Data Protection and
Patient Privacy Policy
Version: 4
Dated: February 2023
Data Protection and Patient Privacy Policy
Version: | Review date: | Edited by: | Approved by: | Comments: |
2018.01 | | | | |
2019 | 20.12.2019 | Amy Daniel | Karen McNay | |
2022.01 | | | | |
2023.01 | 08.02.2023 | Louise Daniel | Karen McNay | |
Table of Contents
- Who we are? 4
- Why we collect personal information about you? 4
- What is our legal basis for processing your personal information? 4
- What personal information do we need to collect about you and how do we obtain it? 4
- What do we do with your personal information? 5
- What we may do with your personal information? 5
- Who do we share your personal information with and why? 5
- How we maintain your records? 6
- What are your rights? 6
- Who is the Practice Information Governance Lead 7
- Who is the Data Protection Officer? 7
- How to contact the Information Commissioners Office 7
Introduction
This Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and with whom and for which legal purpose we may share it.
Lister Surgery also publishes a number of specific notices which are available at the bottom of this page.
- Who we are?
Lister Surgery employs more than 28 staff and operates from Town and Quennevais Practices.
Our Practice is registered with the Jersey Office of the Information Commissioner (JOIC) to process personal and special categories of information under the Data Protection (Jersey) Law 2018 and our registration number is 58273.
For further information on us please refer to the ‘About US’ page on our website
www.listersurgeryjersey.co.uk
- Why we collect personal information about you?
Our clinical and administration team caring for you will need to collect and maintain information about your health, treatment and care, so that you can be given the best possible healthcare from us. This personal information may be held in a variety of formats, including paper records, electronically on computer systems, in pictures, video or audio files.
- What is our legal basis for processing your personal information?
Any personal information we hold about you is processed for the purposes of ‘Employment and Social Fields’ (Article 8) ‘Medical Purposes’ (Article 15) and ‘Public Health’ (Article 16) of the Data Protection (Jersey) Law 2018.
For further information on this legislation please visit: https://oicjersey.org/data-protection-new-law/
- What personal information do we need to collect about you and how do we obtain it?
Personal information about you is collected in a number of ways. This can be from registration forms, referral details from our clinical or administration team, other third party healthcare providers or hospitals, directly from you or your authorised representative.
We will likely hold the following basic personal information about you: your name, address (including correspondence), telephone numbers, date of birth, emergency contact and next of kin contacts, etc. We might also hold your email address, marital status, occupation, residency status, place of birth and preferred name or previous name(s).
In addition to the above, we may hold sensitive personal information about you which may include:
- Notes and reports about your health, treatment and care, including:
- your medical conditions
- results of investigations, such as x-rays and laboratory tests
- future care you may need
- personal information from people who care for and know you, such as relatives and health or social care professionals
- other personal information such as smoking status, alcohol intake and any disabilities
- Your religion and ethnic origin
- Your identified gender or sexual orientation
- Whether or not you are subject to any protection orders regarding your health, wellbeing and human rights (Safeguarding status).
It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans in accordance with your needs.
- What do we do with your personal information?
Your records are used to directly, manage and deliver healthcare to you to ensure that:
- The staff involved in your care have accurate and up to date information to assess and advise on the most appropriate care for you.
- Staff have the information they need to be able to assess and improve the quality and type of care you receive.
- Appropriate information is available if you see another healthcare professional, or are referred to a specialist or another part of the Jersey Health Service, social care or other health provider in Jersey, UK or elsewhere.
- What we may do with your personal information?
The personal information we collect about you may also be used to:
- Remind you about your appointments and send you relevant correspondence.
- Review the care we provide to ensure it is of the highest standard and quality, e.g. through audit or service improvement;
- Support the funding of your care, e.g. with commissioning organisations;
- Prepare statistics on Primary Care performance to meet the needs of the population or for the Health Department and or other regulatory bodies;
- Help to train and educate healthcare professionals;
- Report and investigate complaints, claims and untoward incidents;
- Report events to the appropriate authorities when we are required to do so by law;
- Contact you with regards to patient satisfaction surveys relating to services you have used within our organisation so as to further improve our services to patients
Where possible, we will always look to anonymise/pseudonymise your personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use/share the minimum information necessary.
- Who do we share your personal information with and why?
