PrivacyPolicy

How we use your data  

‍

Who We Are and What We Do

One Health Group is an independent healthcare provider treating patients across South Yorkshire,West Yorkshire, North Derbyshire, and North Lincolnshire. We are approved by the NHS to provide elective (non-emergency) NHS services to NHS patients.  We also treat private patients i.e. patients who choose to pay for their own treatment rather than receiving treatment through the NHS.

We care about your personal data and it is important that you know how we use it and how we keep it safe. This Privacy Policy covers how, when, and why we use your information.It also explains the choices you can make about the way in which we use your information and identifies your rights. 

This Privacy Policy is not exhaustive, and we are always happy to provide any additional information or explanations where needed. Please contact our Data Protection Officer using these contact details: Data Protection Officer, One Health Group, 131 Psalter Lane, Sheffield S11 8UX. enquiries@onehealth.co.uk  www.onehealth.co.uk 

This Privacy Policy applies to all personal data relating to patients held by the One Health Group.If you are an employee or applying for a job with One Health Group, please contact the Head of HR (Human Resources) for the Privacy Policies relating to employees and job applicants. 

For an overview on what health data, we hold about you and the legal reasons for doing so, please refer to our ‘How We Use Your Health Records’ leaflet. 

Reviews and Changes to our Privacy Policy

We will review our Privacy Policy regularly; specifically, if we need to make any changes to how we process your information or if there is a change in the law. This policy was last reviewed in February 2021.

What Data do we Collect?

In order to provide you with the appropriate healthcare, we collect and process personal data i.e. data that identifies or relates to you as an individual or a patient. We are committed to being open and transparent about how we collect and use that data and to meeting our data protection obligations.

We collect a range of information about you.  This includes:

• your name, date of birth,address and contact details, including email address and telephone number;
•  your NHS number, details of your GP (General Practitioner) and any other health professionals you may be receiving treatment from e.g. Consultants at other hospitals and/or Community health teams;
• information about your current medical condition(s), previous treatment, medications, allergies and ongoing treatment plans;
• whether or not you have a disability for which we need to make reasonable adjustments during your patient journey with us, and;
• details about your appointments,treatment and surgery provided by us. 

Why We Process Data About You

We process personal data about you as a patient for a number of reasons:

• We process information about you to enable us to give you the best quality care and treatment and to contact you about your healthcare or treatment.
• We use some of your information when handling complaints, to conduct investigations and to carry out patient surveys, so that we can continually improve our healthcare services.
• We process your data for the defence of legal claims (where necessary) and in order to respond to requests from you or an authorized third party i.e. Solicitors, for copies of your medical records (Subject Access Requests)
• We use your information to arrange outpatient clinics and book operating theatres in order to carry out surgical procedures
• We use minimal information as part of our invoicing process, which is how we are paid by either the NHS or by you (if you are a private patient) for the treatment we provide
• We automatically collect technical data from patients / visitors to our website to ensure that content from our website is presented in the most effective manner for you and for your computer.

 Your data is held securely in either paper files or on our electronic computer systems.

We collect data in a variety of ways. For example, data is contained in referral forms and letters from your GP or other healthcare providers, such as hospitals. Data can also be provided directly by you at clinic visits or hospital appointments with our Consultants or over the telephone when speaking to a member of our Patient Liaison Team.

Please be aware that telephone calls made to or from our Accounts and Patient Liaison Departments are recorded for quality monitoring, training, security, and protection purposes only. Our Accounts calls are recorded for assurance that patients have been read the relevant Terms and Conditions.

You will be notified of this by an automated recording at the start of the telephone call. The recordings are kept for 6 months on our computer system and are only accessed by authorized members of staff. After 6 months, the recordings are securely deleted.

Legal Reasons for Collecting and Using Data

When we use and collect personal data, we need to have a lawful and legitimate reason for doing so. Please see below our legal reasons for processing your personal data:

• It is necessary for providing you with direct healthcare or treatment. This involves us using ‘special category’ (sensitive)data relating to your health provided by you or other healthcare professionals you may be receiving treatment from or have treated you in the past. There are laws which permit us to use this information, including the Data Protection Act, the NHS Act and the Health and Social Care Act.
• There is a legal requirement that allows us to use or provide personal information to other organisations e.g., if a formal Court order is issued, returns to HMRC (HM Revenue & Customs), information provided to regulatory organisations i.e., Care Quality Commission (CQC).
• We have completed a Legitimate Interest Assessment and concluded that; in certain circumstances, we have a legitimate interest for processing personal data. This is with regard to conducting surveys / questionnaires about the care and treatment you have received from us. We carry out these surveys to receive feedback from you as a patient, which will in turn help us to continually improve the healthcare services we provide. Most surveys are anonymous, so you are not under any obligation to provide information about yourself if you do not wish to. 

Who has Access to Your Data?

We are committed to protecting your privacy and will only process personal confidential data in accordance with legislation such as, the Data Protection Act 2018, the Common Law Duty of Confidentiality and the Human Rights Act 1998. The various laws and rules about using and sharing confidential information; with which One Health Group comply, form the basis for our local policies on Confidentiality and Data Protection. These policies are available on request.

