Security of Information
Confidentiality affects everyone. The Birmingham Prostate collects, stores and uses large amounts of personal and sensitive personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.
We take our Duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all responsible measures to ensure the confidentiality and security of personal data for which are responsible whether computerised or on paper.
At board level we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risk and incidents and the Clinic Director is responsible for the management of patient information and patient confidentiality.
Legal Basis for the processing of your data
The general data protection regulation (GDPR) 2018 requires the organisation to process:
Personal data under 6(1)(f) “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Article 6(1)(a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Sensitive personal data
(Health Records) under 9(2)(h) – “Necessary for the reasons of preventative or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.”
Why do we collect information about you?
All clinicians and health care professionals caring for you keep records about your health and any treatment can care you receive. These records help to ensure that you receive the best possible care. They may be paper or electronic and they may include:
Basic details about you such as name, address, email address, date of birth, next of kin
Contact we have had with you such as appointments or clinic visits
Notes and reports about your health treatment and care/clinic appointments
Details of diagnosis and treatment given
Information about any allergies or health conditions
Results of x-rays, scans and laboratory tests
Relevant information from people who care for you and know you well such as health care professional and relatives.
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes to your contact details or GP practice as soon as possible. This minimises the risk of you not receiving important correspondence.
By providing the organisation with their contact details, patients are agreeing to the organisation using those channels to communicate with them about their healthcare, i.e. by letter (postal address) by voice mail or voice message (telephone or mobile number) by text message (mobile number) or by email (email address).
How your personal information is used?
In general, your records are used to direct, manage and deliver the care you receive to ensure that:
The doctors, nurses and other healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you.
Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive.
Your concerns can be properly investigated if a complaint is raised.
Appropriate information is available if you see another clinician or are referred to a Specialist or another part of private healthcare.
How long are health records retained?
The organisation does not keep patient records for longer than necessary and all records are destroyed confidentially once their retention period has been met and the organisation has made the decision that the records are no longer required.
When do we share information about you?
We share information about you with others directly involved in your care and also share more limited information for indirect care purposes both of which are described below:
Everyone working within our organisation has a legal duty to keep information about you confidential. Similarly anyone who receives information from us also has a legal duty to keep it confidential.
How you can assess your records
The GDPR 2018 gives you a right to assess the information we hold about you on our records. Requests must be made in writing to the Clinic Manager, Birmingham Prostate Clinic, Spire Parkway Hospital. The organisation will provide your information to you within one month from receipt of your application.
The data controller responsible for keeping your information confidential is Birmingham Prostate Clinic
Data protection officer contact
Helen McNae – email@example.com
Raising a concern
Patients who have a concern about any aspect of their care or treatment at this organisation or about the way their records have been managed should contact Zena Moll, Clinic Manager, Birmingham Prostate Clinic.
If you have any concerns about how we handle your information you have a right to complain to the Information Commissioners Office about it.
The GDPR 2018 requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:-
Information Commissioner Office
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone 08456 306060 Website www.ico.gov.uk
Freedom of Information
The freedom of Information Act 2000 provides any person with the right to obtain information held by the Calderdale and Huddersfield NHS Foundation Trust, subject to a number of exemptions. If you would like the request some information from us, please visit the Freedom of Information Section of our website.