Privacy Policy

How we use your data  

Who We Are and What We Do

One Health Group PLC is an independent healthcare provider treating patients across South Yorkshire, West Yorkshire, North Derbyshire and North Lincolnshire. We are approved by the NHS to provide elective (non-­‐emergency) NHS services to NHS patients.  We also treat private patients i.e. patients who choose to pay for their own treatment rather than receiving treatment through the NHS.

We care about your personal data and it’s important that you know how we use it and how we keep it safe. This Privacy Policy covers how, when and why we use your information. It also explains the choices you can make about the way in which we use your information and outlines your rights.

This Privacy Policy is not exhaustive, and we are always happy to provide additional information or explanations where needed. Please contact our Data Protection Officer using these contact details: Data Protection Officer, One Health Group, 131 Psalter Lane, Sheffield S11 8UX. enquiries@onehealth.co.uk www.onehealth.co.uk

This Privacy Policy applies to all personal data relating to patients held by the One Health Group PLC. If you are an employee or applying for a job with One Health Group, please contact the Head of HR (Human Resources) for the Privacy Policies relating to employees and job applicants.

For an overview of the health data we hold about you and the legal reasons for doing so, please refer to our ‘How We Use Your Health Records’ leaflet. 

Reviews and Changes to our Privacy Policy

We will review our Privacy Policy regularly; specifically, if we need to make any changes to how we process your information or if there is a change in the law. This policy was last reviewed in September 2023.

What Data do we Collect?

In order to provide you with the appropriate healthcare, we collect and process personal data i.e. data that identifies or relates to you as an individual or a patient. We are committed to being open and transparent about how we collect and use that data and to meeting our data protection obligations.

We collect a range of information about you. This includes:

• your name, date of birth, address and contact details, including email address and telephone number;
• your NHS number, details of your GP (General Practitioner) and any other health professionals you may be receiving treatment from e.g. Consultants at other hospitals and/or Community health teams;
• information about your current medical condition(s), previous treatment, medications, allergies and ongoing treatment plans;
• whether or not you have a disability for which we need to make reasonable adjustments during your patient journey with us, and;
• details about your appointments, treatment and surgery provided by us

Why We Process Data About You

We process personal data about you as a patient for a number of reasons:

• We process information about you to enable us to give you the best quality care and treatment and to contact you about your healthcare or treatment.
• We use some of your information when handling complaints, to conduct investigations and to carry out patient surveys, so that we can continually improve our healthcare services.
• We use some of your contact information for marketing purposes, so that we can keep in touch with you and keep you informed about new services that we think you may be interested in. Please note that we will only do this if we have your valid consent and this can be changed or withdrawn at any time.
• We process your data for the defence of legal claims (where necessary) and in order to respond to requests from you or an authorized third party i.e. Solicitors, for copies of your medical records (Subject Access Requests)
• We use your information to arrange outpatient clinics and book operating theatres in order to carry out surgical procedures
• We use minimal information as part of our invoicing process, which is how we are paid by either the NHS or by you (if you are a private patient) for the treatment we provide
• We automatically collect technical data from patients / visitors to our website to ensure that content from our website is presented in the most effective manner for you and for your computer.

Your data is held securely in either paper files or on our electronic systems.

We collect data in a variety of ways.  For example, data is contained in referral forms and letters from your GP or other healthcare providers, such as hospitals. Data can also be provided directly by you at clinic visits or hospital appointments with our Consultants or over the telephone when speaking to a member of our Patient Liaison Team.

We collect data in a variety of ways.  For example, data is contained in referral forms and letters from your GP or other healthcare providers, such as hospitals. Data can also be provided directly by you at clinic visits or hospital appointments with our Consultants or over the telephone when speaking to a member of our Patient Liaison Team.

Please be aware that incoming telephone calls to the Patient Liaison Team are recorded for quality monitoring, training and security purposes only. You will be notified of this by an automated recording at the start of the telephone call. The recordings are kept for 36 months on our computer system and are only accessed by authorized members of staff. After 36 months, the recordings are securely deleted.

Legal Reasons for Collecting and Using Data

When we use and collect personal data, we need to have a lawful and legitimate reason for doing so. Please see below our legal reasons for processing your personal data:

• It is necessary for providing you with direct healthcare or treatment. This involves us using ‘special category’ (sensitive) data relating to your health provided by you or other healthcare professionals you may be receiving treatment from or have treated you in the past. There are laws which permit us to use this information; including the Data Protection Act, the NHS Act and the Health and Social Care Act.
• There is a legal requirement that allows us to use or provide personal information to other organisations e.g. if a formal Court order is issued, returns to HMRC (HM Revenue & Customs), information provided to regulatory organisations i.e. Care Quality Commission (CQC).
• We have completed a Legitimate Interest Assessment and concluded that; in certain circumstances, we have a legitimate interest for processing personal data. This is with regard to conducting surveys / questionnaires about the care and treatment you have received from us and also for the processing of CCTV images located at our Head Office, which we use to help protect our premises, our staff and residents at our Psalter Lane site.

