Livewell Southwest: Privacy Statement
Your information and what we do with it
Livewell Southwest CIC (“We”) takes your confidentiality and privacy rights seriously. This privacy statement is issued by us to patients, service users, visitors, carers, the public and staff to explain how we collect, use and manage the personal data we hold about you. This includes how we share information with other NHS and non NHS organisations, and how we maintain confidentiality.
What is personal data?
Personal data is information about a living, identifiable individual. Your personal data is any information that can be connected to you personally including your name, date of birth, next of kin, health conditions and treatment you receive. If you can be identified from the information, it becomes your personal data. Examples of personal data used and held by us include:
- Name, address, date of birth, NHS number
- Contact information such as telephone numbers, next of kin
- Details of any allergies and physical or mental health conditions
- Notes and reports about your health and any treatment and care you have received
- Religion or other beliefs of a similar nature
- Family, lifestyle and/or social circumstances
- Employment details
- Financial details
Why and how we collect data
We need to collect and keep records containing your personal data to support the delivery of the appropriate care and treatment at the right time, in the right place. This helps ensure you receive the best possible care from us and that full information is available should you need to see a different medical professional, or are referred to a specialist service. We collect information in a number of ways such as from other health or social care professionals, from your GP or directly from you.
We also collect and keep records relating to staff, which includes details of pay, appointments or removals, discipline, work management, training or other personnel matters. This ensures that employment is managed to a high standard and staff are provided with the right information and training required to carry out their roles.
Your information may also be collected for other purposes such as CCTV recordings used for crime prevention, if you make an enquiry/complaint, or complete a survey. In all situations, we are legally bound by UK data protection law.
How we use your personal data
Your health and social care record is used by staff:
- To ensure staff involved with your care and treatment have accurate and up-to-date information about you and your needs
- To assist with decision making and care planning to ensure your treatment is safe and efficient
- Keeping you informed and contacting you in relation to your care and treatment
- Full information is available should you need to see another health or social care professional or be referred to a specialist service
- There is a good accurate basis for assessing the type and quality of care you have received
- If you need to complain, your concerns can be investigated properly
When we collect your mobile telephone number we use this to send you helpful reminders of your appointments. If you do not wish to receive these alerts, please let a member of staff know.
Summary Care Record
Livewell Southwest utilises the Summary Care Record (SCR) system to support patient care. The SCR is a copy of key information from your GP record. It provides authorised healthcare staff with faster, secure access to essential information about you when you need unplanned care or when your GP practice is closed. You can find out more about SCR here Summary Care Record
In addition to your information being used for health and social care purposes, your records may be used to help the NHS in the following ways:
- Looking after the health, safety and needs of the general public and local health economy – for example notifying central NHS groups of outbreaks of infectious diseases
- Preparing NHS statistics on NHS performance
- To ensure health and social care provisions meets the needs of the local communities now and in the future
- Reporting events to the appropriate authorities when we are required by law to do so
- Sharing key information with other health and social care providers to ensure an integrated approach, improved patient experience, and cost effective delivery of services
- Reporting and investigating complaints, legal claims or incidents
- To review the care and services we provide by service evaluation and clinical audit
- For training and education
- For health research and development
Information used for Healthcare Planning and Professional assessors
Livewell Southwest, as a provider of healthcare and commissioned by NHS England, has a legal requirement to submit certain data to the Secondary Uses Service (SUS) which is used for many purposes such as:
- Healthcare planning
- Commissioning services
- Payment by Results
- Improving public health
- Developing national policy
Data within SUS can be patient identifiable (your name, address and other information is sent), anonymised (you are unidentifiable) or pseudonymised (difficult to identify you from the information sent). You can request that identifiable data items are removed from any information about your care which we send to SUS. In which case, your NHS Number, local patient identifier, name, postcode of usual address and birth date will all be omitted.
We must continue to send non-identifiable information about your care to SUS in order to fulfil our legal obligations and to receive payment for the treatment we provide. Further information about the Secondary Uses Service can be found here. You can request that your identifiable information is omitted from data sent to SUS by completing the following form below.
All NHS Trusts are assessed by approved Department of Health bodies. As part of this process, the professional assessors will visit and look at a small number of health records and incident report forms. The assessors are not concerned with individual patient details and they don’t take them away. If you wish to object to your records being made available during an assessment, please let a member of staff know.
