Millbrook Healthcare Ltd GDPR Privacy Policy
Millbrook Healthcare Limited provides community equipment, wheelchair, assistive
technology and home improvement agency services to local authorities and the NHS.We
take your confidentiality and privacy rights very seriously.This policy explains how we
collect, process, transfer and store your personal information and forms part of our
accountability and transparency to you under the General Data Protection Regulation
(GDPR) 2018.
How will we meet the principles of the GDPR?
We will process your personal information fairly and lawfully by:
1. only using it if we have a lawful reason and when we do, we make sure you know
how we intend to use it and tell you about your rights;
We do not rely on consent to use your information as a legal basis for processing. In
simple terms, this means we can use your personal information to provide services to
you without seeking your consent. Please note under the regulation you do have a
right to say no to our use of your information, but this could have an impact on our
ability to provide services to you.
2. only collecting and using your information to provide you healthcare services and will
not use it for any other purpose that is not considered by law to be for this purpose;
3. only using personal data that is relevant and necessary for us to carry out various
tasks in providing healthcare services to you;
4. keeping your personal information accurate and up to date when using it, and if it is
found to be incorrect, we will make it right, where appropriate, as soon as we can;
5. only keeping your information in a way that will identify you for as long as we are
required to, whilst ensuring your rights; and
6. having secure processes in place to keep your personal information safe and secure
when it is being used, shared, and when it is being stored.
What information do we collect from you?
Millbrook Healthcare staff keep records about the services we provide to you. This may
include:
-
Basic details such as your name, address, date of birth, telephone number(s), and email address;
-
Your next of kin and contact details;
-
Notes and reports about your physical health and any care or support you need and
receive;
-
Relevant information and reports from other professionals, relatives or those who care
for you or know you well;
-
Telephone records and recordings of inbound and outbound calls;
-
Any contact(s) you have with us such as home visits or clinic appointments; and
-
Service user experience feedback and treatment outcome information you provide.
Your personal information and records are in both electronic and hard copy paper format.
Electronic record are held securely on a computer system and secure IT network.
Why do we collect this information about you?
Your information is used to guide, inform and record the services you receive and is vital in
helping us to:
-
Have all the necessary information to assess your needs and for making decisions
with you about the services you receive;
-
Have details of our contact with you, such as referrals and appointments and can see
the services and equipment you have received;
-
Assess the quality and outcomes of the services provided; and
-
Investigate if you have any concerns or a complaint about the service(s) you have
received.
Staff involved in your care will also have accurate and up to date information and this accurate
information about you is also available if you move to another area, need to use another
service or see a different healthcare professional.
Who might we share your information with?
Your information will be shared with the team providing services for you. However, we work
collaboratively with NHS partners, local authority agencies including social services so may
need to share information about you with other professionals and services involved in your
care and equipment provision.
We do this in order to provide the most appropriate care and support for you or when the
welfare of other people is involved. We will only share your information in this way if we have
your consent and it is considered necessary.
You have the right to refuse and withdraw your consent to information sharing at any time.
Please discuss this with a member of staff as this could have implications in how you receive
further care, support and equipment, including delays in your receiving care, support and
equipment.
However, a person’s right to confidentiality is not absolute and there may be other
circumstances when we must share information from your records with other agencies. On
these rare occasions we are not required to have your consent. Examples of this are:
-
If there is a concern that you are putting yourself at risk of serious harm;
-
If there is concern that you are putting another person at risk of serious harm;
-
If there is concern that you are putting a child at risk of harm;
-
If we have been instructed to do so by a Court;
-
If the information is essential for the investigation of a serious crime;
-
If you are subject to the Mental Health Act (1983), there are circumstances in which
your ‘nearest relative’ must receive information even if you object; or
-
If your information falls within a category that needs to be notified for public health or
other legal reasons, such as certain infectious diseases.
The information from your records will only be used for the purposes that benefit the services
we provide and we would never share it for marketing or insurance purposes.
Improving health, care and services through planning
To help us monitor our performance, evaluate and develop the services we provide, it is
necessary to review and share minimal information, for example with our NHS and local
authority commissioning partners. The information we share would be anonymous so you
cannot be identified and all access to and use of this information is strictly controlled.
In order to ensure that we have accurate and up to date records, we carry out a programme
of audits with access to records for this purpose monitored and only anonymised information
being used in the reports that are shared internally.
How do we keep your information safe?
The organisation is committed to keeping your information secure and have operational
policies and procedures in place to protect your information whether it is in electronic or hard
copy (paper) format.
The organisation is entered on the Information Commissioner’s data protection register, with
registration number Z5840326.
All of the information systems used by the organisation are implemented with robust
information security safeguards to protect the confidentiality, integrity and availability of your
personal information. The security controls adopted by the organisation are influenced by a
number of sources including NHS Digital and Government standards. This also includes
certification with the Cyber Essentials accreditation scheme.
All staff and sub-contractors are legally bound to respect your confidentiality and must
comply with our information governance and information security procedures. Any breach of
these procedures is treated seriously and may, in certain cases, result in disciplinary action.
Please note that if any of your personal information is to be processed overseas and outside
of the EEA, a full risk assessment would be undertaken to ensure the security of the
information.
In ensuring the safety and confidentiality of your personal information, the organisation also
has to complete Data Protection Impact Assessments (DPIA). This is a process which helps
assess privacy risks and identified the legal basis for the collection, use and disclosure of
information, known as processing.
All new projects and processes that involve using or sharing personal information will require
a completed DPIA at the initial stages and prior to any procurement decision being made.
All DPIAs completed will be submitted to the Data Protection Officer and/or the Information
Governance and Security Group for approval.
How long do we keep your information?
All clinical records held by the organisation are subject to the records Management Code of
Practice for Health and Social Care Act 2016 (the Code). The Code sets out best practice
guidance on how long we should keep your clinical information before we are able to review
and securely dispose of it.
For further information on specific timescales, please refer to the retention schedule
appendix within the Information Governance policy.
How can I access the information you hold about me?
You have the right to access and see the information we hold about you, whether in
electronic or hard copy format. The exception to this is information that:
-
Has been provided about you by someone else if they haven’t given permission for you to see it
-
Relates to criminal offences
-
Is being used to prevent or detect crime
-
Could cause physical or mental harm to you or someone else
Your request can be made in writing, email or verbally and can be given to the service where
you receive your services from us or, alternatively, sent to:
Data Protection Officer
Millbrook Healthcare Limited
Nutsey Lane
Calmore
Hampshire
SO40 3XJ
Complaints
The complaints team are available to assist you with any comments, concerns and
complaints. The team act independently of any of the services we provide ensuring your
concerns are thoroughly investigated and responded to in a timely manner. Please find
contact details below:
Customer Engagement Officer
Millbrook Healthcare Limited
Nutsey Lane
Calmore
Hampshire
SO40 3XJ
E-mail: feedback@millbrookhealthcare.co.uk
Tel. 023 8066 2314
You can also get further information and advice or report a concern to the UK’s independent
authority, the Information Commissioner, via the contact details below:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Web: http://www.ico.org.uk
Tel. 0303 123 1113
Other useful contacts
Data Protection Officer
Millbrook Healthcare Limited
Nutsey Lane
Calmore
Hampshire
SO40 3XJ
E-mail: dpo@millbrookhealthcare.co.uk
Tel. 023 8066 2312
Caldicott Guardian
Millbrook Healthcare Limited
Nutsey Lane
Calmore
Hampshire
SO40 3XJ
Tel. 023 8066 2309
E-mail: dpo@millbrookhealthcare.co.uk