Who has Access to Your Data?

We are committed to protecting your privacy and will only process personal confidential data in accordance with legislation such as, the Data Protection Act 2018, the Common Law Duty of Confidentiality and the Human Rights Act 1998. The various laws and rules about using and sharing confidential information; with which One Health Group PLC comply, form the basis for our local policies on Confidentiality and Data Protection. These policies are available on request.

One Health Group PLC is a Data Controller. We are legally responsible for ensuring that all personal confidential data we process i.e. hold, obtain, record, use or share about you is done in compliance with legislation. We are registered with the Information Commissioner’s Office (ICO). Our ICO Data Protection Register number is Z9057663 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website: https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers/

Your information will be shared internally for the purposes of providing you with direct healthcare.  This includes the Patient Liaison Team, members of the clinical teams including Consultants, surgeons and Anaesthetists, and IT staff if access to the data is necessary for the performance of their roles.

We will only share your data with third parties if it relates to your direct healthcare or we have a legal obligation to do so. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ('EEA'). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your order, the processing of your payment details, and the provision of support services. By submitting your personal data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Protecting Data

All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you.

Everyone working for One Health Group PLC has a legal duty to keep information about you confidential. All our staff and Senior Management Team receive appropriate training annually to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

How Long do we Keep Data?

We will hold your personal data for the duration of your treatment or as long as you are a patient of ours.  The data will be checked with you at each contact we have with you to ensure that it remains up to date.  Should your personal data change you must notify the Patient Liaison Team immediately.  The period for which your data is held after you are discharged from our care is 8 years. Patient data is held in line with statutory retention periods and these are outlined as part of our Records Management Policy.

Your Rights

Under the Data Protection Act 2018,you have certain rights over how your information is processed.    They are:

• The right to be informed – we must provide fair processing information i.e., we must tell you what data we are collecting about you, why and exactly what we will do with it. We do this through privacy policies, such as this one.
• The right of access – this is the right for you to have access to and copies of information that we hold about you. If you would like access to or copies of your information, please contact our Patient Liaison Team.
• The right to rectification – this is the right to have personal data rectified if it is inaccurate or incomplete. If you identify any inaccuracies with your data, please contact our Patient Liaison Team.
• The right to erasure – this is also known as the ‘right to be forgotten’. Health records are kept in line with NHS national guidance and it is extremely rare that we destroy or delete records earlier than the recommended retention period. Therefore, a request for erasure of all or part of any record will always need to be discussed with our Data Protection Officer.
• ‍The right to restrict processing – this is the right to block or suppress the processing of your personal data. Please note it may not be possible to restrict processing whilst you are receiving care and treatment from us, as this may prevent us from providing the appropriate treatment. 
• The right to data portability – this is the right to obtain and re-use any electronic information you have provided to us as part of an automated process. Please note, in terms of healthcare information, this right is unlikely to apply. 
• ‍The right to object – this is the right to object to us processing data because of a particular situation.  Because of our obligation to keep health records it is extremely rare that we will stop processing your data if you wish to continue receiving treatment from us. Therefore, a request to stop processing will always need to be discussed with our Data Protection Officer.
• Rights in relation to automated decision making and profiling – the Data Protection Act 2018 provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. Please be aware that we do not undertake automated decision making or profiling.

If we do hold personal data about you and you have any queries about the information we hold, please contact the Data Protection Officer using the details below:

One Health Group PLC, 131 Psalter Lane Sheffield S11 8UX. Tel: 0114 250 5510email: enquiries@onehealth.co.uk  www.onehealth.co.uk

You have the right to refuse or withdraw consent to information sharing at any time by using the contact details above. If there are any consequences to withdrawing consent these will be fully explained and discussed with you first.

Complaints

We aim to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage patients to bring concerns to our attention and we welcome any suggestions for improving our procedures. Contact details for complaints regarding the processing of information should be directed to the Data Protection Officer, One Health Group PLC, 131 Psalter Lane, Sheffield S11 8UX. Tel: 0114 250 5510. Email: enquiries@onehealth.co.uk. You can also raise a concern directly with the ICO here www.ico.gov.uk; although our aim is to resolve your complaint swiftly ourselves in the first instance.

Cookies

Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you. Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier.

Cookies may be set by the website you are visiting, or they may be set by other websites who run content on the page you are viewing.

What is in a Cookie?

A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or login.

What to do if you don’t want Cookies to be set

Some people find the idea of a website storing information on their computer or mobile device intrusive, particularly when this information is stored and used by a third party. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website. If you have any concerns about cookies, please contact our Data Protection Officer.

What cookies do we use

What to do if you don’t want Cookies to be set

Some people find the idea of a website storing information on their computer or mobile device intrusive, particularly when this information is stored and used by a third party. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website. If you have any concerns about cookies, please contact our Data Protection Officer.

‍

‍