Fair Collection/Privacy Notice - Data Protection Act 1998
Data Controller – Managed Care Ltd (MC within the document)
This document provides you with information about how MC use and manage the personal data held about you, including how MC share it with NHS and non-NHS organisations, and how confidentiality is maintained.
What is personal data?
Personal data is information about a living, identifiable individual. Therefore, your personal data is any information that can be attributed to you personally, including your name, weight, height, date of birth, health conditions and treatments you receive. So long as you can be identified from that information, it becomes your personal data.
Organisations that use personal data must do so in line with the provisions of the Data Protection Act 1998. The Act applies to personal data held in both electronic and physical media.
An example of the types of personal data that the MC uses are:
· Name, address, date of birth, NHS Number and next of kin
· Contact information i.e. telephone number
· Contacts we have had with you such as Home visits
· Details of diagnosis and treatment
· Allergies and physical or mental health conditions
· Racial or Ethnic Origin
· Religious or other beliefs of a similar nature
· Offences, criminal proceedings, outcomes and sentences.
· Family, lifestyle and social circumstances
· Education and training details
· Employment details
· Financial details
Why MC collect information about you
MC may need to keep records about the health care and treatment you receive as one of our Clients. This helps to ensure that you receive the best possible care from MC and that full information is readily available if you see a doctor or a district nurse or are referred to a specialist or another part of the Health care network e.g. NHS.
MC also keep records relating to staff, for the purpose of appointments or removals, pay, discipline, pension, work management or other personnel matters. This is to ensure that employment at MC is managed to a high standard and that staff are provided with the information and training required to carry out their role.
MC may use personal data for the following purposes:
· To prepare statistics on MC performance
· To audit MC Services
· To monitor and contribute to MC accounts.
· To plan and manage the MC service
· To teach and train MC employees
· To conduct health research and development
This helps you because:
· Accurate and up to date information assists MC in providing clients with the right care
· Full information is readily available if you see another health care professional and are referred to a specialist or another part of the NHS.
· Accurate and up to date information assists us in providing staff with the information and training required to carry out their role in MC.
Data Protection Act 1998
All of the personal data that MC collect and use is handled in accordance with the Data Protection Act principles. These state that:
· MC must satisfy lawful conditions in order to use personal data. (These conditions include, but are not limited to, obtaining consent from the individual to use their personal data; and/or needing the personal data to protect someone from serious harm; and/or using the personal data in order to exercise one of our statutory duties)
· MC must let individuals know why they are using their personal data.
· MC must use the personal data in a manner compatible with that purpose.
· MC must only use the personal data that is relevant to the purpose; i.e., not obtain or use more than needed.
· MC must keep your personal data accurate and up-to-date.
· MC must not keep your personal data longer than is necessary
· MC must use in line with your Data Protection rights; for example, the right to obtain a copy of the personal data held about you.
· MC must keep your personal data safe and secure.
· MC must only transfer your personal data outside of the European Economic Area if we have ensure that adequate safeguards are in place.
· Organisations that process personal data must register as a 'Data Controller', and notify the Information Commissioner (ICO) why they need to process the data.
Managed Care Ltd is the Data Controller (registration number is 3797882) of personal information that is collected by MC to help provide and manage healthcare to our clients and relating to the employment of staff. Full details of all the purposes to which data may be used are listed at the ICO website.
Who do MC share personal data with?
MC share data with a range of organisations. MC will always endeavour to share the minimum amount of personal data required, even anonymising data where possible. However, there will be some instances where personal data will need to be shared with other organisations for the purposes of caring for a client. In such instances MC will need to ensure that the information shared is adequate so that the client is properly cared for.
MC may share personal data with the following organisations for the purposes of delivering or improving healthcare, or where there is a legal requirement for us to do so:
· Clinical commissioning groups
· Health authorities
· Other NHS organisations
· General practitioners (GPs)
· Community staff/District Nurses
· Child and adult safeguarding services
· Ambulance services
· Care Quality Commission
· Social services
· Education services
· Local authorities
· Department for Work & Pensions
· Voluntary sector providers and private sector providers.
How long do MC retain your records?
All MC records are destroyed in accordance with the National Retention Schedule, which sets out the appropriate length of time each type of MC record is retained. MC do not keep your records for longer than necessary.
All records are destroyed confidentially once their retention period has been met, and MC has made the decision that the records are no longer required. For more information please see the Record Management Code for Practice for Health and Social Care 2016.
How do MC keep your personal data safe and secure?
