How we use your information
Millbrook Healthcare Limited uses personal and confidential information for a number of purposes. This Privacy Notice provides a summary of how we use your information. To ensure that we process your personal data fairly and lawfully we are required to inform you:
• why we need your data
• how it will be used
• who it will be shared with
This information also explains what rights you have to control how we use your information. The law determines how organisations can use personal information. The key pieces of legislation are the Data Protection Act 1998, the Human Rights Act 1998, relevant health service legislation and the common law duty of confidentiality.
Within this page, we describe instances where Millbrook Healthcare Limited is the “Data Controller”, for the purposes of the Data Protection Act 1998 and where we direct or commission the processing of service user data to help deliver better wheelchair, community equipment, assistive technology and home improvement agency services. Millbrook Healthcare Limited recognises the importance of protecting personal and confidential information in everything that we do and takes great care to meet its legal duties.
What information do we collect about you?
We only collect and use your information for the lawful purposes of administering the business of Millbrook Healthcare Limited. These purposes include:
• accounting and auditing
• accounts and records
• crime prevention and prosecution of offenders
• health administration and services
• staff administration
What types of personal data do we handle?
We process personal information to enable us to support the provision of healthcare services to service users, maintain our own accounts and records, promote our services, and to support and manage our employees.
We also use information to support and monitor the services we are commissioned to provide to enable the delivery of high quality healthcare. The types of personal information we use include:
• personal details such as names, addresses, telephone numbers
• family details (e.g. next of kin details)
• education, training, mostly frequently of clinicians such as OTs
• employment details, for example for those that work for us either directly
• visual images, personal appearance and behaviour (e.g. if CCTV images are used as part of building security)
• details held in the service user’s record
• responses to surveys, where individuals have responded to surveys about the services we provide
We also process sensitive classes of information that may include:
• racial and ethnic origin
• offences (including alleged offences), criminal proceedings, outcomes and sentences
• trade union membership
• religious or similar beliefs
• employment tribunal applications, complaints, accidents, and incident details
This information will generally relate to our staff, covered by the Privacy Notice for Staff, or for those health care professionals we manage. In terms of patient information, information may also include physical or mental health details.
How will we use information about you?
Your information is used to run and improve the quality of services we provide. It may be used to:
• check and report on how effective Millbrook Healthcare and the services it provides has been
• investigate complaints, legal claims or incidents
• review the care given to make sure it is of the highest possible standard
• improve the efficiency of healthcare services, by sharing information with other organisations (e.g. NHS and local authority commissioners) for a specific, justified purpose and approved by Millbrook Healthcare’s Caldicott Guardian.
We may keep your information in written form or on a computer. Whenever possible, all information that identifies you will be removed.
Sharing your information
There are a number of reasons why we share information. This can be due to:
• our obligations to comply with current legislation
• our duty to comply with a Court Order
• you having consented to disclosure
Millbrook Healthcare is responsible for protecting the public funds it receives in the provision of wheelchair, community equipment, assistive technology and home improvement agency services. To do this, we may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
We will only retain information for as long as necessary. Records are maintained in line with the our retention schedule and NHS best practice which determines the length of time records should be kept.
Security of your information
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether electronic or on paper.
We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of service user information and service user confidentiality.
All staff are required to undertake information governance training and are provided with information governance guidance that they are required to read, understand and agree to adhere to. The guidance ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person identifiable and confidential information.
All our staff are also required to protect your information and inform you of how your information will be used. This includes allowing you to decide if and how your information can be shared.
All our employees are subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.
How you can access your personal information
The Data Protection Act 1998 gives you the right to see the information that NHS England holds about you and why. Requests must be made in writing and you will need to provide:
• adequate information (e.g. full name, address, date of birth, NHS number, etc.) so that your identity can be verified and your information located
• an indication of what information you are requesting to enable us to locate this in an efficient manner
A request for information can be made to your local Millbrook Healthcare service or, alternatively, it can be made to the Integrated Governance Team at firstname.lastname@example.org
Requests can also be sent via post to: Integrated Governance, Millbrook Healthcare Ltd, Calmore Industrial Park, Nutsey Lane, Totton, Hampshire, SO40 3XJ.
Where a fee is applicable under the terms of the Data Protection Act and subsequent legislation, we will inform you in writing. We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 40 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know.