One Health Group is a Data Controller. We are legally responsible for ensuring that all personal confidential data we process i.e.hold, obtain, record, use or share about you is done in compliance with legislation. We are registered with the Information Commissioner’s Office(ICO). Our ICO Data Protection Register number is Z9057663 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website: https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers/  

Your information will be shared internally for the purposes of providing you with direct healthcare.  This includes the Patient Liaison Team, members of the clinical teams including Consultants,surgeons and Anaesthetists, and IT staff if access to the data is necessary for the performance of their roles.

We will only share your data with third parties if it relates to your direct healthcare or we have a legal obligation to do so. We do not transfer your data outside the United Kingdom (UK) and we will never sell any information about you.

Protecting Data

All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you.

Everyone working for One Health Group has a legal duty to keep information about you confidential. All our staff and Senior Management Team receive appropriate training annually to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality,enforceable through disciplinary procedures.

How Long do we Keep Data?

We will hold your personal data for the duration of your treatment or as long as you are a patient of ours. The data will be checked with you at each contact we have with you to ensure that it remains up to date. Should your personal data change you must notify the Patient Liaison Team immediately.  The period for which your data is held after you are discharged from our care is 8 years. Patient data is held in line with statutory retention periods and these are outlined as part of our Records Management Policy.

Your Rights

Under the Data Protection Act 2018,you have certain rights over how your information is processed.    They are:

• The right to be informed – we must provide fair processing information i.e., we must tell you what data we are collecting about you, why and exactly what we will do with it. We do this through privacy policies, such as this one.
• The right of access – this is the right for you to have access to and copies of information that we hold about you. If you would like access to or copies of your information, please contact our Patient Liaison Team.
• The right to rectification – this is the right to have personal data rectified if it is inaccurate or incomplete. If you identify any inaccuracies with your data, please contact our Patient Liaison Team.
• The right to erasure – this is also known as the ‘right to be forgotten’. Health records are kept in line with NHS national guidance and it is extremely rare that we destroy or delete records earlier than the recommended retention period. Therefore, a request for erasure of all or part of any record will always need to be discussed with our Data Protection Officer.
• ‍The right to restrict processing – this is the right to block or suppress the processing of your personal data. Please note it may not be possible to restrict processing whilst you are receiving care and treatment from us, as this may prevent us from providing the appropriate treatment. 
• The right to data portability – this is the right to obtain and re-use any electronic information you have provided to us as part of an automated process. Please note, in terms of healthcare information, this right is unlikely to apply. 
• ‍The right to object – this is the right to object to us processing data because of a particular situation.  Because of our obligation to keep health records it is extremely rare that we will stop processing your data if you wish to continue receiving treatment from us. Therefore, a request to stop processing will always need to be discussed with our Data Protection Officer.
• Rights in relation to automated decision making and profiling – the Data Protection Act 2018 provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. Please be aware that we do not undertake automated decision making or profiling.

If we do hold personal data about you and you have any queries about the information we hold, please contact the Data Protection Officer using the details below:

One Health Group, 131 Psalter Lane Sheffield S11 8UX. Tel: 0114 250 5510email: enquiries@onehealth.co.uk  www.onehealth.co.uk

You have the right to refuse or withdraw consent to information sharing at any time by using the contact details above.If there are any consequences to withdrawing consent these will be fully explained and discussed with you first.

‍

 Complaints

We aim to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage patients to bring concerns to our attention and we welcome any suggestions for improving our procedures. Contact details for complaints regarding the processing of information should be directed to the Data Protection Officer, One Health Group, 131 Psalter Lane, Sheffield S11 8UX. Tel:0114 250 5510. Email: enquiries@onehealth.co.uk. You can also raise a concern directly with the ICO here www.ico.gov.uk; although our aim is to resolve your complaint swiftly ourselves in the first instance.

Cookies

Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you. Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier.

Cookies may be set by the website you are visiting, or they may be set by other websites who run content on the page you are viewing.

‍

 What is in a Cookie?

A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie.Each cookie is unique to your web browser.It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or login.

What to do if you don’t want Cookies to be set

Some people find the idea of a website storing information on their computer or mobile device intrusive,particularly when this information is stored and used by a third party.Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website. If you have any concerns about cookies, please contact our Data Protection Officer.

 What cookies do we use

What to do if you don’t want Cookies to be set

Some people find the idea of a website storing information on their computer or mobile device intrusive, particularly when this information is stored and used by a third party. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website. If you have any concerns about cookies, please contact our Data Protection Officer.

How the NHS and care services use your information

The One Health Group is one of many organisations working in the health and care system to improve care for patients and the public).  

Whenever you use a health or care service,such as attending Accident & Emergency or using Community Care services,important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services 

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

 Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

 You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

 To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

 On this web page you will:

• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view,set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply

 You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know

(which covers how and why patient information is used, the safeguards and how decisions are made)

 You can change your mind about your choice at any time.

 Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. The One Health Group is currently compliant with the national data opt-out policy and does not have any Data flows that fall into the Opt out category.