Fair processing notice

Under the new General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 the Trust is required to inform its patients and staff of their rights. The Data Protection Bill which will become the Data Protection Act 2018 has been written to support the protection of your personal data in preparation of the […]

Under the new General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 the Trust is required to inform its patients and staff of their rights. The Data Protection Bill which will become the Data Protection Act 2018 has been written to support the protection of your personal data in preparation of the UK leaving the European Union. Your rights will not be affected by these changes.

Why was the change needed?

The European Union (EU) General Data Protection Regulation (GDPR) has been years in the making. Over the last 25 years, technology has changed our lives in ways nobody could have imagined so a review of the rules was needed. In 2016, the EU adopted the GDPR, one of its greatest achievements in recent years. It replaces the1995 Data Protection Directive which was adopted at a time when the internet was in its early stages.

Therefore data protection was out of date and needed modernisation to:

  • Reinforce your rights in the digital age.
  • Give back control to you over how your information is to be used and by whom.
  • Improve the free flow of information in the digital market.
  • Simplify the regulatory environment for business.

What is a fair processing notice?

A fair processing notice provides accessible information to you about how the trust will use your personal data.

What are your rights?

You now have the rights to request the following:

  • Right to rectification – this requires the trust to rectify any information that has been found as inaccurate without delay.
  • Right to erasure – this requires the trust to erase any information.
    • That no longer is required to be kept by the trust
    • Where there is no legal grounds to keep the data
    • Your data has been unlawfully obtained.
    • That you object to the trust keeping the information. In this case if you object please report this to the data protection officer for investigation, the contact details can be found at the bottom of this notice.
  • Right to restriction of processing – you have a right to stop processing if one of the following is relevant:
    • the accuracy of the data is in question
    • you restrict the use of your personal data. If this is the case the trust will advise you that if this impacts on your healthcare we may refuse. This will be explained to you if this is the case.
  • Right to data portability – you have a right to request that any data held by the trust can be transferred to another organisation in a machine-readable format for onward transfer to the recipients system.
  • Right to object – you have the right to object to unless the trust can show it is in the vital interests of you. This may include:
    • Direct Marketing – the trust can confirm that it does not use any patient data for direct marketing purposes
    • Research/Scientific or historical purposes – the trust can confirm that it does collect and use information for these purposes. This will always be with your consent.
  • Automated individual decision-making, including profiling – you have the right to object to any automated decision making or profiling and request the trust ceases this activity. Profiling is described as taking information to evaluate things about you.

Who is the controller and what are our responsibilities?

The controller is:

United Lincolnshire Hospitals NHS Trust

Lincoln County Hospital

Greetwell Road

Lincoln

Lincolnshire

LN2 5QY

The trust shall;

  • have in place technical and organisational safeguards to protect your data and to demonstrate that processing of your information is in accordance with the regulation.
  • Put in place a data protection officer as the central point of contact on all matters relating to data protection.
  • Adhere to codes of practice as contained in article 40.

Who is the Data Protection Officer for the Trust?

The Data Protection Officer can be contacted via the below means:

Post: Data Protection Officer

Information Governance Department

Robey House

Lincoln County Hospital

Greetwell Road

Lincoln

Lincolnshire

LN2 5QY

Email: ulh.dpo@nhs.net

What information do we need to collect and why?

Personal information

Personal information is any information which can be used to identify you as an individual. It does not include information on organisations.

When we use your personal information we will do so in accordance with the General Data Protection Regulation 2016 and Data Protection Act 2018 collectively known as the Data Protection Legislation.

We need to handle personal information about you so that we can provide services or work with you. This is how we look after your information:

When we ask you for personal information, we promise:

  • to make sure you know why we need it;
  • to only ask for what we need, and not to collect too much or irrelevant information;
  • to protect it and make sure no unauthorised person has access to it;
  • to let you know if we share it with other organisations to give you better public services – and if you can say no;
  • to make sure we don’t keep it longer than necessary;

In return, we ask you to:

  • give us accurate information;
  • tell us as soon as possible if there are any changes, such as a new address. This helps us to keep your information reliable and up to date.

What categories of data do we collect? 

The GDPR separates personal data into two categories as like the previous data protection act did. Under article 4 it defines personal data as any information relating to an individual who can be identified directly or indirectly from the data. This will include the use of a personal identifier such as your NHS of staff number.

