Medway Community Healthcare (MCH) provides a wide range of high quality community health services for Medway residents; from health visitors and district nurses to speech and language therapists and out of hours urgent care.
Medway Community Healthcare aims to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you. We keep records securely on paper and computer systems in line with the General Data Protection Regulation. Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for marketing purposes, and is not sold on to any other third parties.
Sometimes your care may be provided by members of a care team, which might include people from other organisations such as social services, education or a third party working on our behalf. We will tell you if this is the case. When it could be best for your care for your information to be shared with organisations, we will agree this with you beforehand. If you don’t agree, we will discuss with you the possible effect this may have on your care and alternatives available to you.
If we need to use your personal information for any reason beyond your direct care, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below.
There may be times when we have to share your information without your permission because:
We have a legal duty to keep records about you confidential, accurate and secure at all times
Confidentiality affects everyone: Medway Community Healthcare C.I.C. collects, stores and uses large amounts of personal data every day, such as medical or personal records which may be paper-based or held on a computer.
We take our duty to protect your personal information and confidentiality very seriously and are committed to taking appropriate measures to ensure it is held securely and only accessed by those with a need to know.
At executive level, we have appointed :
A Senior Information Risk Owner (SIRO) who is accountable for the management of all our information systems and the data they hold. The SIRO also makes sure that any associated risks or incidents are documented and investigated appropriately.
A Caldicott Guardian who has particular responsibility for providing advice on protecting patient confidentiality and sharing patients’ information securely when appropriate.
A Data Protection Officer (DPO) who is responsible for monitoring our compliance with the GDPR and other data protection laws.
Everyone working within the Medway Community Healthcare has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has alegal duty to keep it confidential.
The Care Record Guarantee is our commitment that we will use records aboutyou in ways that respect your rights and promote your health and wellbeing. Copies of the full document can be obtained from:
The healthcare professionals caring for you keep records about your health and any treatment and care you receive from us. These records help to ensure that you receive the best possible care and may be written on paper or held on a computer. They may include:
It is essential that we have accurate and up to date information about you so that we can give you the best possible care. Please check that your personal details are correct whenever you visit us and inform us of any changes, for example, to your contact details or GP practice as soon as possible. This minimises the risk of you not receiving important correspondence.
Medway Community Healthcare process your data where it is:
It is also necessary for:
In general terms, your records are used to direct, manage and deliver your care so that:
We share information about you with others directly involved in your care; and also share more limited information for indirect care purposes, both of which are described below:
Direct care purposes:
Your information will be shared with other health and social care professionals directly involved in your care so that you may receive the best quality care.
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it or we have your permission. Examples of who we may share your information, subject to strict agreement about how it will be used, are:
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as when either your or somebody else’s health and safety is at risk; or the law requires us to pass on information.
We also use information we hold about you to:
Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be anonymised first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and Health and Social Care Information Centre’s websites:
Telephone calls to or from Medway Community Healthcare may be recorded for the following purposes:
SMS text messaging
We use your telephone number(s) to send your appointment details via SMS text message.
Most of our patients appreciate these reminders and we know that it reduces the number of missed appointments, but if you do not wish to receive them please let us know.
The General Data Protection Regulation grants you rights to enable you to have a better understanding and more control over your personal information.
The right to information
The General Data Protection Regulation gives you a right to access the information wehold about you (unless an exemption applies). Requests must be made in writing to the Governance team at MCH House, with an indication of what information you are requesting to enable us to locateit in an efficient manner and be accompanied by evidence of your identity. In most cases this service is free of charge and we aim to respond within one calendar month.
There is more information about this and an application form that you may wish to use on our website: (link to the information about me page to be added)
The right to access
When requested, Medway Community Healthcare must provide you with a copy of your personal data, the purposes for processing your data, the categories of data being processed and who the data will be shared with.
The right to rectification
You can request data found to be factually inaccurate or incorrect be corrected.
The right to be forgotten
Whilst this right does not apply to health or care records, you can check that data we hold about you will not be kept for longer than necessary.
The right to restriction of some processing
You have the right to restrict the processing of your data if:
If you choose not to allow us to share your information with other health or social care professionals involved with your care, it may make the provision of treatment or care more difficult or unavailable. Please discuss any concerns with the clinician treating you so that you are aware of any potential impact. You can also change your mind at any time about a disclosure decision.
The right to notification
Medway Community Healthcare has a duty to notify any third parties we may have shared your information with, if you exercise any of your rights that may be relevant to them. We will also notify you if there is a breach of your personal data that could result in a risk to your rights and freedoms. You are also able to request details of anyone that has seen your personal data.
The right to object
You have the right to object to processing for direct marketing and for scientific/historical research/statistical purposes. You must be able to demonstrate grounds relating to your situation for the processing to stop, however if the processing is necessary performance of a task carried out for reasons of public interest, we will be unable to comply with your request.
The Department of Health requires that health care providers retain patient records for a specific period of time after the end of care. For adults this will normally be 8 years after the date we last treated you and for children until your 25th birthday.
Employee records are retained for 8 years after they have either retired or left the organisation.
All paper patient/employee records are held in a secure archive facility and are securely destroyed when the retention period expires.
The General Data Protection Regulation gives you a right to access the information wehold about you (unless an exemption applies). Requests must be made in writing to the Governance team at MCH House, with an indication of what information you are requesting to enable us to locateit in an efficient manner and be accompanied by evidence of your identity.In most cases this service is free of charge and once we have confirmed your identity. we will aim to respond within one calendar month unless it is extremely complex or there are factors outside of our control. If we need longer we will let you know that this is the case as soon as we become aware.
There is more information about this and an application form that you may wish to use on our website:https://www.medwaycommunityhealthcare.nhs.uk/contact-us/information-about-me/
The Data Controller responsible for keeping your information confidential is:
Martin Riley, Managing Director
Medway Community Healthcare C.I.C.
Gillingham Business Park
Kent ME8 0PZ
The Data Protection officer is responsible for ensuring we are compliant with the General Data Protection Regulation (GDPR) and is also the main contact should you have any concerns or queries, however in the first instance we would request you contact our Information Governance team on 01634 334640.
Medway Community Healthcare is registered with the Information Commissioner’s Office (ICO) for the purpose of processing personal information.
You have the right to make direct complaints to the ICO; however we would request that in the first instance you talk to us.
Information Commissioner’s Office
Telephone: 0303 123 1113
Below is the link to the data protection register containing the details of Medway Community Healthcare's registration
Data protection register >