Privacy Notice

 

Capulet Care Ltd collects, stores and uses large amounts of personal and sensitive personal data every day. Such as medical records, personal records and computerised information. This data is used by us in the course of our work.

We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

The senior management team are accountable for the management of all information assets and any associated risks and incidents, and our Chief Executive Officer Juliet Briggs is responsible for the management of patient information and patient confidentiality.

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.

What is a Privacy Notice?

A Privacy Notice is a statement by Capulet Care to patients, service users, visitors, carers, the public and staff. This describes how we collect, use, retain and disclose personal information which we hold. It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy. This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.

Legal basis for the processing of your data

The Data Protection Act 1998 has been replaced by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. GDPR 2018 requires the Organisation to process:

Personal data

under 6(1)(f) “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

Article 6(1)(a)” The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Sensitive personal data

(Health Records) under 9(2)(h) – “Necessary for the reasons of preventative or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”

What are we governed by?

  • The key pieces of legislation/guidance we are governed by are:
  • Data Protection Act 1998
  • Human Rights Act 1998 (Article 8) Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • Health and Social Care Act 2012, 2015
  • Public Records Act 1958
  • The Environmental Information Regulations 2004
  • Computer Misuse Act 1990
  • The Common Law Duty of Confidentiality
  • The Care Record Guarantee for England
  • The Social Care Record Guarantee for England
  • International Organisation for Standardisation (ISO) – Information Security Management Standards (ISMS)
  • Records Management – Code of Practice for Health and Social Care 2016
  • Accessible Information Standards (AIS)
  • General Data Protection Regulations (GDPR) – post 25th May 2018

Why do we collect information about you?

All our staff involved in providing you with our services will keep records about you and any advice you receive from us. These records help to ensure that you receive the best possible advice and care. Those records may be paper or electronic and they may include:

  • Basic details about you such as name, address, email address, NHS number, date of birth, next of kin, etc.
  • Details of contact we have had with you.
  • Notes and reports about your health and any relevant assessments by a health professional
  • Details of diagnosis and treatment given
  • Information about any allergies or health conditions.
  • Results of x-rays, scans and laboratory tests.
  • Relevant information from people who care for you and know you well such as health care professionals and relatives.

It may also include personal sensitive information such as sexuality, race, your religion, or beliefs and whether you have a disability, allergies or health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.

Information is collected in a number of ways, via your healthcare professional, referral details from your GP or directly given by you.

It is essential that your details are accurate and up to date. You can always check that your personal details are correct when you speak to us.   Please inform us of any changes to your contact details as soon as possible. This minimises the risk of you not receiving important correspondence or other communications from us.

By providing us with your contact details, you are agreeing to us using those channels to communicate with you about your healthcare or care needs, i.e. by letter (postal address), by voice mail or voice message (telephone or mobile number), by text message (mobile number) or by email (email address).

How your personal information is used

In general, your records are used to direct, manage and deliver the advice and care that you receive or may need, and this is to ensure that:

  • Care Providers and other health or social care professionals involved in your care have accurate and up to date information about you.
  • Care providers and Health or social care professionals have the information they need to be able to assess and improve the quality and type of care you receive.
  • Your concerns can be properly investigated if a complaint is raised.
  • For audit purposes.
  • To review care provided to ensure it is of the highest standard possible.
  • To ensure our services can meet future needs.
  • To work effectively with other organisations who may be involved in your care.
  • To help inform decisions that we make about your care.
  • To ensure that your treatment is safe and effective.

There is huge potential to use your information to deliver care and improve health and care services across Capulet Care and social care. The information can be used to help:

  • Improve individual care.
  • Understand more about disease risks and causes.
  • Improve diagnosis.
  • Develop new treatments and prevent disease.
  • Plan services.
  • Improve patient safety.

It helps you because;

  • Accurate and up-to-date information assists us in providing you with the best possible care.
  • If you see another healthcare professional, specialist or the NHS, they can readily access the information they need to provide you with the best possible care.
  • Where possible, when using information to inform future services and provision, non-identifiable information will be used.

Occasionally Capulet Care holds names and addresses (including email addresses) of non-customers who it is thought may be interested in our products and services.

In these circumstances, where we have your consent, we’ll let you know by email or post of the products or services we believe may be of interest. If we don’t already have your consent, we’ll tell you about our products and services by post in accordance with our legitimate interests to promote our business. You have the right to opt out of this at any time, by emailing kimberly@capuletcare.co.uk or by contacting Kimberly Rogers Executive Assistant on 01902 843 004

The Records Management Code of Practice

This Records Management Code of Practice for Health and Social Care 2016 is a guide for the NHS to use in relation to the practice of managing records. It is relevant to organisations who work within, or under contract to NHS organisations in England and this includes Capulet Care.

The Code is based on current legal requirements and professional best practice. It will help organisations to implement the recommendations of the Staffordshire NHS Foundation Trust Public Inquiry1 relating to records management and transparency.

https://www.gov.uk/government/publications/records-management-code-of-practice-for-health-and-social-care

How long health records are retained

All patient records are destroyed in accordance with the Records Management Code of Practice for Health and Social Care 2016, which sets out the appropriate length of time each type of records is retained.

Capulet Care does not keep patient records for longer than necessary and all records are destroyed confidentially once their retention period has been met, and the Organisation has made the decision that the records are no longer required.

How information is retained and kept safe?