The more sensitive personal data is now defined as special category data and includes the following;

  • Physical health
  • Physiological
  • Genetic
  • Mental
  • Economic
  • Social identity

Consent must be obtained in all circumstances the only difference is as the trust will be using health data or as defined in GDPR as special category data we are required to obtain explicit consent.

Consent explained

Under the new regulation the Trust must ensure that consent has been freely given, specific, informed and an unambiguous indication of your wishes. In other words a positive opt in. Consent must not be inferred by silence, pre-ticked boxes or inactivity. However as the Trust may not have seen you to obtain consent this may have been obtained from your GP or another healthcare provider and in this case we would check with each health professional that consent has been obtained before we access your data.

There may be occasions when we will use you information without your consent. These will include:

  • Where the trust has a legal duty to share your information.
  • The trust in unable to obtain consent and it is yours or another person best interests to do so.
  • The courts or coroner requests such data.

We would only share what is relevant to the request and no more.

Rights to complain to the supervisory authority?

If you believe the Trust has breached your rights or we have not investigated your concerns fully then you have rights to complain to the supervisory authority/Information Commissioners’ Office. They can be contacted at https://ico.org.uk/global/contact-us/

Call the helpline on 0303 123 1113 – (local rate – calls to this number cost the same as calls to 01 or 02 numbers).

Live chat – https://ico.org.uk/global/contact-us/live-chat/

Via their webform – https://ico.org.uk/global/contact-us/email/ or alternatively emailing directly to casework@ico.org.uk

Or in writing to:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Who does the Trust share information with?

We share your personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities, other NHS trusts, general practitioners (GPs), ambulance services and primary care agencies. This will always be done with your consent.

United Lincolnshire Hospitals NHS Trust is part of a group of NHS hospitals in the East Midlands that have a shared NHS radiology system, which is used by our healthcare professionals to access your radiology records.  If necessary, your radiology records may also be accessed by healthcare professionals in other NHS hospitals in the East Midlands or NHS Service Providers, to ensure you receive consistent, safe and effective clinical care and treatment, irrespective of where you receive your care. If you have any concerns about providing information or how we use it, please discuss this with radiology staff so that you fully understand the potential impact on your care or treatment.

Lincolnshire Care Portal

In Lincolnshire NHS and social care services are working more closely together to better co-ordinate the delivery of care to people supported by local commissioners.

The Lincolnshire Care Portal is a programme which allows people to give health and care workers their consent to access their medical and care records during their treatment.

The people caring for you need to access information about your health and care record to make the best decisions about your diagnosis and treatment. By way of example this could include GPs, hospital-based clinicians, nurses, health visitors and social care workers.

To enable this to happen more quickly and to improve the care you receive, a new process has been put in place. This will allow your information to be viewed by different health and care organisations, using existing computer systems.

This new process does not share your record with third party organisations, but provides health and care workers, with your consent, access to view your information.

Information will only be accessed by health and care workers that have a legitimate relationship with you and they will only access the data required to support your care.

More information on the Lincolnshire Care Portal can be found here, https://lincolnshirehealthandcare.org/care-portal/

Information sharing with non-NHS organisations

We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services. However, we will not disclose any health information to third parties without your explicit consent unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.

We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. This would normally be to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Legislation.

These non-NHS organisations may include, but are not restricted to:

  • Social Services
  • education services
  • local authorities
  • the police
  • voluntary sector providers
  • private sector providers

This Trust is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

Research & Innovation 

United Lincolnshire Hospitals NHS Trust’s Research and Innovation team is committed to to promoting and supporting clinical trials. Its mission is to establish Lincolnshire as a centre of excellence for clinical trials. Please click on the following link to know more. 

https://www.ulh.nhs.uk/about/training-and-research/clinical-research-facility/

If you want to opt out of your data being used for any secondary use which includes research or audit please click on the following link https://digital.nhs.uk/services/national-data-opt-out-programme

Clinical Audit

Clinical audit is the process formally introduced in 1993 into the United Kingdom’s National Health Service (NHS), and is defined as “a quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change”.

The focus of the Clinical Audit Group is to approve a programme of National (HQIP, NCEPOD) and Local Clinical audits (which will be maintained as a live audit plan and may be subject to additions during the course of the year), ensuring that all audits are relevant to the trust.

Contact

If you wish to discuss any concerns with the trust Data Protection Officer you can contact them via email or post.

Email: Email: ulh.dpo@nhs.net

Post: Data Protection Officer

Information Governance Department

Robey House

United Lincolnshire Hospitals NHS Trust

Lincoln County Hospital

Greetwell Road

Lincoln

LN2 5QY