Kernow Health CIC is committed to ensuring that any information it collects and retains to deliver services is kept safe and secure and in line with the Data Protection Act 2018 which encompasses the General Data Protection Regulations (GDPR). Any personal information collected and processed by us: and that personal information:
- Must be processed fairly and lawfully
- Must be obtained for one or more specific and lawful purposes and only processed in a manner compatible with them
- Must be adequate, relevant and not excessive for the purposes it is intended for
- Must be accurate and where necessary kept up to date
- Shall not be kept for longer than necessary
- Must be processed in accordance with the data subject’s rights
- Must be kept secure
- Must not be transferred outside of the European Economic Area unless there is adequate protection for the rights of data subjects.
Kernow Health CIC will also adhere to the 7 Caldicott Principles:
- Principle 1 – Justify the purpose for using confidential information
- Principle 2 – Don’t use personal confidential data unless it is absolutely necessary
- Principle 3 – Use the minimum necessary personal confidential data
- Principle 4 – Access to personal confidential data should be on a strict need- to- know basis
- Principle 5 – Everyone with access to personal confidential data should be aware of their responsibilities
- Principle 6 – Comply with the law
- Principle 7 – The duty to share information can be as important as the duty to protect patient confidentiality.
- General Data Protection Regulations (GDPR)
General Data Protection Regulations (GDPR)
The General Data Protection Regulations (GDPR) are EU Regulations that come in to force from 25th May 2018. These regulations will remain in place even when the UK has left the European Union. The GDPR places a further emphasis on organisations to keep personal data safe and secure, to be clear on why they are processing personal data and who this information is shared with.
Kernow Health is committed to ensuring that it meets all legislation and requirements in relation to data protection, and is working towards ensuring that it meets its duties in relation to the GDPR. This includes looking at:
- Appointing a Data Protection Officer
- Continually reviewing and updating our policies and procedures
- Reviewing our Information Asset Register – this is a register that lists all databases that hold information, whether corporate or patient information, and how this information is used and kept secure.
- Ensuring that there are Data Protection Impact Assessments in place where it has been determined that the information being processed is high risk due to the amount of, or sensitivity of the information. A Data Protection Impact Assessment Policy is now in place.
- Ensuring that privacy notices are included on documentation where this will require personal information to be processed
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. At the bottom of this page you will find our policies that show our commitment in ensuring people’s personal information is safe:
- Information Governance Policy
- Data Protection Impact Assessment Policy
- Confidentiality Policy
Accessing information we hold about you (Subject Access Requests (SAR))
If you are receiving or have received a service from Kernow Health and would like to know what information we hold, you have the right to ask us to provide that information to you. This is known as a Subject Access Request (SAR). There is no fee for this, however if further requests are made for the same information within a short time period or the requests become excessive then there may be an admin fee for this.
To be able to provide you with that information we will need to confirm your identity. Should you be asking on behalf of someone else, then we would also need to see proof that you are able to act on that person’s behalf e.g. Power of Attorney.
How we use your information
Kernow Health CIC is committed to ensuring that your privacy is protected. However, where you are receiving a service from Kernow Health CIC, we are required to share that information with other organisations that are part of your care and treatment, e.g. with your GP Practice to ensure that your health records are accurate and up to date.
We may also use your information to inform, improve and maintain the services that we are delivering. This information may be included in reports that are used by Kernow Health CIC in order to show how we are improving and maintaining services. However, any patient identifiable information (information that can identify an individual) will be removed and anonymised to preserve your privacy and confidentiality.
We may contact you to ask you about the service you have received from Kernow Health CIC. This information will only be used to help to improve services but all information contained within these surveys will be treated anonymously and confidential.
We will not sell, distribute or lease your information to any third parties unless we have your permission to do so.
For more information on how we use your information please contact Maria Harvey, Acting Data Protection Officer (DPO) on 01872 221102 or email Enquiries.firstname.lastname@example.org