Carehome Selection Ltd (T/A CHS Healthcare) collects, stores and uses large amounts of personal and sensitive personal data every day, such as medical records, personal records and computerised information. This data is used by us in the course of our work.
We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
At Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and our Chief Executive Officer Richard Newland is responsible for the management of patient information and patient confidentiality.
The General Data Protection Regulation (GDPR) 2018 requires the Organisation to process:
Personal data under 6(1)(f) “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Article 6(1)(a)” The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Sensitive personal data
(Health Records) under 9(2)(h) – “Necessary for the reasons of preventative or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”
All our staff involved in providing you with our services will keep records about you and any advice you receive from us. These records help to ensure that you receive the best possible advice and care. Those records may be paper or electronic and they may include:
It is essential that your details are accurate and up to date. You can always check that your personal details are correct when we visit you or when you speak to us. Please inform us of any changes to your contact details as soon as possible. This minimises the risk of you not receiving important correspondence or other communications from us.
By providing us with your contact details, you are agreeing to us using those channels to communicate with you about your healthcare or care needs, i.e. by letter (postal address), by voice mail or voice message (telephone or mobile number), by text message (mobile number) or by email (email address).
In general, your records are used to direct, manage and deliver the advice and care that you receive or may need and this is to ensure that:
Occasionally CHS Healthcare holds names and addresses (including email addresses) of non-customers who it is thought may be interested in our products and services.
In these circumstances, where we have your consent, we’ll let you know by email or post of the products or services we believe may be of interest. If we don’t already have your consent, we’ll tell you about our products and services by post in accordance with our legitimate interests to promote our business. You have the right to opt out of this marketing at any time, by following a link on the email or by contacting our New Business Development Manager Wendy Hawkins on 0121 362 8844.
This Records Management Code of Practice for Health and Social Care 2016 is a guide for the NHS to use in relation to the practice of managing records. It is relevant to organisations who work within, or under contract to NHS organisations in England and this includes CHS Healthcare.
The Code is based on current legal requirements and professional best practice. It will help organisations to implement the recommendations of the Mid Staffordshire NHS Foundation Trust Public Inquiry1 relating to records management and transparency.
All patient records are destroyed in accordance with the NHS Records Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained.
CHS Healthcare does not keep patient records for longer than necessary and all records are destroyed confidentially once their retention period has been met, and the Organisation has made the decision that the records are no longer required.
We share information about you with others directly involved in your care or advice that we give to you about your care; and share more limited information for indirect care purposes, both of which are described below:
Everyone working within our Organisation and the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us also has a legal duty to keep it confidential.
Direct Care Purposes
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information.
Indirect Care Purposes:
We also use information we hold about you to:
Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be de-identified first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and NHS Digital’s websites:
CHS Healthcare staff and everyone working in Health and Social Care has a legal duty to keep information about you confidential and anyone who receives information from us is also under a legal duty to keep it confidential.
From time to time we may need to share information with other professionals and services concerned in your care. This may be for instance, when your healthcare professional needs to discuss your case with other professionals (who do not work for the Organisation) in order to plan your care. We do this in order to provide the most appropriate advice, treatment and support for you and your carers, or when the welfare of other people is involved. We will only share information in this way if we have your permission and it is considered necessary.
There may be other circumstances when we must share information with other agencies. In these rare circumstances we are not required to seek your consent.
Examples of this are:
Under the General data Protection Regulation
Under the General Data Protection Regulation (GDPR)
You have the right to restrict how and with whom we share information in your records that identifies you. If you object to us sharing your information we will record this explicitly within your records so that all healthcare professionals and staff involved with your care are aware of your decision. If you choose not to allow us to share your information with other health or social care professionals involved with your care, it may make the provision of treatment or care more difficult or unavailable.
Please discuss any concerns with the member of staff advising you so that you are aware of any potential impact. You can also change your mind at any time about a disclosure decision.
The possible consequences of refusing consent will be fully explained to you at the time, and could include delays in receiving our advice or care.
In those instances where the legal basis for sharing of confidential personal information relies on the your explicit or implied consent, then you have the right at any time to refuse your consent to the information sharing, or to withdraw any consent previously given.
In instances where the legal basis for sharing information without consent relies on HRA CAG authorisation under Section 251 of the NHS Act 2006, then you have the right to register your objection to the disclosure, and CHS Healthcare are obliged to respect your objection.
In instances where the legal basis for sharing information relies on a statutory duty/power, then the patient cannot refuse or withdraw consent for the disclosure.
When using our services, you may be asked to confirm that we have an accurate contact number and mobile telephone number for you. This can be used to provide appointment details and other related information via SMS text messages.
Data Protection Legislation (GDPR 2018, DPA 2018) gives you a right to access the information we hold about you on our records. Requests must be made in writing to The Operations Manager, CHS Healthcare, 1 Wrens Court, 53 Lower Queen Street, Sutton Coldfield, West Midlands, B72 1RT. We will provide your information to you within one month (this can be extended dependent on the complexity of the request) from receipt of your application:
The Data Controller responsible for keeping your information confidential is:
Richard Newland, CHS Healthcare, 1 Wrens Court, 53 Lower Queen Street, Sutton Coldfield, West Midlands, B72 1RT
Data Protection Officer Contact – Helen McNae (Data Protection Officer), firstname.lastname@example.org CHS Healthcare, 1 Wrens Court, 53 Lower Queen Street, Sutton Coldfield, West Midlands, B72 1RT
People who have a concern about any aspect of their contact with CHS Healthcare, or about the way their records have been managed, should contact:
Jayne Skeates, Operations Manager, CHS Healthcare, 1 Wrens Court, 53 Lower Queen Street, Sutton Coldfield, West Midlands, B72 1RT
If you have any concerns about how we handle your information you have a right to complain to the Information Commissioners Office about it.
The GDPR 2018 requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, SK9 5AF
telephone number: 0303 123 1113
The Freedom of information Act 2000 provides any person with the right to obtain information held by the CHS Healthcare in certain circumstances and subject to a number of exemptions. If you would like to request some information from us, please contact: Jayne Skeates, The Operations Manager, CHS Healthcare, 1 Wrens Court, 53 Lower Queen Street, Sutton Coldfield, West Midlands, B72 1RT