Introduction

Medway Community Healthcare aims to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you. We keep records securely on paper and computer systems in line with the General Data Protection Regulation. Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for marketing purposes, and is not sold on to any other third parties.

Sometimes your care may be provided by members of a care team, which might include people from other organisations such as social services, education or a third party working on our behalf. We will tell you if this is the case. When it could be best for your care for your information to be shared with organisations, we will agree this with you beforehand. If you don’t agree, we will discuss with you the possible effect this may have on your care and alternatives available to you.

If we need to use your personal information for any reason beyond your direct care, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below.

There may be times when we have to share your information without your permission because:

  • the public good is thought to be of greater importance for example:
    • if a serious crime has been committed
    • if there are risks to the public or our staff
    • to protect vulnerable children or adults.
  • we have a legal duty, for example registering births, reporting some infectious diseases, wounding by firearms and court orders
  • we need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority)

We have a legal duty to keep records about you confidential, accurate and secure at all times

Security of information

Confidentiality affects everyone: Medway Community Healthcare C.I.C. collects, stores and uses large amounts of personal data every day, such as medical or personal records which may be paper-based or held on a computer.

We take our duty to protect your personal information and confidentiality very seriously and are committed to taking appropriate measures to ensure it is held securely and only accessed by those with a need to know.

At executive level, we have appointed :

A Senior Information Risk Owner (SIRO) who is accountable for the management of all our information systems and the data they hold. The SIRO also makes sure that any associated risks or incidents are documented and investigated appropriately. 

A Caldicott Guardian who has particular responsibility for providing advice on protecting patient confidentiality and sharing patients’ information securely when appropriate.

A Data Protection Officer (DPO) who is responsible for monitoring our compliance with the GDPR and other data protection laws.

The NHS care record guarentee

Everyone working within the Medway Community Healthcare has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has alegal duty to keep it confidential.

The Care Record Guarantee is our commitment that we will use records aboutyou in ways that respect your rights and promote your health and wellbeing. Copies of the full document can be obtained from:

systems.digital.nhs.uk/rasmartcards/patients

Why do we collect information about you?

The healthcare professionals caring for you keep records about your health and any treatment and care you receive from us. These records help to ensure that you receive the best possible care and may be written on paper or held on a computer. They may include:

  • Basic details about you such as name, address, date of birth, next of kin, GP practice etc.
  • Contact we have had with you such as appointments or clinic visits.
  • Notes and reports about your health, treatment and care.
  • Results of x-rays, scans and laboratory tests.
  • Relevant information from people who care for you and know you well such as health or social care professionals, relatives or carers.

It is essential that we have accurate and up to date information about you so that we can give you the best possible care. Please check that your personal details are correct whenever you visit us and inform us of any changes, for example, to your contact details or GP practice as soon as possible. This minimises the risk of you not receiving important correspondence.

Lawful basis for processing

Medway Community Healthcare process your data where it is:

  • necessary for the performance of a contract to which the Individual is party or in order to take steps at the request of the data subject prior to entering into a contract
  • necessary for compliance with a legal obligation to which the controller is subject
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

It is also necessary for:

  • the purposes of preventative or occupational medicine
  • for assessing the working capacity of the employee
  • medical diagnosis
  • management of health or social care treatment or management of health or social care systems and services, carried out by, or under the supervision of health professional or social work professional or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law.

How we use your personal information

In general terms, your records are used to direct, manage and deliver your care so that:

  • The healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you.
  • Healthcare professionals have the information they need to assess and improve the quality and type of care you receive.
  • Appropriate information is available if you see another doctor, or are referred to a specialist or another part of the NHS or social care.
  • Your concerns can be properly investigated if a complaint is raised. 

When do we share information about you?

We share information about you with others directly involved in your care; and also share more limited information for indirect care purposes, both of which are described below:

Direct care purposes:

Your information will be shared with other health and social care professionals directly involved in your care so that you may receive the best quality care.

You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it or we have your permission. Examples of who we may share your information, subject to strict agreement about how it will be used, are:

  • Your GP
  • Hospitals
  • other health professionals outside of Medway Community Healthcare
  • Social Care Services
  • Education Services
  • Local Authorities
  • Voluntary and private sector providers working with the NHS

We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as when either your or somebody else’s health and safety is at risk; or the law requires us to pass on information.

