Privacy Policy

Introduction

Fairfield Independent Hospital Ltd (FIH) is the legal entity that operates Fairfield Independent Hospital.   FIH (“the Hospital”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 2018, the data controller is Fairfield Independent Hospital with the registered address at: Fairfield Independent Hospital, Crank Road, St Helens, WA11 7RS, with registration number Z5699811; a registered charity (no. 502791) and registered company (no.1141676 – England and Wales).

This Privacy Policy governs the manner in which FIH collects, uses, maintains and discloses information collected.

FIH recognises the importance of protecting personal and confidential information in all that we do, and takes care to meet its legal duties.

COVID-19 Data Protection Statement

During these unprecedented times. FIH’s main priority is the health and safety of our patients, colleagues and the wider community as well as supporting the NHS in responding to the COVID-19 pandemic.

As a result of these unique circumstances, FIH may need to share personal data with the NHS and other regulatory and governing bodies. The Hospital is working in collaboration with local NHS trusts to ensure we can provide the right help, exactly where and when it is needed and this may involve personal data being shared with us by the local Trust. This will be done in accordance with data protection legislation and any amendments to applicable legislation made by the Secretary of State. We will also consider any guidance provided by the Information Commissioner’s Office.

When the NHS and its healthcare professionals provider your healthcare services at FIH, the privacy notice of the relevant NHS Trust may also apply.

The basis on which FIH will process your data is set out in the section below.

What information do we collect about you?

We only collect and use your information for the lawful purposes of administering the business of FIH. These purposes include:

• • Health administration and services
  • Accounting and auditing
  • Accounts and records
  • Education
  • Information administration
  • Clinical audit
  • Property management and services
  • Staff administration
  • Crime prevention and prosecution of offenders, and
  • Advertising, marketing and public relations

What types of personal data do we handle?

We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our services, and manage our properties and to support and manage our employees.

We also use information to support and monitor the health services both as a hospital and across the health and social care economy within the UK to enable the delivery of high quality healthcare.

The types of personal information we use include:

• • Details held in the patient’s record
  • Patient images, for example photographs, x-rays, scans
  • Personal details such as names, addresses, telephone numbers
  • Family details for example next of kin
  • Education and training information
  • Resident details for people or patients who stay in our properties
  • Employment details
  • Financial details, where we provide or receive payment for services
  • Visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security, and
  • Responses to surveys, where individuals have responded to surveys about healthcare issues

We also process sensitive classes of information that may include:

• • Racial and ethnic origin
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Trade union membership
  • Religious or similar beliefs
  • Employment tribunal applications, complaints, accidents and incident details
  • Physical or mental health details, and
  • Sexual life

How will we use information about you?

Information about you is needed to enable staff to deliver treatment and care each time you attend this Hospital. Some of this information may also be needed for other reasons including running services and improving care throughout the NHS and social care system and may be used for:

• • Contacting you in relation to services that may support your health and social care needs
  • Contacting you via text message, email or other automated appointment reminders
  • Making sure that our services meet patient needs including service evaluation, validation and audit
  • Helping staff to review the care they provide to ensure that it is of the highest standard
  • Investigating complaints, legal claims and incidents
  • Preparing reports on NHS performance and activity
  • Training and educating staff
  • Clinical Audit and Development – much of the work in the Hospital involves using patient data in on-going audit. If information about you is used, it will be anonymised as far as possible
  • Maintaining disease and treatment registers for certain conditions and procedures to ensure that appropriate follow-up and treatment can occur and that a better understanding of incidence and the effectiveness of treatment can improve patient care
  • Providing data to the Hospital’s commissioners in order that they can check and report on how effective the services FIH has been commissioned to deliver
  • Obtaining payment for services provided from commissioners, and
  • Providing information to other health providers (e.g. a patient’s registered General Practitioners) to support your health and care needs.

We may keep your information in written form or on a computer.

Sharing your information

Sometimes information about your needs is passed on to other agencies or organisations. For example, if you are receiving care at another hospital or to help with your care after discharge or to enable FIH to receive payment for the treatment you have been provided with.

