Livewell Southwest logo
Latest news
Jonathan’s funny take on being diagnosed with Parkinson’s in his thirties50 year old Paul on 50 half marathons in 50 weeksHSJ Partnership Awards 2024: Our Admiral Nurse Transitions of Care Service take home bronze!YOU CAN NOW CALL NHS 111 IF YOU ARE IN A MENTAL HEALTH CRISISResponding to major incident following discovery of an unexploded bomb – through the eyes of health and social care workers

Policies

Livewell Southwest: Privacy Statement

Covid-19 and your information – Updated on 8th April 2020

Supplementary privacy note on Covid-19 for Patients/Service Users

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice above.

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.  Further information is available on gov.uk here and some FAQs on this law are available here.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information.  This includes National Data Opt-outs.  However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply.  It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.

During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak.  Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves.  All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you.  Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.

Your information and what we do with it……

Livewell Southwest CIC (“We”) takes your confidentiality and privacy rights seriously. This privacy statement is issued by us to patients, service users, visitors, carers, the public and staff to explain how we collect, use and manage the personal data we hold about you. This includes how we share information with other NHS and non NHS organisations, and how we maintain confidentiality.

What is personal data?

Personal data is information about a living, identifiable individual. Your personal data is any information that can be connected to you personally including your name, date of birth, next of kin, health conditions and treatment you receive. If you can be identified from the information, it becomes your personal data. Examples of personal data used and held by us include:

  • Name, address, date of birth, NHS number
  • Contact information such as telephone numbers, next of kin
  • Details of any allergies and physical or mental health conditions
  • Notes and reports about your health and any treatment and care you have received
  • Religion or other beliefs of a similar nature
  • Family, lifestyle and/or social circumstances
  • Employment details
  • Financial details

 

Why and how we collect data

We need to collect and keep records containing your personal data to support the delivery of the appropriate care and treatment at the right time, in the right place. This helps ensure you receive the best possible care from us and that full information is available should you need to see a different medical professional, or are referred to a specialist service. We collect information in a number of ways such as from other health or social care professionals, from your GP or directly from you.

We also collect and keep records relating to staff, which includes details of pay, appointments or removals, discipline, work management, training or other personnel matters. This ensures that employment is managed to a high standard and staff are provided with the right information and training required to carry out their roles.

Your information may also be collected for other purposes such as CCTV recordings used for crime prevention, if you make an enquiry/complaint, or complete a survey. In all situations, we use your personal data

Your health and social care record is used by staff:

  • To ensure staff involved with your care and treatment have accurate and up-to-date information about you and your needs
  • To assist with decision making and care planning to ensure your treatment is safe and efficient
  • Keeping you informed and contacting you in relation to your care and treatment
  • Full information is available should you need to see another health or social care professional or be referred to a specialist service
  • There is a good accurate basis for assessing the type and quality of care you have received
  • If you need to complain, your concerns can be investigated properly

 

When we collect your mobile telephone number we use this to send you helpful reminders of your appointments. If you do not wish to receive these alerts, please let a member of staff know. We may also send you a text or phone you asking for feedback in relation to your experience with our services, this helps us to improve, please let us know if you do not wish to be contacted.

Summary Care Record

Livewell Southwest utilises the Summary Care Record (SCR) system to support patient care. The SCR is a copy of key information from your GP record. It provides authorised healthcare staff with faster, secure access to essential information about you when you need unplanned care or when your GP practice is closed. You can find out more about SCR here Summary Care Record

In addition to your information being used for health and social care purposes, your records may be used to help the NHS in the following ways:

  • Looking after the health, safety and needs of the general public and local health economy – for example notifying central NHS groups of outbreaks of infectious diseases
  • Preparing NHS statistics on NHS performance
  • To ensure health and social care provisions meets the needs of the local communities now and in the future
  • Reporting events to the appropriate authorities when we are required by law to do so
  • Sharing key information with other health and social care providers to ensure an integrated approach, improved patient experience, and cost effective delivery of services
  • Reporting and investigating complaints, legal claims or incidents
  • To review the care and services we provide by service evaluation and clinical audit
  • For training and education
  • For health research and development

 

Devon & Cornwall Care Record

Livewell records also contribute to the Devon & Cornwall Care Record so that our partner organisations can have the information available to best help you. Please see more details regarding this at the end of the document. Only individuals in those organisations that have a legitimate relationship with you by providing a service would access your record. You many opt out of this at any time, please see how to at the end of this document.