Information is retained in secure electronic and paper records and access is restricted to only those who need to know.

It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

The Data Protection Act 1998 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. Capulet Care is registered with the Information Commissioners Office (ICO).

Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.

When do we share information about you?

We share information about you with others directly involved in your care or advice that we give to you about your care; and share more limited information for indirect care purposes, both of which are described below:

Everyone working within Capulet Care and the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us also has a legal duty to keep it confidential.

Direct Care Purposes

  • NHS Trusts and hospitals that are involved in your care.
  • NHS Digital and other NHS bodies.
  • General Practitioners (GPs).
  • Ambulance Services.
  • Private Sector Providers
  • Voluntary Sector Providers

You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them, so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:

  • Social Care Services.
  • Local Authorities.
  • Voluntary and private sector providers working with the NHS.

We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information.

Indirect Care Purposes:

We also use information we hold about you to:

  • Review the care and advice that we provide to ensure it is of the highest standard and quality
  • Ensure our services can meet your needs in the future
  • Investigate your queries, complaints and legal claims

Nationally there are strict controls on how your information is used for these purposes. This controls whether your information has to be de-identified first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and NHS Digital’s websites:

When other people need information about you

Capulet Care staff and everyone working in Health and Social Care has a legal duty to keep information about you confidential and anyone who receives information from us is also under a legal duty to keep it confidential.

From time to time we may need to share information with other professionals and services concerned in your care. This may be for instance, when your healthcare professional needs to discuss your case with other professionals (who do not work for the Organisation) in order to plan your care. We do this in order to provide the most appropriate advice, treatment and support for you and your carers, or when the welfare of other people is involved. We will only share information in this way if we have your permission and it is considered necessary.

There may be other circumstances when we must share information with other agencies. In these rare circumstances we are not required to seek your consent.

Examples of this are:

  • If there is a concern that you are putting yourself at risk of serious harm
  • If there is a concern that you are putting another person at risk of serious harm
  • If there is a concern that you are putting a child at risk of harm
  • If we have been instructed to do so by a court
  • If the information is essential for the investigation of a serious crime
  • If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
  • If your information falls within a category that needs to be notified for public health or other legal reasons, e.g. Certain infectious diseases

Data subject’s rights

Under the Data Protection Act – 6th Principle:

  • a right of access to a copy of their personal data;
  • a right to object to processing that is likely to cause or is causing damage or distress;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to claim compensation for damages caused by a breach of the Act

Under the General Data Protection Regulation (GDPR)

  • a right to confirmation that their personal data is being processed and access to a copy of that data which in most cases will be Free of Charge and will be available within 1 month (which can be extended to two months in some circumstances)
  • Who that data has or will be disclosed to;
  • The period of time the data will be stored for
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed;
  • Data Portability – data provided electronically in a commonly used format
  • The right to be forgotten and erasure of data does not apply to an individual’s health record or for public health purposes
  • The right to lodge a complaint with a supervising authority (see Raising a concern section)

Your right to object

You have the right to restrict how and with whom we share information in your records that identifies you. If you object to us sharing your information we will record this explicitly within your records so that all healthcare professionals and staff involved with your care are aware of your decision. If you choose not to allow us to share your information with other health or social care professionals involved with your care, it may make the provision of treatment or care more difficult or unavailable.

Please discuss any concerns with the member of staff advising you so that you are aware of any potential impact. You can also change your mind at any time about a disclosure decision.

Refusing or withdrawing consent

The possible consequences of refusing consent will be fully explained to you at the time and could include delays in receiving our advice or care.

In those instances where the legal basis for sharing of confidential personal information relies on your explicit or implied consent, then you have the right at any time to refuse your consent to the information sharing, or to withdraw any consent previously given.

In instances where the legal basis for sharing information without consent relies on Confidentiality Advisory Group (CAG) authorisation under Section 251 of the NHS Act 2006, then you have the right to register your objection to the disclosure, and Capulet Care are obliged to respect your objection.

In instances where the legal basis for sharing information relies on a statutory duty/power, then the patient cannot refuse or withdraw consent for the disclosure.

How you can access your records

Data Protection Legislation (GDPR 2018, DPA 2018) gives you a right to access the information we hold about you on our records. Requests must be made in writing to the compliance officer Richard Hodgkisson, Capulet Care, Perton Manor, Wrottesley Park Road, Perton, South Staffordshire, WV8 2HE.  We will provide your information to you within one month (this can be extended dependent on the complexity of the request) from receipt of your application:

  • A completed application form, containing adequate supporting information (such as your full name, address, date of birth, NHS number, etc.) to enable us to verify your identity and locate your records.
  • Information will be provided free of charge except where requests are unfounded or excessive, repeat requests then we may either charge a reasonable fee or refuse to act on the request.

Contact us if you have a concern

People who have a concern about any aspect of their contact with Capulet Care, or about the way their records have been managed, should contact the Data Protection Officer: Richard Hodgkisson by e-mail: richard@capuletcare.co.uk, telephone: Tel:01902843004 or postal address: Capulet Care, Perton Manor, Wrottesley Park Road, Perton, South Staffordshire, WV8 2HE.

If you have any concerns about how we handle your information you have a right to complain to the ICO (Information Commissioners Office) about it.

The GDPR 2018 requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, SK9 5AF

Telephone: 08456 306060
Website: www.ico.org.uk