This notice is applicable to all patients.
I am registered with the Information Commissioner Office (ICO) registration as he collects and processes personal information about you. This notice explains how I use and share your information. Information may be collected in the following formats – paper, telephone, email, CCTV or by a member of our staff.
Why do I collect data about you?
I need information about you so that I can give you the best possible care. When you come into contact with the health service provided at the Hospitals & Clinics where I work you will be asked to provide details about yourself. This information will help & may contribute to the following:
Delivery of high quality healthcare services
Confirm your identity to ensure accurate, up to date information to provide the best possible care and treatment for you.
Support the provision of joined up services that meet your holistic health and social care needs.
Plan, manage and work out what care service are needed and when
It will enable the hospital to be paid for your treatment
To support audits of NHS services and accounts
Contributes to national NHS Statistics
Finding better ways to prevent illness and treat conditions
I may not be able to provide you with a service unless I have enough information, or your permission to use that information.
For processing to be lawful under the General Data Protection Regulations (GDPR) I need to identify a lawful basis before I can process personal data. These are often referred to as ‘the conditions for processing’. The identified legal basis to process healthcare data is:
‘6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
What information do I collect about you?
What are the different types of data?
According to the Data Protection Act, personal data means any information relating to an identified or identifiable individual; an identifiable person is one who can be identified directly or indirectly.
Sensitive Personal Data relates to information concerning a data subject’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life or details of criminal offences.
Pseudonymised data takes the most identifying fields within a database and replaces them with artificial identifiers or pseudonyms. For example a name is replaced with a unique number. Pseudonymised data is not the same as anonymised data. When data has been pseudonymised it still retains a level of detail in the replaced data that should allow tracking back of the data to its original state. Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place. This allows for a much wider use of the information.
CCTV systems are installed in some of the premises I use, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of the building for the purposes of monitoring building security and crime prevention and detection.
Images captures by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. The operators of the CCTV do so and disclose in accordance with the codes of practice issued by the Information Commissioner.
How I use your information
I will use the information you provide in a manner that conforms to the Data Protection Act. I will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept. The retention period set within the NHS are contained in the Records Management Code of Practice for Health and Social Care.
I will process your information for the following purposes:
Staff caring for you have accurate and up to date information to help them decide the best possible care and treatment needed for you
I can contact you in relation to your care and treatment
Information is available should you need another form of care, for example if you are referred to another specialist or another part of the NHS
There is a good basis for looking back and assessing the type and quality of care you have received
Your concerns can be properly investigated should you need to complain
How your information is used for other purposes
In addition to supporting the care you receive, your information may also be used to help us:
Look after the health of the general public.
Review the care I provide to ensure it is of the highest standard.
Investigate complaints, legal claims or untoward incidents
Make sure our services can meet patient needs in future
Prepare statistics on NHS & Independent Hospital performance
Ensure treatments and services meet the needs of the local communities
Monitor the way public money is spent
If you do not want certain information recorded or shared with others, please talk to the person in charge of your care. There are however some aspects of your care that I are obliged to record.
Is any information transferred outside the European Economic Area?
I do not transfer any information to countries outside the UK.
How I protect your information
I understand the personal and sensitive nature of your information. In addition to the Data Protection Act 1998 everyone working for the NHS is subject to the Common Law Duty of Confidence. Staff are required to protect your information under the NHS Confidentiality Code of Conduct and must inform you how your information will be used and allow you to decide if and how your information can be shared.
I may use external companies to process personal information such as for archiving or destruction of personal data. These organisations will be bound by contractual agreement to ensure information is kept confidential and secure in compliance with the Data Protection Act.
Who else might see your information?
