GDPR and Privacy

Your personal data and privacy

Care Plus Group Service User General Data Protection Regulation Privacy Notice 

What information do we collect and how do we use it?

We aim to provide you with the highest quality of health care.  To do this we must keep records about you, your health and the care we have provided or plan to provide to you.

These records may include:

  • Basic details about you, such as address, date of birth, next of kin
  • Contact we have had with you such as appointments and home visits
  • Notes and reports about your health
  • Details and records about your treatment and care
  • Relevant information from people who care for you and know you well, such as health professionals and relatives

We follow NHS good practice and will:

  • Discuss and agree with you what we are going to record about you
  • Give you a copy of letters we are writing about you
  • Show you what we have recorded about you, if you ask

How we use your information?

We use your records to:

  • Provide a good basis for any treatment or advisory services we provide to you
  • Allow you to work with us when we provide treatment or advice
  • Make sure your treatment is safe and effective, and the advice we provide is appropriate and relevant to you
  • Work effectively with others providing you with treatment or advice

How we keep your records confidential?

We have a duty to

  • Maintain full and accurate records of the care we provide to you
  • Keep records about you confidential, secure and accurate
  • Provide information in a format that is accessible to you (e.g. in large type if you are partially sighted).

We will not share information that identifies you for any reason, unless:

  • You ask us to do so
  • We ask and you give us specific permission
  • We have to do this by law
  • We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed)

Our guiding principle is that we are holding your records in strict confidence.

Who we may share information with?

We may share information about you with the following main partner organisations:

  • NHS commissioners of care – in particular the organisation that referred you to us for treatment, assistance or advice
  • Other providers involved in your care – such as a hospital or your GP

We use the Yorkshire and Humber Care Record to access some of your information, there is a leaflet at the bottom of this section explaining what it is and how you can opt out of its use.

We may also share your information with your consent and, subject to strict sharing protocols about how it will be used with:

  • Social Services (FOCUS)
  • Education Services
  • Local Authorities (North East Lincolnshire Council)
  • Voluntary Sector Providers
  • Private Sector

We may also share your information with your consent with others that need to use records about you to:

  • Check the quality of treatment or advice we have given you
  • Protect the health of the general public
  • Manage the health service
  • Help investigate any concerns or complaints you or your family have about your health care

Some information we have to share is used for statistical purposes, and in these instances we take strict measures to ensure that individual service users cannot be identified.

Open Door and Quayside GP Practices are supporting vital health and care planning and research by sharing your data with NHS Digital. For more information about this see the GP Practice Privacy Notice for General Practice Data for Planning and Research

National Data Opt Out

Information may only be used for purposes beyond your care when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations.  Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified, in which case your confidential information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters

You can find out more about how patient information is used for research at: https://www.hra.nhs.uk/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can apply your national data opt-out choice. Our organisation is able to apply your national data opt-out choice to any confidential patient information we may use or share with other organisations for purposes beyond your individual care.

Anyone who receives information from us also has a legal duty to keep it confidential.

If you do not wish personal data that we hold about you to be used or shared in the way that is described in this leaflet, please discuss the matter with us, contact details shown below. You have the right to object, but this may affect our ability to provide you with care or advice.

Your Rights

You have the right to confidentiality under the General Data Protection Regulation 2016 (GDPR), the Human Rights Act 1998 and the common law duty of confidentiality (the Equality Act 2010 may also apply).

Transparency

You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

Right to Object

You have the right to object to some or all the information being processed under GDPR Article 21.

Please contact the Data Controller (contact information shown below).  You should be aware that this is a right to raise an objection, but this is not the same as having an absolute right to have your wishes granted in every circumstance.

Right to Access and Rectification

You have the right to apply for access to the information we hold about you and to have any inaccuracies corrected.  Access covers:

The right to obtain a copy of your record in permanent form;

The right to have the information provided to you in a way you can understand (and explained where necessary, e.g. abbreviations).

Please note that there is no right to have accurate medical records deleted except when ordered by a court of Law.

Obtaining a copy of your record

Please contact the Data Controller (contact information shown below), to request guidance on how to obtain a copy of your record. Also note that:

Your request will need to include sufficient information to enable us to correctly identify your records (e.g. full name, address, date of birth, NHS number (if known))

There is no charge to provide you with a printed copy of the information we hold about you

We will respond to you within one month of receiving your request

You will be required to provide a form of ID before any information is released to you

Right to Data Portability

Your information will be provided to you in a structured format that will make it easy to transfer to another data controller (such as another healthcare provider).

Right to Complain

You have the right to complain to the Information Commissioner’s Office if you feel your rights have been breached by telephoning 0303 123 1113 or visiting the ICO website

Legal Information

We are required by the General Data Protection Regulation (2016) to provide you with the following information relating to the processing of your personal information:

Data Controller

Care Plus Group,

Company number – IP031272

c/o Business Unit

Westgate Park

Charlton St

Grimsby DN31 1SQ

Email us at cpg.businessunit@nhs.net

or telephone 01472 266974

 

Data Protection Officer

c/o Business Unit

Westgate Park

Charlton St

Grimsby DN31 1SQ

Email us at cpg.businessunit@nhs.net

or telephone 01472 266974

 

Lawful basis for processing:

The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this organisation and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”

 

Retention Period:

The data will be retained in line with the law and national guidance.

Click here for NHS Code of Practice.

Click here for a copy of our GDPR and Privacy leaflet.

Click here for a copy of our Easy Read Privacy Notice.

Click here for a copy of our Yorkshire and Humber Care Record leaflet.

Our Latest News