 

Information used for Healthcare Planning and Professional assessors

LSW, as a provider of healthcare and commissioned by NHS England, has a legal requirement to submit certain data to the Secondary Uses Service (SUS) which is used for many purposes such as:

  • Healthcare planning
  • Commissioning services
  • Payment by Results
  • Improving public health
  • Developing national policy

 

Data within SUS can be patient identifiable (your name, address and other information is sent), anonymised (you are unidentifiable) or pseudonymised (difficult to identify you from the information sent). You can request that identifiable data items are removed from any information about your care which we send to SUS. In which case, your NHS Number, local patient identifier, name, postcode of usual address and birth date will all be omitted.

We must continue to send non-identifiable information about your care to SUS in order to fulfil our legal obligations and to receive payment for the treatment we provide. Further information about the Secondary Uses Service can be found here.  You can request that your identifiable information is omitted from data sent to SUS by completing this form.

All NHS Trusts are assessed by approved Department of Health bodies. As part of this process, the professional assessors will visit and look at a small number of health records and incident report forms. The assessors are not concerned with individual patient details and they don’t take them away. If you wish to object to your records being made available during an assessment, please let a member of staff know.

 

Other Partner Organisations

We contract with other organisations who provide us with additional expertise to support the work of LSW. On some occasions, they may access personal data, for example, IT Services may have to access computer systems to fix a fault. We ensure the external data processors that support us are legally and contractually bound to operate this process via contracts / Data Processing Agreements. These re-enforce their responsibilities as a data processor to ensure your data is securely protected.

 

Purposes where consent is required

There are also other areas of processing undertaken where consent is required from you. Under GDPR, consent must be freely given, specific, you must be informed and a record must be made that you have given your consent, to confirm you have understood.

If you have asked us to keep you regularly informed and up to date about the work of LSW or if you are actively involved in our engagement and consultation activities or patient participation / wellbeing groups, we will collect and process personal confidential data which you consent to share with us.

Where you submit or publish your details to us for involvement purposes, we will only use your information for this purpose and only with your written consent. You can contact us at any point to withdraw your consent for us to use your photograph, film and words for any new purposes.

Please remember that once an article is published and in circulation it may be copied and used by others (especially online). If you ask us to stop using your photo, film or words in the future we will comply with your request, but we cannot guarantee that other parties will do so.

 

What we do not use your information for

Your health information is never collected for direct marketing and is not sold onto third parties. We do not use your information to make automated decisions with no human intervention.

Using anonymous or aggregate information

This type of data is used to help assess the needs of the general population and / or in the area and surrounding Plymouth. This helps improve the local health population:

  • The quality and efficiency of the health services provided in the area
  • To work out what illnesses people will have in the future, so planning and prioritising of services and ensure these meet the needs of patients in the future
  • Where information is used for statistical purposes, secure measures are taken to ensure individuals cannot be identified

 

How do we keep your personal data safe and maintain confidentiality?

You have the right to privacy and confidentiality under the Data Protection Act (2018) & General Data Protection Legislation (2016), the Human Rights Act (1998) and the Common Law Duty of Confidence. The Equality Act (2010) may also apply in some circumstances. Everyone working for the NHS or providing services on behalf of the NHS has a legal duty to maintain the highest level of confidentiality.

Your information may be stored within electronic or paper records, or a combination of both. We are committed to keeping your personal information safe and secure. All our records are restricted from unauthorised access, use or disclosure. Only those with a legitimate reason can access your personal data. This may be through the use of technology, such as computers, controlled and secured servers or other environmental safeguards. We have training, systems and policies and procedures in place so that everyone working for us is aware of the high standards we expect them to adhere to when handling personal data.

Livewell  Southwest  has  a  senior  person  responsible  for  protecting  the  confidentiality  of  your personal data and ensuring we comply with the law. This is known as the Data Protection Officer, and within our organisation this role sits with our Information Governance Lead

 

Who do we share your personal data with?

We work closely with other NHS and non-NHS organisations to deliver joined up integrated health and social care services to provide you with the best and appropriate care and treatment. Therefore, it may be necessary to share your personal data with these organisations.

We may also share your personal data with regulatory bodies. We will try to share the minimum amount of personal data required, even anonymising data where possible. In such instances, we will ensure the information shared is adequate for the safe provision of care and treatment. We ensure that robust assurances and agreements are in place with the Organisations that we share your information with.

We may share personal data with the following organisations for the purposes of delivering or improving health and social care, or where there is a legal requirement for us to do so:

  • Clinical Commissioning Groups (CCG’s)
  • Health authorities
  • NHS organisations
  • Providers of services on behalf of the NHS
  • General Practitioners (GP’s)
  • Other NHS common service agencies, such as primary care agencies, dentists
  • Ambulance Service
  • Police
  • Social Services
  • Department for Work and Pensions
  • Education Services
  • Voluntary and Private sector providers

 

We share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.