You may be receiving care from other people such as other private sector providers so I may be required to share your information with them for example with:
Other healthcare professionals e.g. doctors, nurses, ambulance services
Partner organisation who contribute to your long term care e.g. GP’s, social services, other private sector providers
Other services e.g. complaints, auditing – (Anonymised/pseudonymised or your consent will be sought)
I may also need to share your information for other purposes for example with (please note this list is not exhaustive):
Carers/guardians with parental responsibilities
Carers/guardians without parental responsibility (subject to explicit consent, unless data is anonymous)
Disclosure to NHS managers and the Department of Health for the purposes of planning, commissioning, managing and auditing healthcare services.
Disclosure to bodies with statutory investigative powers – e.g. the Care Quality Commission, the GMC, the Audit Commission. The Health Service Ombudsman
Disclosure where necessary and appropriate, to non-statutory investigations, e.g. Members of Parliament
Disclosure where necessary and appropriate, to government departments other than the Department of Health
Disclosure to solicitors, to the police, to the courts (including a Coroner’s court) and to tribunals and enquiries.
Disclosure to the media (the minimum necessary disclosure subject to explicit consent)
I may therefore need to share your information with these individuals to ensure the best possible care is provided. I will only ever pass information about you if they have a genuine need for it, on a need to know basis. If there is a court order, there is a statutory order to share patient data or I have your consent. I will not disclose your information to a third party unless there are exceptional circumstances, such as when the health and safety of others is at risk or if the law requires us to pass on such information.
Information sharing in the NHS
Information sharing can help to improve the quality of care and treatment, but it must be governed by the legal and ethical framework that protects the interests of service users.
The NHS co-ordinates the sharing of information through the use of agreements to ensure data is handled in accordance with the framework.
Patient control of information
You may want to prevent confidential information about you from being shared or used for any purpose other than providing your care. You have the right to opt-out of the NHS or other organisations using your information. If you wish to do this please contact me via the contact details below:
The Yorkshire Clinic
Telephone number 01274 550600
I do however need to remind you that I may not be able to provide you with a service or be able to undertake the appropriate care needed unless I have enough information, or your permission to use that information.
Correcting inaccurate information
I have a duty to ensure your information is accurate and up to date to make certain I have the correct contact and treatment details about you. If your information is not accurate and up-to-date, you can ask us to correct the record. If I agree that the information is inaccurate or incomplete, it will be corrected. If I do not agree that the information is inaccurate, I will ensure that a note is made in the record of the point you have drawn to the organisation’s attention. If you wish to have any inaccurate information corrected please write to:
The Yorkshire Clinic
Telephone number 01274 550600
Accessing your information held by Mr David L Shaw
You have the right to see or be given a copy of personal data held about you. To gain access to your information you will need to make a Subject Access Request (SAR) to the hospital. Requests should be addressed to the hospital and I will aim to respond to your request within one month from receipt of your request.
Freedom of Information Requests (FOI)
The Freedom of Information Act (2000) gives every individual the right to request information held by the hospital. Your request for information must be made in writing and you are entitled to a response within 20 working days.
Although I work hard to offer high standards of service and care, things can sometimes go wrong. Should this happen, I will do all that I can to sort things right for you and to make sure that the same thing does not happen again. If you would like to know more information on complaints or wish to make a complaint please write to me at:
The Yorkshire Clinic
Should you have any concerns about how your information is to be used having read this Privacy Notice. Patients can object to information about them leaving the Hospital in identifiable form for purposes other than direct care, then confidential information about them will not be shared. This is known as a type 1 objection.
Patients can object to information about them leaving the Hospital in identifiable form, then information about them will not be sent to anyone by the Orthopaedics and Spine Specialist Hospital. This is known as a type 2 objection.
Further details on opt out and your personal information can be found here:
There may be circumstances where I are legally obliged to share your personal data with other third parties, for reasons such as safeguarding purposes or a court order. In such cases you will not be able to opt out of data sharing.
If you are not happy with our response and have exhausted all avenues in the Orthopaedics and Spine Specialist Hospitals process and wish to take your complaint to an independent body, you can do this by contacting the Information Commissioners Office. Contact details can be found below:
The Information Commissioner
Telephone number 0845 306 060 or 01625 545 745 – website: www.ico.org.uk