Privacy Statement

Mid Dorset Primary Healthcare Ltd

Privacy statement – Data Protection Act 1998

In the National Health Service (NHS), we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Under the Act the Mid Dorset Primary Healthcare Ltd Federation is defined as a ‘data controller’ of personal information. We collect information to help us provide and manage healthcare to our patients. The federation is registered with the Information Commissioners Office.

What kind of personal information does the federation collect?

·         Name, address, date of birth, NHS number and next of kin

·         Details of diagnosis, treatment and hospital visits

·         Allergies and health conditions

Why we collect information about you

The people who care for you use your information and records to:

·         provide a good basis for all health decisions made by you and your care professionals

·         allow you to work with those providing care

·         make sure your care is safe and effective

·         work effectively with those providing you with care

Others in the NHS may also need to use records about you to:

·         check the quality of care (called clinical audit)

·         collect data regarding public health matters

·         ensure NHS funding is being allocated appropriately

·         help investigate any concerns or complaints you may have about your health care

·         teach healthcare workers and help with research

Information sharing with non-NHS organisations

For your benefit we may need to share information from your health records with non-NHS organisations from whom you are also receiving direct care, such as social services or private healthcare organisations. We may also need to share your information, such as blood test results, for direct care processing purposes by a non-NHS organisation under an agreement with the federation. We will always seek your permission to share your information with organisations for purposes other than your direct care. However, in exceptional situations we may need to share information without your permission if:

·         it is in the public interest – for example, there is a risk of death or serious harm

·         there is a legal need to share it – for example, to protect a child under the Children Act 1989

·         a court order tells us that we must share it

·         there is a legitimate enquiry from the police under the Data Protection Act (1998) for information related to a serious crime.

Your right to withdraw consent for your information to be shared

You have the right to withdraw and refuse consent to information sharing at any time, but note that not sharing your information may affect the quality and safety of the care you receive. For further information please contact the Information Governance Lead or Caldicott Guardian using the details below.

Caldicott Guardian

Dr Chris Burham

chris.burnham@dorsetgp.nhs.uk

Information Governance Lead

Lisa Fall

lisa.fall@dorsetgp.nhs.uk

How do I access information recorded about me?

Under the Data Protection Act individuals have a right to access information that is held about them by an organisation.

8. Principles of Data Protection

All data will be held and used in a way that complies with the Principles of Data Protection as outlined in the 1998 Act:

·         Principle 1 – Personal data will be fair and lawfully processed

·         Principle 2 – Personal data will be obtained only for lawful purposes

·         Principle 3 – Personal data will be adequate, relevant and not excessive

·         Principle 4 – Personal data will be accurate and where necessary, kept up to date

·         Principle 5 – Personal data processed for any purpose will not be kept for longer that is necessary for the purpose

·         Principle 6 – Personal data will be processed in accordance with the rights of data subjects 

·         Principle 7 – Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction

·         Principle 8 – Personal data will not be transferred outside of the EEA unless adequate data protection is in place