There are certain circumstances where we will process  /  share  personal  information  without  your  consent  and  where  there  is another legal statute or law allowing us to do this which are:

  • To protect children and vulnerable adults
  • When a formal court order has been served upon us; and / or
  • When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
  • Emergency Planning reasons such as for protecting the health and safety of others, or during a critical public emergency
  • When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals (see section on Section 251 of the NHS Act 2006).

 

When analysing current health services and proposals for developing future services, it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking primary care GP data with secondary uses service (SUS) data (inpatient, outpatient and A&E).

In some cases, there may also be a need to link local datasets, which could include a range of acute-based services such as radiology, physiotherapy and audiology, as well as mental health and community-based services such as district nursing and podiatry. When carrying out this analysis, the linking of these datasets is always done using a pseudonym. This means that the data is coded and individuals are not identifiable.

 

What are your information rights?

You have a number of rights under the Data Protection Legislation:

  • To be informed why, where and how we use your information
  • To ask for access to your information
  • To ask for your information to be corrected if it is inaccurate or incomplete
  • To ask for your information to be deleted or removed where there is no need for us to continue processing it. This does not apply to current health records that are within their retention dates.
  • To ask us to restrict the use of your information in certain circumstances
  • In limited circumstances to ask us to copy or transfer your information from one IT system to another
  • To object to how your information is used
  • To challenge decisions made without human intervention (automated decision making)

 

Do you have the right to withdraw or withhold consent for us to share your personal data?

You can withdraw or withhold your consent for information sharing at any time. This is sometimes referred to as ‘opting out’. The possible consequences of withholding your consent will be fully explained to you at the time, should this situation occur. If you chose to prevent your information from being shared to other people involved with your care and treatment, it may mean the care and treatment provided is limited or delayed. In some cases, it may mean certain treatment options cannot be offered.

 

National Data Opt-out Programme

NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how identifiable health and care information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. To find out more:  NHS Digital national data opt out

 

How long do we retain your records?

The Records Management Code of Practice for Health and Social Care 2021 sets out the appropriate length of time each type of NHS record should be retained for. All our records are retained and destroyed in accordance with the Retention Schedule contain with the code of practice. We do not keep your records for longer than necessary.

All records are appropriately reviewed once they have reached their retention period. We will then decide whether the record requires further retention or should be confidential destroyed. All decisions and destructions are documented.

 

How can I access the information you hold about me?

Under the Data Protection Act (1998) and the General Data Protection Regulation (2018), you have the right to request a copy of the information we hold about you, both on paper and electronic. Except for information that:

  • Has been provided about you from someone else if they have not given permission for you to see it
  • Relates to a 3rd party or individual
  • Relates to crime offences and/or is being used for the detection or prevention of crime
  • Could cause physical or mental harm to you or someone else

 

Your request must be made in writing (email is acceptable) and needs to include your full name, any pervious names know by, address, date of birth, NHS number (if known). You will also need to confirm if you require all records or records from care and treatment received at a specific service. You will be required to attend an identity verification appointment with proof of your identity to ensure we maintain your confidentiality.

Your request for access to your health record can be made using one of the following methods:

  • Post: Data Disclosure Team, Livewell Southwest, Hatfield House, Burrington Way, Plymouth, PL5 3LZ
  • Email: [email protected]

 

For help and advice on accessing health records, please feel free to contact the Data Disclosure team on 01752 435111.

For access to your social care information, you will need to contact Plymouth City Council. More information on their procedures or for a copy of their application form, please visit: https://www.plymouth.gov.uk/aboutcouncil/accessinformation/dataprotection

 

Raising a complaint

The Customer Service team are available to assist you if you have any comments, concerns, compliments or complaints about the care or treatment you have received. The team are independent from our clinical services to ensure your concerns/complaints are investigated and responded to in an effective and timely manner. The team can be contact at:

  • Post: Customer Services, Livewell Southwest, 1st Floor, Windsor House,Plymouth, PL6 5UF
  • Email: [email protected]
  • Tel: 01752 435201

Additionally, the Information Commissioners Office (ICO) is the UK’s Data Protection regulator. The ICO has the responsibility of ensuring organisations that hold, use and manage personal data do so in accordance with the law. All data controllers must notify the ICO of all personal data processing activities. Our ICO data protection registration number is Z2807096.

If you are dissatisfied with the way we have handled or shared your personal data you can have the right to raise a complaint with the ICO. This can be done using one of the following methods:

  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Tel: 0303 123 1113 (or 01625 545745 or 44 1625 545745 if calling from overseas)

 

More information on the role of the ICO can be found by visiting: https://ico.org.uk/

 

How to contact us if you have any queries or concerns with this privacy statement

If you have any queries or concerns regarding the personal data we hold about you or questions relating to this privacy statement, please contact our Information Governance team:

  • Post: Data Protection Officer, Livewell Southwest, 1st Floor, Windsor House, Plymouth, PL6 5UF
  • Email: [email protected]
  • Tel: 01752 435110

 

Changes to this statement

We will occasionally update this Privacy statement to reflect company and customer feedback. We therefore encourage you to periodically review this statement in case of any changes.

