Fair Processing Policy
This document is aimed at people using the services of New Victoria Hospital (NVH). It is an explanation of why the hospital needs to collect your personal data, how it is stored, how long it is kept and who it is shared with. The document also outlines your rights regarding your personal data and who to speak to if you have any concerns regarding the management of your data at the hospital. Information regarding the hospital’s CCTV system, telephone system and information collected on our website is also included.
Why NVH needs your Personal Data
In order to provide a health service to you, NVH will request your permission to record and process your contact details, demographic details and health details. The hospital needs this information in order to provide your medical care as well as being able to contact you regarding your treatment and your invoices. The hospital will not be able to treat you if you, or somebody on your behalf are not able to provide consent for processing your personal information.
What NVH does with your Data
Your demographic details are used for the purpose of communicating with you. The hospital will use information such as your age and sex to determine the most appropriate treatment for you and to ensure that scientific information such as blood results are performed and reported accurately.
Where and how NVH keeps your Personal Data
All personal data held by the hospital is kept on site and in a secure storage facility. Electronic data is protected by the use of access control, data encryption and a robust network security regime. Paper documents that include personal information are kept securely locked away.
How long will NVH keep your Personal Data
The hospital is required to keep medical records for the amount of time specified in the Records Management Code of Practice for Health and Social Care 2016. With some exceptions, medical records for adults will be stored for a minimum of eight years. Medical records for patients seen, while under the age of 17, will be kept until they are 25 years old. Medical records of patients 17 years old will be kept until their 26th birthday.
Who NVH shares your personal data with
If necessary, NVH will share your information with:
- your consultant
- your GP
- other healthcare professionals and organisations such as laboratories involved in your care
- Your medical insurance company and our debt collection agency if necessary
- regulatory healthcare organisations such as the National Joint Registry if appropriate
- The NHS Personal Demographic Service (PDS) as a point of tracing demographic information for reporting to PHIN
- Howard Warwick Associates for the purpose of collecting limited information of your recovery process after your operation.
The hospital will not share any of your information without a lawful reason to do so unless it is thought to be in the best interest of a child or vulnerable adult. In this instance when there are concerns re a child or vulnerable adult’s safety and wellbeing personal data will be shared on a need to know basis. The process of sharing will always be as secure as possible. Information is not shared with organisations outside the European Economic Area.
Your rights regarding your personal data
The General Data Protection Regulation allows you the following rights:
- The right to be informed about what personal data is kept, where and how it is processed and who it is shared with. This information is provided to you in the hospital’s registration form where permission to process your data is requested and in this document.
- The right to access a copy of your personal information verbally or in writing. If you do request a copy of your information it will be provided to you in electronic or paper format within one month of requesting the information. You will not be charged for receiving this information.
- The right to rectification of your personal data held by the hospital. If you request a change to your data NVH will make the changes within one month of your request.
- The right to have your data erased. This right is not absolute and will only apply if the hospital is able to do so without breaking other laws that the hospital must abide by. If it is possible to erase your data it will be done so within one month of receiving your request.
- The right to restrict the hospital processing your data. This is not an absolute right and only applies in certain circumstances. Where NVH is able to comply with a request to restrict processing it retain your personal data but do not process it.
- The right to data portability. This right applies only to the data you have provided. If you request a copy of your personal information for your own purposes, the hospital will give you the data in either paper or electronic format. Do/should we charge
- The right to object to the hospital processing your personal data. You have the absolute right to object to the hospital using your personal data for direct marketing purposes.
- Rights related to automated decision making including profiling. This right relates to processes where decisions are made solely by automated means without any human involvement. Although the hospital has no automated decisions process it is obliged to inform you of this right.
Please, email our data protection officer at email@example.com if you would like to exercise any of these rights.
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime. The information processed includes visual images, personal appearance and behaviours. This information may include images of employees, patients, consultants and members of the public entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves or the police.
All telephone calls are recorded.
New Victoria Hospital website
Your personal details will be collected when completing a booking or enquiry form on newvictoria.co.uk. The data collected is encrypted and password protected. Data can only be accessed via a secure/encrypted internet connection. Data is held on the website until your query has been responded to and then deleted.
Privacy Details for GPs and Allied Health Professionals
What NVH does to ensure your personal data is secure
NVH is registered with the Information Commissioner’s Office (ICO) as a data controller. The hospital’s registration number is Z7354295.
In order to keep your data secure the hospital abides by, and is accredited for the following standards:
ISO27001 (includes an annual external audit by the British Assessment Bureau).
NHS Data Protection Security Toolkit (includes an annual review)
Payment Card Industry Data Security Standards (PCI DSS) (includes an annual review)
The hospital’s quality management system is ISO9001 accredited annually.
Reporting concerns regarding NVH’s management of your data
If you have any concerns regarding the management of your data please contact the hospital’s Data Protection Officer. You have a right to make a complaint to the ICO at any time.
Our Data Protection Officer can be emailed at firstname.lastname@example.org
Issue: May 2018
Review: May 2021