Fair Processing Notice
What is a Fair Processing Notice?
A Fair Processing Notice is also known a Privacy Notice or statement. It is a statement by the SIAS partners to patients, service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose personal information which we hold. The purpose of this fair processing notice is to set out how we process personal information/data fairly and lawfully.
Your information – how we use it
We use your information as follows, though this is not an exhaustive list:
- To ensure that your treatment is safe and effective
- To help us make decisions about your care
- We may use and record information which you make public via social media to help us ensure your care plan is appropriate. We will not access any information which has not been made public
- To facilitate effective communication with other organisations who may be involved in your care
- To help improve upon the quality and standards of care we provide
- To ensure we can meet future needs
- For research and audit purposes
- In order to train healthcare professionals and improve quality
- To provide statistics on our overall NHS performance
- To effectively monitor how we utilise public funds
- To help identify any risk areas in the Trust
- To help plan services across the organisation
- To help evaluate local and national NHS and Social Care policies
- To monitor safety
Why do we collect information about you?
Your records are used to help us give you the best possible care. Records are kept in paper format and electronically. They are used to help staff care for you, by ensuring the following:
- they have the right information on your health to help judge what care you need
- they can make proper arrangements for your care, for instance to get you further appointments or visits
- new or different doctors, or other health staff involved in your care, have an up to date picture. This might include your GP, or a specialist in another part of the NHS
- we can look into what has happened if you are worried about your treatment, or wish to How do we keep your records confidential?
By law, everyone working in the SIAS partnership, must keep service users’ personal information confidential in accordance with the common law duty of confidence and the NHS/SIAS Confidentiality Code of Conduct. Though, recent changes in Data Protection law through the introduction of the new EU directive; General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 impose greater obligations on organisations who use and collect personal information.
Your records can only be seen or changed in any way by authorised staff and staff should not pass on information about you against your wishes or without your consent. However, in a health and social care setting, obtaining your consent may not always be possible.
SIAS also has a responsibility to manage your records appropriately in accordance with the Records Management Code of Practice for Health and Social Care 2016 which sets out the steps that organisations must, should and may take to ensure that confidential information is handled appropriately.
What is the lawful basis for us processing your information?
As relying on consent may not always be possible, an alternative lawful basis in Data Protection exists to allow SIAS to process your information for the performance of a task carried out in the public interest or in the exercise of our official authority.
This means that it must be necessary for the data controller (us) to process your personal data for those purposes (it is reasonable, proportionate and we cannot achieve our objective by some other reasonable means and the data controller (us) can point to a clear and foreseeable legal basis for that purpose is under UK law (whether in statute or common law).
Other alternative conditions may be applicable where the above is not available. For example, in the event of a life or death situation such as preventing harm being caused by a patient or service user, or if the processing relates to personal information that has been made public by the data subject.
Sharing your information
We will not publish any information that identifies you or routinely disclose any information about you without your express permission. We have a duty to protect all information SIAS holds.
Sharing for Research and Planning
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way to support research and planning. If you are happy with this use of information you do not need to do anything.If you do choose to opt-out of allowing the sharing of your information for research and planning purposes your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit this link.
On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research);
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can apply your national data opt-out choice.
If you have concerns about how your information is handled, or feel you will be put at risk by the disclosure of any information, please contact the Head of Information Governance/Data Protection Officer for more information.
Right to Access information we hold
Every patient has the right to request access to or copies of, information we hold about them. This is known as a Subject Access Request. The information held may be stored in various formats such as paper records, electronic records including digital imaging, video, photographs, or by any new or existing medium. Usually everyone can see the information that is kept in their own recordsIf you would like to know what is in your records, you have a right to see them under the Data Protection Act.
If you would like to access your records, you may do so by submitting a Subject Access Request (‘SAR’). Please address your subject access request to:
Information Requests, BSMHFT,
Unit 1, B1 50 Summer Hill Road,
Or via email to email@example.com
(Please note we cannot guarantee the security of information whilst in transit).
Please note, the Data Protection Act applies only to living persons. However, there are limited rights of access to personal data of deceased persons in accordance with the Access to Health Records Act 1990.
In accordance with Data Protection, you have the right to receive a copy of the information you request free of charge. However, we reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We may also charge a reasonable fee to comply with requests for further copies of the same information. However, we will not charge for all subsequent subject access requests. You have a right to get a photocopy of your records.
In some unusual cases, you may be shown only part of your records, or we may even have to refuse your request. This should only happen if we believe that seeing parts of your records could cause you serious harm, cause harm to another person, or if your records would give personal information about someone else.
Where requests are deemed manifestly unfounded or excessive, we also reserve the right to refuse to respond. If SIAS refuses to respond to a request, we will explain why and will inform you of your right to complain to the supervisory authority and at the latest within a period of one month.
If you think that anything in your record is not incorrect, you have the right to have your personal data rectified. Please make a request to the Head of Information Governance/Data Protection Officer explaining what you believe to be inaccurate or incomplete. This request can be made verbally or in writing and we will respond to your request within one calendar month. In certain circumstances, we can refuse a request for rectification. These circumstances are if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. If we do refuse your request, we will provide justification around our decision and inform you within one month of receipt of the request.The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
For more information on individual rights, please consult the Information Commissioner’s Office guidance.
To learn more about how we use your information, please contact the SIAS lead at the Trust’s Head of Information Governance/Data Protection Officer.
Head of Information Governance/Data Protection Officer
Information Governance Team Birmingham and Solihull Mental Health NHS Foundation Trust
Unit 1, B1, 50 Summer Hill Road,
Please note, the Trust’s ICO’s number is: Z7693877
For further guidance or information, please contact the Information Commissioner’s Office via their website or address:
Information Commissioner’s Office
LAST UPDATED MAY 2018