Patient privacy notice
- Who we are
- Why we collect information about you
- How your information will be used
- How we keep it safe and confidential
GDPR – General Data Protection Regulation
Personal data: any information relating to an identifiable individual such as your name, NHS number, contact details. It can also be location data or online identifier.
Special categories of personal data are defined as: racial or ethnic origin, politics, religious or philosophical beliefs, trade union membership, genetics, biometrics (where used for identification) information concerning your health, sex life or sexual orientation.
- Who are we?
Dermatology services are provided by Virgin Care Services Limited. We are the data controller for any personal information we hold about you.
Virgin Care Services Ltd is a limited company who are registered in England and Wales, number 07557877. Registered office: Virgin Care Services Ltd,6600, Daresbury Business Park, Daresbury WA4 4GE part of the Virgin Care Group of companies.
- The information we collect and use
We will collect basic ‘personal data’ about you such as your name, date of birth (d.o.b), address and contact details. We may also ask you for more sensitive data, called ‘special category data’ such as your ethnicity and information about your health and outcomes of needs assessments. This information is held in written form and/or in digital form.
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation (eg information from Hospitals, GP surgeries etc). These records help to provide you with the best possible healthcare and help us to protect your safety.
In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We may collect the information from you or other trusted parties involved in your care.
This may include:
- Details about you, such as your address, NHS number, next of kin and/or carer information
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health and safeguarding
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you
- How we use your information
Your records are used to:
- Provide information to make health decisions made by care professional with and for you
- Make sure your care is safe and effective
- Support working with other providing your care
We may also use, or share, your information for the following purposes:
- Looking after the health of the general public
- Making sure that our services can meet patient needs in the future
- Preparing statistics on NHS performance and activity
- Investigating concerns, complaints or legal claims
- Helping colleagues review the care they provide to make sure it is of the highest standards
- Training and educating staff
- For research purposes (we will always ask your consent for this)
- Services we provide
- North and North East Lincolnshire Dermatology
- Bassetlaw Dermatology Service
- Lincolnshire East and West Dermatology Service
- Oldham Total Skin Service
- Who we share your information with
We may also share your information for the provision of your care or for another legal obligation with the following organisations and partners:
- NHS Trusts/Foundations
- Community Services such as district nurses and rehabilitation services,
- Urgent care organisations, minor injury units or out of hours services
- Community and palliative care hospitals
- Care Home
- Mental Health Trusts
- Dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- NHS England (NHSE) and NHS Digital (NHSD)
- Local Authorities
- Education Services
- Police and Judicial Services
- Virgin Care Support teams
- Clinical Collective Limited
- Spire Healthcare
- British Association of Dermatologists Biologic Interventions Register (BadBIR)
- Lloyds Healthcare at Home
- Healthnet at Home
- Net Doctor
- Patient UK
- Barton – The Odyssey Centre
- Lymphoedema Service
- Spiritual Care Services
- Age UK
- The Carers Support Centre
- Changing Faces
- MacMillan Cancer Support
- Maggie’s Centre’s
- Marie Curie
- Skin Cancer Hub
- Skin Cancer Foundation
When we share your information:
We may share information about you for the following purposes;
- To support your health and care arrangements including referrals, pathology and other results
- If it is in your best interests
- Recommendations for special arrangements at home
- To manage incidents that you have been involved in
- To deal with complaints and investigations
- Requests for information from official authorities or your representatives
- Your records if the service is transferring to us under contract or if you are moving out of area
- The prevention and detection of crime
- Funding requests or payments
- Integrated care initiatives
- Legal advice or proceedings
- Responding to legal requests and court orders
- Public health notifications
Our partners and other recipients:
- We work in partnership with commissioners, other health and care providers such as primary care services, local authorities, NHS trusts, pathology providers etc.
- Prison service relating to prison healthcare
- Local Safeguarding Boards
- We may use trusted providers to host our IT, archiving, email and texting services and surveys
- We may use corporate teams within the Virgin Care Group who provide ‘back office’ support on behalf of services within our group such as communications and marketing, information governance, clinical governance and IMT.
