your medical history if you arrive at hospital.

You should also be aware that if you choose to object, you are only objecting to electronic sharing of your medical record through the Devon and Cornwall Care Record. Other information sharing projects – such as the Summary Care Record – are operated and managed separately, so you need to object to each programme individually.

If you are aged 16 or above, we will process your request by carrying out our normal checks on the details you have given us.

If you are under 16, we will consider your right to object if the form has been completed by somebody acting on your behalf such as a parent or guardian. If it has not, we will ask a recognised health or care professional if they consider you to be competent to make such a decision.

We will respect your choice and restrict access to your, or the person you are acting on behalf of, health and social care information by professionals in our partner organisations where you’ve made use of the right to object unless this will impact the clinical safety of either yourself, or any other person.

To carry out your wishes we will need to keep some information such as your name, date of birth and NHS number. This will ensure all partner organisations know about your decision to object so you don’t have to notify all the different organisations across Devon and Cornwall who might be involved in your care.