Indirect care purposes

We also use information we hold about you to:

  • Review the care we provide to ensure it is of the highest standard and quality
  • Ensure our services can meet patient needs in the future
  • Investigate patient queries, complaints and legal claims
  • Ensure we receive payment for the care you receive
  • Prepare statistics on NHS performance
  • Audit NHS accounts and services
  • Undertake health research and development (with your consent – you may choose whether or not to be involved)
  • Help train and educate healthcare professionals

Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be anonymised first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and Health and Social Care Information Centre’s websites:

www.england.nhs.uk/

www.hscic.gov.uk/

Other ways in which we use your information

Call recording

Telephone calls to or from Medway Community Healthcare may be recorded for the following purposes:

  • To prevent crime or misuse.
  • To make sure that staff act in compliance with our procedures.
  • To ensure quality control.
  • Training, monitoring and service improvement

SMS text messaging

We use your telephone number(s) to send your appointment details via SMS text message.

Most of our patients appreciate these reminders and we know that it reduces the number of missed appointments, but if you do not wish to receive them please let us know.

Your rights

The General Data Protection Regulation grants you rights to enable you to have a better understanding and more control over your personal information.

The right to information

The General Data Protection Regulation gives you a right to access the information wehold about you (unless an exemption applies). Requests must be made in writing to the Governance team at MCH House, with an indication of what information you are requesting to enable us to locateit in an efficient manner and be accompanied by evidence of your identity. In most cases this service is free of charge and we aim to respond within one calendar month.

There is more information about this and an application form that you may wish to use on our website: (link to the information about me page to be added)

The right to access

When requested, Medway Community Healthcare must provide you with a copy of your personal data, the purposes for processing your data, the categories of data being processed and who the data will be shared with.

The right to rectification

You can request data found to be factually inaccurate or incorrect be corrected.

The right to be forgotten

Whilst this right does not apply to health or care records, you can check that data we hold about you will not be kept for longer than necessary.

The right to restriction of some processing

You have the right to restrict the processing of your data if:

  • You are contesting the accuracy of the data – processing will be restricted to allow us to verify the accuracy
  • Where you request us to retain your information outside of the normal destruction date e.g. if you are pursuing a claim
  • If you object to us processing your data, however, as it is necessary for us to process your data to provide clinical or social care you can request that your data is not shared outside of Medway Community Healthcare for purposes beyond your direct care

If you choose not to allow us to share your information with other health or social care professionals involved with your care, it may make the provision of treatment or care more difficult or unavailable. Please discuss any concerns with the clinician treating you so that you are aware of any potential impact. You can also change your mind at any time about a disclosure decision.

The right to notification

Medway Community Healthcare has a duty to notify any third parties we may have shared your information with, if you exercise any of your rights that may be relevant to them. We will also notify you if there is a breach of your personal data that could result in a risk to your rights and freedoms. You are also able to request details of anyone that has seen your personal data.

The right to object

You have the right to object to processing for direct marketing and for scientific/historical research/statistical purposes. You must be able to demonstrate grounds relating to your situation for the processing to stop, however if the processing is necessary performance of a task carried out for reasons of public interest, we will be unable to comply with your request.

How long do we keep your information

The Department of Health requires that health care providers retain patient records for a specific period of time after the end of care. For adults this will normally be 8 years after the date we last treated you and for children until your 25th birthday.

Employee records are retained for 8 years after they have either retired or left the organisation.

All paper patient/employee records are held in a secure archive facility and are securely destroyed when the retention period expires.

How you can access your records

The General Data Protection Regulation gives you a right to access the information wehold about you (unless an exemption applies). Requests must be made in writing to the Governance team at MCH House, with an indication of what information you are requesting to enable us to locateit in an efficient manner and be accompanied by evidence of your identity.In most cases this service is free of charge and once we have confirmed your identity. we will aim to respond within one calendar month unless it is extremely complex or there are factors outside of our control. If we need longer we will let you know that this is the case as soon as we become aware.

There is more information about this and an application form that you may wish to use on our website:https://www.medwaycommunityhealthcare.nhs.uk/contact-us/information-about-me/

Data controller

The Data Controller responsible for keeping your information confidential is:

Martin Riley, Managing Director
Medway Community Healthcare C.I.C.
MCH House
Bailey Drive
Gillingham Business Park
Gillingham
Kent ME8 0PZ

Data protection officer

The Data Protection officer is responsible for ensuring we are compliant with the General Data Protection Regulation (GDPR) and is also the main contact should you have any concerns or queries, however in the first instance we would request you contact our Information Governance team on 01634 334640.

Natasha Glover-Jones

Email: Medch.dataprotection@nhs.net

Information commissioners office

Medway Community Healthcare is registered with the Information Commissioner’s Office (ICO) for the purpose of processing personal information.

You have the right to make direct complaints to the ICO; however we would request that in the first instance you talk to us.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk

Data protection register

Below is the link to the data protection register containing the details of Medway Community Healthcare's registration

Data protection register >