Other Partner Organisations
We contract with other organisations who provide us with additional expertise to support the work of LSW. On some occasions, they may access personal data, for example, IT Services may have to access computer systems to fix a fault. We ensure the external data processors that support us are legally and contractually bound to operate this process via contracts / Information Sharing Agreements. These re-enforce their responsibilities as a data processor to ensure your data is securely protected.
Purposes where consent is required
There are also other areas of processing undertaken where consent is required from you. Under GDPR, consent must be freely given, specific, you must be informed and a record must be made that you have given your consent, to confirm you have understood.
If you have asked us to keep you regularly informed and up to date about the work of LSW or if you are actively involved in our engagement and consultation activities or patient participation / wellbeing groups, we will collect and process personal confidential data which you consent to share with us.
Where you submit or publish your details to us for involvement purposes, we will only use your information for this purpose and only with your written consent. You can contact us at any point to withdraw your consent for us to use your photograph, film and words for any new purposes.
Please remember that once an article is published and in circulation it may be copied and used by others (especially online). If you ask us to stop using your photo, film or words in the future we will comply with your request, but we cannot guarantee that other parties will do so.
What we do not use your information for
Your health information is never collected for direct marketing and is not sold onto third parties. We do not use your information to make automated decisions with no human intervention.
Using anonymous or aggregate information
This type of data is used to help assess the needs of the general population and / or in the area and surrounding Plymouth. This helps improve the local health population:
- The quality and efficiency of the health services provided in the area
- To work out what illnesses people will have in the future, so planning and prioritising of services and ensure these meet the needs of patients in the future
- Where information is used for statistical purposes, secure measures are taken to ensure individuals cannot be identified
How do we keep your personal data safe and maintain confidentiality?
You have the right to privacy and confidentiality under the Data Protection Act (2018) & General Data Protection Legislation (2016), the Human Rights Act (1998) and the Common Law Duty of Confidence. The Equality Act (2010) may also apply in some circumstances. Everyone working for the NHS or providing services on behalf of the NHS has a legal duty to maintain the highest level of confidentiality.
Your information may be stored within electronic or paper records, or a combination of both. We are committed to keeping your personal information safe and secure. All our records are restricted from unauthorised access, use or disclosure. Only those with a legitimate reason can access your personal data. This may be through the use of technology, such as computers, controlled and secured servers or other environmental safeguards. We have training, systems and policies and procedures in place so that everyone working for us is aware of the high standards we expect them to adhere to when handling personal data.
Livewell Southwest has a senior person responsible for protecting the confidentiality of your personal data and ensuring we comply with the law. This is known as the Data Protection Officer, and within our organisation this role sits with our Information Governance Lead.
Who do we share your personal data with?
We work closely with other NHS and non-NHS organisations to deliver joined up integrated health and social care services to provide you with the best and appropriate care and treatment. Therefore, it may be necessary to share your personal data with these organisations. We may also share your personal data with regulatory bodies. We will try to share the minimum amount of personal data required, even anonymising data where possible. In such instances, we will ensure the information shared is adequate for the safe provision of care and treatment. We ensure that robust assurances and agreements are in place with the Organisations that we share your information with.
We may share personal data with the following organisations for the purposes of delivering or improving health and social care, or where there is a legal requirement for us to do so:
- Clinical Commissioning Groups (CCG’s)
- Health authorities
- NHS organisations
- Providers of services on behalf of the NHS
- General Practitioners (GP’s)
- Other NHS common service agencies, such as primary care agencies, dentists
- Ambulance Service
- Social Services
- Department for Work and Pensions
- Education Services
- Voluntary and Private sector providers
We share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.
We would not share information that identifies you unless you have given us permission (consent). However, there are certain circumstances where we will process / share personal information without your consent and where there is another legal statute or law allowing us to do this which are:
- To protect children and vulnerable adults
- When a formal court order has been served upon us; and / or
- When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
- Emergency Planning reasons such as for protecting the health and safety of others, or during a critical public emergency
- When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals (see section on Section 251 of the NHS Act 2006).
When analysing current health services and proposals for developing future services, it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking primary care GP data with secondary uses service (SUS) data (inpatient, outpatient and A&E).
In some cases, there may also be a need to link local datasets, which could include a range of acute-based services such as radiology, physiotherapy and audiology, as well as mental health and community-based services such as district nursing and podiatry. When carrying out this analysis, the linking of these datasets is always done using a pseudonym. This means that the data is coded and individuals are not identifiable.
