Privacy & General Data Protection Regulation (GDPR)
How your information will be used
As one of your health and social care providers, IntraHealth needs to keep and process information about you for normal healthcare purposes to support the services that we provide to you. The information we hold and process will be used for our management and administrative use only (i.e., your Direct Care). We will keep and use it to provide healthcare services and manage our relationship with you effectively, lawfully and appropriately, during your registration with our service, whilst you are under our care, until the time when you have been discharged or are no longer under our care. This includes using information to enable us to comply with any service/performance contracts, to comply with any legal requirements, pursue the legitimate interests of IntraHealth and to protect our legal position in the event of legal proceedings. If you do not consent for us to use your data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
The processing of personal data in the delivery of direct care by our service is supported under Article 6 and 9 conditions of the GDPR. We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”.
As a business we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, for administrative purposes or to manage your healthcare. We will never process your data where these interests are overridden by your own interests.
Much of the information we hold will have been provided by you, but some may come from other internal sources, such as clinical and administrative staff, or in some cases, external sources, such as other health and social care providers.
The sort of information we hold includes your contact details, your medical records; correspondence with or about you, for example information from other health and social care organisations, consent forms, medications; records of appointments, visits and other attendances.
Where we record or process special categories of information relating to your health and social care records, racial or ethnic origin, religious, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is required by law or the information is required to provide healthcare.
Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
We may record computer and telephone/mobile telephone contacts.
Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external health insurance schemes.
We may transfer information about you to other organisations for purposes connected with your healthcare or the management of IntraHealth business, such as Commissioning bodies, hospital trusts, GP Practices, and other health and social care services.
Your personal data will be stored only in UK data centres only for as long as we require it in relation to the purpose for which it was collected and/or processed.
If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data. You also have the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. It is extremely unlikely that you have the right to delete correct information from your record.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113 (local rate).
IntraHealth is the controller and processor of data for the purposes of GDPR.
If you have any concerns as to how your data is processed you should contact one of our Service Managers.
IntraHealth’s Data Protection Officer is Dr Neill Jones. He can be contacted on 0333 3583 397.