MC are committed to securing your personal information from unauthorised access, use or disclosure. MC secure the personal data you provide on a computer server in a controlled, secure environment. MC also train staff and have policies and procedures in place so that everyone working in MC is aware of the high standards expected of them to adhere to when handling your personal data.
Everyone working for MC is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised and consent given by the individual to whom the information relates, unless there are other circumstances covered by the law.
Under the MC Confidentiality Code of Conduct, all staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. This will be noted in your records.
Information sharing with non-MC organisations
For your benefit, MC may also need to share information from your health records with non-MC organisations, from which you are also receiving care, such as social services or other private healthcare organisations. This information is only routinely shared with data processors with whom MC have written contracts to undertake work.(eg: CHC for End of Life) These non-MC organisations are not allowed to use the data for their own purposes.
Where there is no written contract MC will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.
Where patient information is shared with other non-MC organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.
These non-MC organisations may include, but are not restricted to: CHC, NHS social services, education services, local authorities, the Police, voluntary sector providers and private sector providers.
MC do not sell, rent or lease its customer lists to third parties. From time to time MC may contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, MC may share data with trusted partners to help us perform statistical analysis, send you email, postal mail and/or appointment reminders, provide customer support or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to MC, and they are required to maintain the confidentiality of your information.
Managed Care Ltd uses the following third party organisations/providers to assist in the delivery of IT services:
· Systems used by the NHS and it is encrypted
· Charles Hinitt Accountants
· Independent IT professionals for the support with MC systems.
Note: This list is not exhaustive of all third party organisations used by MC. Information may sometimes be shared with system suppliers for the purposes of maintenance.
MC web sites use electronic forms. These forms enable you to give us feedback about the web site, to feedback about specific activity MC is involved in; to feedback as part of a formal consultation; to take part in fundraising activities or giving; to register for an event or activity; to register interest as a member or Volunteer.
Where MC are asking for personal information we will always ask you to acknowledge acceptance and understanding of this Fair Collection/Privacy Notice, before the electronic form can be submitted.
Managed Care Ltd may also use your personally identifiable information to inform you of other products or services available from MC and its affiliates. MC may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
MC keeps track of the Web sites and pages our customers visit in order to determine which of our services are the most popular. This data is used to deliver customised content and advertising within to customers whose behaviour indicates that they are interested in a particular subject area. You have the right to refuse / withdraw consent to direct marketing at any time.
MC Podiatry Web site uses "cookies" to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalise pages, or register with healthcare website or other services, a cookie helps to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same site, the information you previously provided can be retrieved, so you can easily use the features that you customised.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Web sites you visit.
MC may use your details to contact you with patient satisfaction surveys relating to services you have used. This is to improve the way we deliver healthcare to you, our client.
Your right to withdraw consent for us to share your personal information
You have the right to refuse / withdraw consent to information sharing at any time. The possible consequences will be fully explained to you and could include delays in receiving care.
Can I see my information?
Under the Data Protection Act 1998 a person may request access to information (with some exemptions) that is held about them by an organisation. This is known as the Right of Subject Access. If you require access to your health records you must make a written request to a Director of Managed Care Ltd depending on where and when you were seen:
For more information about how you can access your records please visit
www.healthit.gov/patients-families/faqs/how-can-i-access-my-health-informationmedical-record for independent advice.
MC can only provide access to information it holds. For example to see the records held by your GP you have to contact the surgery.
The Access to Health Records Act 1990 also allows access, in certain circumstances, to information that we hold on deceased patients.
Raising a concern
If you have a concern about any aspect of your care or treatment with this company as a client or a member of staff, or about the way your records have been managed, please contact the Director.
Additionally, you have a right to complain to the Information Commissioner if ever you are unsatisfied with the way MC has handled or shared your personal information:
Information Commissioner's Office
Cheshire SK9 5A
Tel: 0303 123 1113 (or 01625 545745 or 44 1625 545745 if calling from overseas)
Fax: 01625 524510
Changes to this statement
Managed Care Ltd will occasionally update this Statement of Privacy to reflect company and customer feedback. MC encourages you to periodically review this Statement to be informed of how MC is protecting your information.
Managed Care Ltd welcomes your comments regarding this Statement of Privacy. If you believe that this Statement has not been adhered to, please contact MC. MC will use commercially reasonable efforts to promptly determine and remedy the problem.
Gillian Gibson BSc (Hons) Podiatry, RGN
Managed Care ltd and Podiatry