What are your information rights?
You have a number of rights under the Data Protection Legislation:
- To be informed why, where and how we use your information
- To ask for access to your information
- To ask for your information to be corrected if it is inaccurate or incomplete
- To ask for your information to be deleted or removed where there is no need for us to continue processing it
- To ask us to restrict the use of your information in certain circumstances
- In limited circumstances to ask us to copy or transfer your information from one IT system to another
- To object to how your information is used
- To challenge decisions made without human intervention (automated decision making)
Do you have the right to withdraw or withhold consent for us to share your personal data?
You can withdraw or withhold your consent for information sharing at any time. This is sometimes referred to as ‘opting out’. The possible consequences of withholding your consent will be fully explained to you at the time, should this situation occur. If you chose to prevent your information from being shared to other people involved with your care and treatment, it may mean the care and treatment provided is limited or delayed. In some cases, it may mean certain treatment options cannot be offered.
National Data Opt-out Programme
NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how identifiable health and care information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. To find out more: NHS Digital national data opt out
How long do we retain your records?
The Records Management Code of Practice for Health and Social Care 2016 sets out the appropriate length of time each type of NHS record should be retained for. All our records are retained and destroyed in accordance with the Retention Schedule contain with the code of practice. We do not keep your records for longer than necessary.
All records are appropriately reviewed once they have reached their retention period. We will then decide whether the record requires further retention or should be confidential destroyed. All decisions and destructions are documented.
How can I access the information you hold about me?
Under the Data Protection Act (1998) and the General Data Protection Regulation (2018), you have the right to request a copy of the information we hold about you, both on paper and electronic. Except for information that:
- Has been provided about you from someone else if they have not given permission for you to see it
- Relates to a 3rd party or individual
- Relates to crime offences and/or is being used for the detection or prevention of crime
- Could cause physical or mental harm to you or someone else
Your request must be made in writing (email is acceptable) and needs to include your full name, any pervious names know by, address, date of birth, NHS number (if known). You will also need to confirm if you require all records or records from care and treatment received at a specific service. You will be required to attend an identity verification appointment with proof of your identity to ensure we maintain your confidentiality.
Your request for access to your health record can be made using one of the following methods:
- Post: Data Disclosure Team, Livewell Southwest, Hatfield House, Burrington Way, Plymouth, PL5 3LZ
- Email: [email protected]
For help and advice on accessing health records, please feel free to contact the Data Disclosure team on 01752 435111.
For access to your social care information, you will need to contact Plymouth City Council. More information on their procedures or for a copy of their application form, please visit: https://www.plymouth.gov.uk/aboutcouncil/accessinformation/dataprotection
Raising a complaint
The Customer Service team are available to assist you if you have any comments, concerns, compliments or complaints about the care or treatment you have received. The team are independent from our clinical services to ensure your concerns/complaints are investigated and responded to in an effective and timely manner. The team can be contact at:
- Post: Customer Services, Livewell Southwest, 1st Floor, Windsor House, Plymouth, PL6 5UF
- Email: [email protected]
- Tel: 01752 435201
Additionally, the Information Commissioners Office (ICO) is the UK’s Data Protection regulator. The ICO has the responsibility of ensuring organisations that hold, use and manage personal data do so in accordance with the law. All data controllers must notify the ICO of all personal data processing activities. Our ICO data protection registration number is Z2807096.
If you are dissatisfied with the way we have handled or shared your personal data you can have the right to raise a complaint with the ICO. This can be done using one of the following methods:
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Tel: 0303 123 1113 (or 01625 545745 or 44 1625 545745 if calling from overseas)
More information on the role of the ICO can be found by visiting: https://ico.org.uk/
How to contact us if you have any queries or concerns with this privacy statement
If you have any queries or concerns regarding the personal data we hold about you or questions relating to this privacy statement, please contact our Information Governance team:
- Post: Data Protection Officer, Livewell Southwest, 1st Floor, Windsor House, Plymouth, PL6 5UF
- Email: dataprotec[email protected]
- Tel: 01752 435110
Changes to this statement
We will occasionally update this Privacy statement to reflect company and customer feedback. We therefore encourage you to periodically review this statement in case of any changes.
To learn more about how we use, manage and maintain confidentiality of your personal data, please speak to the health and social care professionals involved with your care.