We may need to share relevant personal information with other healthcare organisations. For example, we may share your information for healthcare purposes with health authorities such as Jersey Health Department, Social Security Department, NHS UK, Out of Hours Service, other general practitioners (GPs), ambulance services, private consultants, primary or secondary care service providers, etc. We will also share information with other parts of the Jersey Health Department and those contracted to provide services to the Health Department in order to support your healthcare needs.
We may need to share information from your health records with other non-Health Department organisations from which you elect to or are also receiving care from, such as Social Services, private consultants, secondary care providers or private care homes. However, we will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or where current legislation permits or requires it.
There are occasions where the Practice may be required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
There may also be situations where we are under a duty to share your information, due to a legal requirement. This includes, but is not limited to, disclosure under a court order, sharing with the Jersey Primary Care Governance Team for inspection purposes, the police for the prevention or detection of crime or where there is an overriding public interest to prevent abuse or serious harm to others and other public bodies (e.g. Social Security for the misuse of public funds in order to prevent and detect fraud).
For any request to transfer your data internationally outside Jersey or the UK/EU, we will make sure that an adequate level of protection is satisfied before the transfer.
The Practice is required to protect your personal information, inform you of how your personal information will be used, and allow you to decide if and how your personal information can be shared. Personal information you provide to the Practice in confidence will only be used for the purposes explained to you and to which you have consented. Unless, there are exceptional circumstances, such as when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. Where there is cause to do this, the Practice will always do its best to notify you of this sharing.
- How we maintain your records?
Your personal information is held in both paper and electronic forms for specified periods of time as set out in the Information Government Alliance Records Management Code of Practice for Health and Social Care. Whilst this is UK legislation for NHS Providers, it is used in Jersey as a ‘Best Practice Solution’ in the void of our own similar procedures.
We hold and process your information in accordance with the Data Protection (Jersey) Law 2018 and where appropriate the General Data Protection Regulation. In addition, everyone working for our Practice must comply with the Contractual Duty of Confidentiality and various national and professional standards and requirements.
We have a duty to:
- maintain full and accurate records of the care we provide to you;
- keep records about you confidential and secure;
- provide information in a format that is accessible to you.
Use of Email/SMS Text/Other Electronic Communications:
Some services in the Practice provide the option to communicate with patients via email, SMS text or other electronic communications. Please be aware that the Practice cannot guarantee the security of this information whilst in transit and by requesting this service you are accepting this risk.
- What are your rights?
If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection (Jersey) Law 2018 gives you certain rights, including the right to:
- Request access to the personal data we hold about you, e.g. in health records. The way in which you can access your own health records is further explained in our “patient access to medical records policy and request form” which is on our website: [Insert Website]
- Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards.
- Refuse/withdraw consent to the sharing of your health records: Under the Data Protection (Jersey) Law 2018, we are authorised for the purposes of ‘Employment and Social Fields’ (Article 8) ‘Medical Purposes’ (Article 15) and ‘Public Health’ (Article 16). Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.
- Request your personal information to be transferred to other providers on certain occasions.
- Object to the use of your personal information: In certain circumstances you may also have the right to ‘object’ to the processing (i.e. sharing) of your information where the sharing would be for a purpose beyond your care and treatment (e.g. as part of a local data sharing initiative).
- We will always try to keep your information confidential and only share information when absolutely necessary.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter and respond to you accordingly where appropriate.
- Who is the Practice Information Governance Lead
Please contact:
Roelof Edelenbos | General Practioner/Partner |
Lister Surgery 8 The Parade St Helier Jersey JE2 3QP | Email: admin@listersurgery.gpnet.je |
- Who is the Data Protection Officer?
Please contact:
Karen McNay | Practice Manager |
Lister Surgery 8 The Parade St Helier Jersey JE2 3QP | Email: admin@listersurgery.gpnet.je Tel: 01534 736336/741641 |
- How to contact the Information Commissioners Office
The Jersey Office of the Information Commissioner (JOIC) is the body that regulates the Practice under Data Protection and Freedom of Information legislation. https://oicjersey.org/. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the JOIC at:
Office of the Information Commissioner 2nd Floor 5 Castle Street St Helier Jersey JE2 3BT | Email: enquiries@jerseyoic.org Telephone: +44 (0)1534 716530 |