Need to talk?
Service User Privacy Notice
Covid-19 and your information
Privacy Notice on Covid-19 for patients/service users
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is below.
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak.
Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non- clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency we may offer you a consultation via telephone or video- conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently.
What is our legal basis for processing your personal information?
Processing of patient information comes under Public Task in connection with your health care is necessary for the purposes of health and social care.
Why do we collect personal information?
The staff caring for you need to collect and maintain information about your health and treatment so that you can be given the best possible care. This personal information can be held in a variety of formats, including paper records, electronically on computer systems.
How do we store and share information of people we support
We use SystmOne, an electronic patient records system to store clinical information on the people supported by our services.
Hospice staff: Access is granted to those responsible for care, this includes health care professionals, doctors, chaplaincy, administrative roles and management.
Under direct care your health care records may be shared with other healthcare organisations
However, we will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or where current legislation permits or requires it.
What types of information are collected
All information we collect will be necessary to delivering care to people, information such as:
Full name, address, date of birth, services used, healthcare services, gender identity, ethicnicty number, email address, government services and location data.
Some of the above information is classed as Special Category Data. Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.
We would process special category data in accordance with GDPR law Article 9 (2) (h):
“Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;.”
Visiting the Hospice’s premises
The Hospice uses CCTV systems for the legitimate purposes of security and for the vital interests of employees and people in our care.
Recorded images are accessed by written request to the Hospice and deleted every 30 days, however in periods of increased activity, we increase the retention period to three months.
Data is only shared with the police and insurance companies in specific circumstances.
In general, the Hospice’s reception team use paper record systems to log calls, records of visitors, staff and volunteers present in the building with information being retained only for its purposes. Paper records are shredded when they’re no longer needed.
We process the information in relation to keeping people on the premises safe.
National Data Opt-Out
The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs.
Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by calling 0300 3035678.
By 2020 all health and care organisations are required to be compliant with the national data opt-out policy. NHS Digital and Public Health England are already compliant and are applying national data opt-outs.