Privacy Policy

Please contact us directly if you require
any more information regarding our policies.

‍‍

Your Information

Our organisation takes your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller, and our registration number is ZA894939 which can be checked by searching the ICO Register using This Link.

If you have any questions or wish to make a request in relation to your information, please contact us using the details on our main page, or contact our Data Protection Officer at emma.cooper35@nhs.net

Our organisation aims to support the highest quality health care for you. To do this we may need to keep records about you, your health, and the care that has been provided or planned for you.

Your doctor and other health professionals caring for you, such as nurses or physiotherapists, keep records about your health and treatment so that they are able to provide you with the best possible care.

These records are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and may include Personal Data such as:

‍

Basic details about you, such as address, date of birth, NHS number, and next of kin as well as Sensitive Personal Data;
Contact we have had with you, such as clinical visits
Notes and reports about your health
Details and records about your treatment and care
Results of x-rays, laboratory tests etc

Healthcare providers are permitted to collect, store, use, and share this information under Data Protection Legislation which has a specific section related to healthcare information.

‍

What We Do With Your Information

We may use you information for reasons such as:

‍

Referring you to other healthcare providers when you need other services or tests
Share samples with laboratories for testing (like blood samples)
Share test results with hospitals or community services
Allow out of hours or extended hours GPs to look at your health record when you are going to an appointment
Send prescriptions to a pharmacy
Samples are provided to the courier for delivery to pathology
Share reports with the coroner
Receive reports of medical appointments you have attended elsewhere

What Else We Use Your Information For

Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services. For example:

Quality / payment / performance reports are provided from GP Practices

As part of clinical research. Any information that identifies you will be removed, unless you have consented to being identified

Undertaking clinical audits of staff working in practices, and of services being provided

Supporting staff training

Incident and complaint management

Secondary Use Of Data

Click here to find out about Secondary Use of Data

‍

Sharing When Required By Law

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases, or where required by court order.

‍

Care Quality Commission Access to Health Records

The Care Quality Commission (CQC) has powers under the Health and Social Care Act 2008 to access and use your health information where it is necessary to carry out their functions as a regulator.

This means that inspectors may ask to look at certain records to decide whether you are being provided with safe, good quality care.

‍

Your Rights

Information Access and Rights

Data protection law provides you with a number of rights that Health West Norfolk is committed to supporting you with;

Right to Access

You have the right to obtain:

Confirmation that your information is being used, stored or shared by Health West Norfolk
A copy of information held about you

We will respond to your request within one month of receipt or will tell you when it might take longer. We are required to validate your identity including the identity of someone making a request on your behalf.

Right to Object or Withdrawn Consent

We mainly use, store and share your information because we are permitted to in order to deliver your healthcare but you do have a right to object to us doing this.

Where we are using ,storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.

Our Data Protection Officer will be happy to speak with you about any concerns you have.

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it.

There may be occasions, where we are required by law to maintain the original information –our Data Protection Officer will talk to you about this and you may request that the information is not used during this time.

We will respond to your request within one month of receipt or will tell you when it might take longer.

Right to Complain

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

For more detailed information on your rights visit here.

Case Finding and Profiling

Sometimes your information will be used to identify whether you need particular support from us.

Those involved in your care might look at particular ‘indicators’ (such as particular conditions) and contact you or take action for healthcare purposes.

For example, this might be to prevent you from having to visit accident and emergency by supporting you in your own home or in the community.

We will use automated technology to help us to identify people that might require support but ultimately, the decision about how or whether to provide extra support to you is made by those involved in your care.

Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.

Children and Young People

Young people from aged 13 (and sometimes younger) are allowed to make decisions about how their health information is shared.

A parent or guardian may apply for access to young person's information. If a young person does not consent – we may not provide access to the adult.

If the young person does not have the capacity to understand, we may provide access to the adult because it is in the young person's best interest to do so.

Young people can ask us to keep certain parts of their information confidential.

If the young person is making decisions about their information that puts them at risk, we may notify adults with parental rights.

Sharing Partners and Projects

We provide services to a number of practices in the area. This means we will share information with health and social care providers to deliver some of our services.

Click here to find out about our sharing partners across Norfolk and Waveney.

Our work with Primary Care Networks can also involve the sharing of information. For more information regarding this please click here.

Data Processors

Health West Norfolk will use third parties to provide services that involve your information such as;

Removal and destruction of confidential waste
Provision of clinical systems
Provision of connectivity and servers
Data analytics or warehousing (these allow us to make decisions about care or see how effectively services are running – personal data will never be sold or made available to organisations not related to your care delivery)

We have contracts in place with these third parties that prevent them from using data in any other way than instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.

How Do We Keep Your Information Safe?

We are committed to ensuring the security and confidentiality of your information.

There are a number of ways we do this:

Staff receive annual training about protecting and using personal data

Policies are in place for staff to follow and are regularly reviewed

We check that only the minimum amount of data is shared or accessed

We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’

We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information

We report and manage incidents to make sure we learn from them and improve

We put in place contracts that require providers and suppliers to protect your data as well

We do not send your data outside of the EEA

Data breaches

In the event of a data breach, the affected individuals will be contacted within the timescales specified by GDPR, and a full report – highlighting any risks – will be provided.

‍

How we use cookies

We may obtain information about your general Internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:

‍

To estimate our audience size and usage pattern;
To store information about your preferences, and so allow us to customise our site according to your individual interests;
To speed up your searches;
To recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

‍

Third party links

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

‍