 

Further information

To learn more about how we use, manage and maintain confidentiality of your personal data, please speak to the health and social care professionals involved with your care.

 

Additional Information

Livewell Sharing into the Devon & Cornwall Care Record (DCCR)

Health and care organisations in Devon and Cornwall collect information on its patients and keeps records about the care and services they’ve provided.

The Devon and Cornwall Care Record pulls together the information from these different health and social care records and displays it in one combined record.

Keeping your personal data safe is a crucial aspect of the Devon and Cornwall Care Record and we take every required measure to keep information secure and confidential.

Shared care records are subject to UK data protection legislation, and individuals with the authority to view records work under strict codes of conduct.

This page provides more detail on the laws that allow us to use your data, who can access your data and how you can object to your data being shared.

The legal basis for using your data is:

Article 6 Condition: ‘Personal data’
Provision of care:
The key basis for processing personal data is:
6(1)(e) Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
Article 9 Condition: Special categories of personal data
The key basis for processing the special category personal data is:
9(2)(h) ‘processing is necessary for the purposes of… the provision of health or social care treatment or services… on the basis of Union or Member state law’.
The Health & Social Care (Safety & Quality) Act 2015 places a duty on organisations providing health and adult social care services to share data where it facilitates the provision of care to an individual in their best interests, unless the individual objects or it relates to an anonymous access service.

Need-to-know access

Only organisations and individuals involved in your care, and who have a legitimate reason, are allowed to view your records. A system is in place to ensure this.

How long is your information held?

Your information will be held according to the NHSX Records Management Code of Practice 2021, which you can read on the NHSX website.

If you’d like to find out more, please contact your health or social care provider directly.

 

Your rights

You have the right to ask for a copy of any information organisations hold about you. If you’d like to see information held about you on your health and care records, please contact the organisations providing your care.

The information displayed in the Devon and Cornwall Care Record is only a partial record of what is held about you by the partner organisations.

If you have any concerns about your health and care data – including possible errors or out-of-date information – please contact the organisations that have provided your care, so it can be corrected.

You can find out more about how information is used in the public interest on the Information Commissioner’s Office website . Your health or care provider’s website will also have more details on how your data is used.

 

Objecting to sharing your data

The Devon and Cornwall Care Record allows health and care staff to see a more complete picture of your medical history. It includes vital information such as allergies, medication, test results, and any interventions you may be receiving, or have had in the past.

When staff are more informed, it helps them to make the right decisions quickly, providing better and safer care. This is especially important during emergency situations or out of normal working hours. Only staff involved in your care, and who have a legitimate reason are allowed to view your records.

If you have concerns about your data being shared in this way, you can raise an objection. The best way to do this is by contacting the staff who are providing your care, but if you’re not sure which organisations provide your care, you can raise an objection directly with the Devon and Care Record using the form below.

However, if you do register an objection, you should understand that it could negatively impact the care you receive. If health and care staff are unable to access your medical record:

  • It might mean that tests or investigations are repeated because results from other organisations can’t be accessed.
  • You may need to repeat the same information to different staff.
  • The staff treating you won’t be able to see what has happened to you in different parts of the NHS. They will only be able to see the record in their organisation such as that particular hospital or GP practice.
  • They might not know what medication you’re taking.
  • It may delay treatment.
  • It will not stop health and care staff contacting one another to ask questions about your history.
  • You may not be conscious or able to share details about your medical history if you arrive at hospital.

You should also be aware that if you choose to object, you are only objecting to electronic sharing of your medical record through the Devon and Cornwall Care Record. Other information sharing projects – such as the Summary Care Record – are operated and managed separately, so you need to object to each programme individually.

If you are aged 16 or above, we will process your request by carrying out our normal checks on the details you have given us.

If you are under 16, we will consider your right to object if the form has been completed by somebody acting on your behalf such as a parent or guardian. If it has not, we will ask a recognised health or care professional if they consider you to be competent to make such a decision.

We will respect your choice and restrict access to your, or the person you are acting on behalf of, health and social care information by professionals in our partner organisations where you’ve made use of the right to object unless this will impact the clinical safety of either yourself, or any other person.

To carry out your wishes we will need to keep some information such as your name, date of birth and NHS number. This will ensure all partner organisations know about your decision to object so you don’t have to notify all the different organisations across Devon and Cornwall who might be involved in your care.