Anyone who receives this information from us is also under a legal duty to keep it confidential and the Law strictly controls the sharing of some types of very sensitive personal information. The types of organisation who we may share information about you may include:

• • GPs
  • District nurses
  • Other health professionals
  • Social care colleagues
  • Nursing/care homes
  • Commissioners
  • NHS Digital (formerly the Health and Social Care Information Centre (HSCIC), and
  • Department of Health
  • Providers of medical services to the Hospital, for example, MRI and CT providers, pathology providers and others
  • Insurance companies

In certain circumstances we are required by law to report information to the appropriate authority, for example:

• • Where we encounter infectious disease which may endanger the safety of others (such as meningitis or measles)
  • Where a formal court order has been issued, and
  • Where we have safeguarding concerns

Retaining information

We will only retain information for as long as necessary. Records are maintained in line with the NHS England retention schedule which determines the length of time records should be kept.  We have a detailed Retention of Records Policy which is available on request to the Data Protection Officer – address given below.

Security of your information

We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality. We also have a Data Protection Officer who supports the organisation in protecting patient and Hospital information.

All staff are required to undertake information governance training. This training ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.

More information about how patient information is used can be found https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your opt-out status at any time.

Everyone working for the Hospital and the wider health service is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the patient, unless it is required or permitted by law.

Health information collected during provision of treatment or services

Such information will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your treatment or care, or in accordance with UK laws and guidelines of appropriate professional bodies. Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your treatment expenses or their agents. It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.

Medical professionals working with us: Medical professionals working with us We share clinical information about you with our medical professionals as we consider necessary for your treatment and care. Medical professionals working with us might be our employees, or they might be independent consultants in private practice.

External practitioners: If we refer you externally for treatment, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral. It will always be clear when we do this.

Your GP: If the practitioners treating you believe it to be clinically advisable, we may also share information about your treatment with your GP. You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your medical history, and we strongly advise against it.

Your insurer: We share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us. We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.

The NHS: If you are referred to us for treatment by the NHS, we will share the details of your treatment with the part of the NHS that referred you to us, as necessary to perform, process and report back on that treatment.

Medical regulators: Occasionally we may be requested – and in some cases can be required – to share certain information (including personal data and special category data) about you and your care with medical regulators who inspect our clinical facilities and standards.

From time to time we may also make information available on the basis of necessity for the provision of healthcare, but subject always to patient confidentiality.
In an emergency and if you are incapacitated, we may also process your personal data (including special category data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).

We participate in national audits and initiatives to help ensure that patients are getting the best possible outcomes from their treatment and care. The highest standards of confidentiality will be applied to your personal data in accordance with Data Protection Laws and confidentiality. Any publishing of this data will be in anonymised, statistical form. Anonymous or aggregated data may be used by us, or disclosed to others, for research or statistical purposes.

Independent Healthcare Providers – Performance Information

In the interest in providing comparable clinical outcome and performance data to the public across independent sector providers in healthcare, we – like all independent hospital operators – are required by law to provide activity data, including some personal data, as set out in more detail below, for publication by The Private Healthcare Information Network (PHIN).
The hospital must provide PHIN with details of each episode of care, including a summary of each record of treatment including; the dates when each patient was in hospital, what treatment was carried out and by whom. We are also required to provide: patient satisfaction survey data, Patient Reported Outcome Measures (PROMS) – patient reported health improvements following treatment and details of any adverse events relating to the patients treated.

Certain personal data will be provided to PHIN, including patients postcode of residence. PHIN securely submits such data and records to information authorities such as:

• for England, NHS digital;
• for Wales, the NHS Wales Informatics Service;
• for Scotland, the Information and Statistics Division;
• for Northern Ireland, the Health and Social Care Board; and
• for UK-wide mortality data, the Office of National Statistics.

PHIN will only disclose records of care and personal data to the non-departmental bodies/authorities identified above, as required by law or where there is an overriding public interest, and /or to investigate or prevent fraud. Data Protection Laws give all individuals the right to make a ‘Subject Access Request’ to obtain a copy of any information that any organisation holds about them (as set out in more detail below). As PHIN cannot identify individuals from the data it holds, applicants would need to provide further proof of identity in order to access whether it is possible to access any information held. Further information about how PHIN uses information, including its Privacy Notice, is available at: www.phin.org.uk.