Our legal basis for processing your personal information:
- Providing and managing health and social cares services to our patients service users and clients
- Legitimate interests for statistical and scientific analysis purposes – (BADBIR) – for the provision of treatment monitoring rates of untoward medical events. The results will then be used to provide patients with a better picture of any increased risk of the new therapies.
- Performance of a task carried out in the public interest or in the exercise of official authority
- Necessary for a legal obligation such as responding to a request from a coroner
- Necessary for reasons in the area of public health such as in the event of an outbreak of a disease
Our legal basis for processing special categories “sensitive” personal information:
- We need to use the data in order to provide medical diagnosis, health and social care treatment services to you
- Social protection law for safeguarding purposes
- Where it is necessary to protect your vital interests
- How long do we keep your information
We will keep your healthcare record in accordance with the national guidance: Records Management Code of Practice for Health and Social Care 2016, after which records and confidential information are securely destroyed in line with this code of practice.
- How we keep your information safe
Everyone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law.
The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure information is kept confidential and receive regular training on how to do this.
The health records we use will be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel.
We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- General Data Protection Regulation
- Human Rights Act
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
- Health and Social Care Act 2015
- And all applicable legislation
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it.
We will not disclose your information to any third party without an appropriate legal basis and there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.
- How the NHS and care services use your information
Dermatology Services is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service.
Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
- Access to your information, your rights and corrections
Keeping us updated of any changes
Please let us know if you change your address or contact details etc. so that we can keep your information up to date. If you have a concern about some of the information held on your record, you can contact us about it or request a copy of your record.
How to request a copy of your record
You can request a copy of your records via our Data Subject Access Requests (DSAR) portal.
Our portal supports the management of requests with regards to records and/or alterations/concerns. Your request will be directed to our Privacy Team which will ensure that the correct service receives your request promptly.
To progress the request you will need proof of identity as follows:
- Driving licence or Passport or Work ID badge or Bus Pass or a witness to your signature by someone who is over 18 and is not a relative, (preferably by your doctor/solicitor on their headed business paper) as proof of identity
- Bank statement or Pay slip or Utility bill or a Letter on headed paper from a local authority or similar as proof of residence.
If you are a Representative acting on a data subject’s behalf you will need proof of your identity as well as proof that the data subject is freely giving consent to the request, or you have the appropriate legal authority.
If you would like more information about your records, please ask at reception, speak to the person proving your care or contact our Data Protection Officer: Sarah Murray, Head of Information Governance, Virgin Care. Email: firstname.lastname@example.org
Data Protection laws provides you with the following rights:
|The right of access||You are entitled to request a copy of the personal data we hold about you.|
|The right to rectification||You are entitled to request changes to information if it is inaccurate or incomplete
|The right to erasure||Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data.|
|The right to restrict processing||Under certain circumstances, you may ask us to stop processing your personal data. We will still hold the data, but will not process it any further.|
|The right to data portability||Subject to certain conditions, you may request a copy of your personal data to be transferred to another organisation.|
|The right to object to processing||You have the right to object to our processing of your data where
· Processing is based on legitimate interest;
· Processing is for the purpose of direct marketing;
· Processing is for the purposes of scientific or historic research;
· Processing involves automated decision-making and profiling.
Please note that the above rights may not apply in all circumstances but we will respond within a month of any requests. If you have any questions or concerns about the information we hold on you, please contact our Data Protection Officer by one of the following options:
Via our secure Data Subject Access Requests (DSAR) portal
Email the central IG Team: email@example.com
Tel: 01928 242942
Post: FAO Sarah Murray Head of Information Governance & Data Protection Officer
6600 Daresbury Business Park
If you are not happy about the way your information is handled, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioners Office (ICO).
Changes to our privacy notice
We will update this privacy notice from time to time to reflect any changes to our ways of working. Please contact our data protection officer if you would like more information.