National Data Opt-Out

The national data opt-out is an NHS Digital service which allows an NHS patient to opt out of their confidential patient information being used for research and planning.
Further information on the National Data Opt-Out programme can be found here: https://digital.nhs.uk/services/national-data-opt-out-programme

How can you get access your personal information?

Everyone should be able to see the information that is kept in their health records. If you want to see these records you can request access by completing a request form which is available from the Data Protection Officer at the Hospital.

No fee will be charged for this service and you should receive a response within 40 days of applying.

The Hospital is obliged to let you see the information and to explain any part of the records which you do not understand. Should a doctor decide that seeing your records might put your health at risk you may only be shown part of your records or your request may be declined.

If you feel that you have not been fairly treated or that your application has not been dealt with properly then you should complain through Fairfield Independent Hospital complaints procedure. Nothing prevents your doctor from showing you their own records during consultation.

Who else has the right to apply to see my record?

• Any person with authority in writing from the patient to apply on behalf of the patient.
• Any person appointed by the Court to manage the affairs of the patient (documented proof needs to be supplied).
• Where a patient has died, the patient’s personal representative, or any person having a claim arising from the death (documented proof needs to be supplied).

If you require further general information regarding how this Hospital safeguards your information you can contact the Data Protection Officer at the Hospital.

We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know.

Specific Arrangements for the Website:

Personal identification information we collect when you access our website

We may collect personal identification information from users in a variety of ways, including, but not limited to, when users visit our site, register on the site, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our site. Users may visit our site anonymously. We will collect personal identification information from users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain site related activities.

Non-personal identification information

We may collect non-personal identification information about users whenever they interact with our site. Non-personal identification information may include the browser name, the type of computer and technical information about users’ means of connection to our site, such as the operating system and the internet service providers used and other similar information.

Web browser cookies

Our Site may use “cookies” to enhance user experience. Users’ web browsers place cookies on their hard drive for record-keeping purposes and sometimes to track information about them. Users may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the site may not function properly. More information on the way we use “cookies” is given on our website.

How we use collected information

FIH may collect and use users’ personal information for the following purposes:

• To improve customer service

Information you provide helps us respond to your customer service requests and support needs more efficiently.

• To improve our Site

We may use feedback you provide to improve our products and services.

• To send periodic emails

We may use the email address to respond to their inquiries, questions, and/or other requests. If a user decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our site.

Sharing your personal information

We do not sell or trade users’ personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

Third party websites

We do not allow advertising or other content on our site. However, we provide links to the sites and services of our partners, suppliers, commissioners and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our site, is subject to that website’s own terms and policies.

Image Exchange Portal

As part of a shared service agreement your radiology images and records may be shared with other healthcare providers as part of determining and providing your care. If you would like to know more about the extent of this sharing, or you wish us not to share at all with another organisation, or have any other concerns about it, please contact a member of staff in the imaging department.

Sharing your images is covered by the consents you sign when you originally access treatment at the Hospital but FIH wants to be as open and as detailed about your information sharing options as possible. If you are concerned about sharing your images with other health care providers, please discuss with your clinician what the consequences to your care opting out may have and alternative ways to support your care.

If you do not want to withdraw your consent to sharing images please complete the Data Control form noted above with your clinician and return it to the Data Protection Officer at Fairfield Independent Hospital.

Changes to this privacy policy

FIH has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.

Your acceptance of these terms

By using this site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.

Complaints about how we process your personal information

In the first instance, you should contact the Data Protection Officer at the following address:

The Data Protection Officer

Fairfield Independent Hospital

Crank Road

St Helens

WA11 7RS

Or by email to DataProtectionOfficer@fairfield.org.uk

 Changes to our privacy notice

We keep our Privacy Notice under regular review and we will place any updates on this webpage. This notice was last updated on September 2017.

Data Protection Notification

GMPH is a ‘data controller’ under the DPA. We have notified the Information Commissioner that we process personal data and the details are publicly available from the:

Information Commissioner’s Office

Wycliffe House

Water Lane,

Wilmslow SK9 5AF

www.ico.gov.uk

How to contact us

Please contact us if you have any questions about our privacy notice or information we hold about you:

Post:

The Data Protection Officer

Fairfield Independent Hospital

Crank Road

St Helens

WA11 7RS

Email: DataProtectionOfficer@fairfield.org.uk

Phone: 01744 739311