Data Protection Act 2018 and UK General Data Protection Regulations (GDPR)
Kernow Health CIC is committed to ensuring that any information it collects and retains to deliver services is kept safe and secure and in line with the Data Protection Act 2018 and the UK General Data Protection Regulations (GDPR). Despite the UK leaving the EU where GDPR came into force in May 2018, these regulations were adopted and included in the Data Protection Act 2018 and are now known as the UK GDPR. As such Kernow Health CIC remains committed to ensuring that it meets all legislation and requirements in relation to data protection, and continues to meet its duties through the following but not limited to:
- Having a Data Protection Officer (DPO) in place
- Continually reviewing and updating our policies and procedures
- Reviewing our Information Asset Register – this is a register that lists all databases that hold information, whether corporate or patient information, and how this information is used and kept secure
- Ensuring that there are Data Protection Impact Assessments in place where it has been determined that the information being processed is high risk due to the amount of, or sensitivity, of the information.
- Ensuring that privacy notices are included on documentation where this will require personal information to be processed
Any personal information collected and processed by us:
- Must be processed fairly and lawfully
- Must be obtained for one (or more) specific and lawful purpose and only processed in a manner compatible with that purpose
- Must be adequate, relevant and not excessive for the purposes it is intended for
- Must be accurate and where necessary, kept up to date
- Shall not be kept for longer than necessary
- Must be processed in accordance with the data subject’s rights
- Must be kept secure
- Must not be transferred outside of the European Economic Area unless there is adequate protection for the rights of data subjects.
Kernow Health CIC will also adhere to the 8 Caldicott Principles:
- Principle 1 – Justify the purpose for using confidential information
- Principle 2 – Don’t use personal confidential data unless it is absolutely necessary
- Principle 3 – Use the minimum necessary personal confidential data
- Principle 4 – Access to personal confidential data should be on a strict need-to-know basis
- Principle 5 – Everyone with access to personal confidential data should be aware of their responsibilities
- Principle 6 – Comply with the law
- Principle 7 – The duty to share information can be as important as the duty to protect patient confidentiality.
- Principle 8 – Inform patients and services users about how their confidential information is used
How we use your information
Kernow Health CIC is committed to ensuring that your privacy is protected. However, where you are receiving a service from Kernow Health CIC, we are required to share that information with other organisations that are part of your care and treatment, e.g. with your GP Practice, to ensure that your health records are accurate and up to date. We may also use your information to inform, improve and maintain the services that we are delivering; this information may be included in reports. However, any patient identifiable information (information that can identify an individual) will be removed and anonymised to protect your privacy and ensure confidentiality.
We may contact you to ask you about the service you have received from Kernow Health CIC. This information will only be used to help to improve services, but all information contained within these surveys will be treated anonymously and confidentially. We will not sell, distribute or lease your information to any third parties unless we have your permission to do so.
For more information on how we use your information please contact Laura Manolchev, Data Protection Officer (DPO) on 01872 221104 or email: [email protected]
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. At the bottom of this page, you will find our policies that show our commitment to ensuring people’s personal information is safe.
Accessing information we hold about you (Subject Access Requests (SAR))
If you are receiving or have received a service from Kernow Health and would like to know what information we hold, you have the right to ask us to provide you with that information. This is known as a Subject Access Request (SAR). There is no fee for this however, if further requests are made for the same information within a short time period or the requests become excessive, then there may be an admin fee.
To be able to provide you with that information we will need to confirm your identity. Should you be asking on behalf of someone else, then we would also need to see proof that you are able to act on that person’s behalf e.g. Power of Attorney.
National Data Opt-out Policy
The National Data Opt-out Policy comes into force at the end of September 2021 for all organisations who deliver health and social care services. The National Data Opt-out Policy allows for individuals who are receiving care and treatment to have the option of not having their data used for other means other than to receive care and treatment, for example not for research purposes. If you do not want your data to be used for anything other than care and treatment please click on the link below:
Kernow Health CIC will not use or share your data other than to deliver care and treatment, and where data is required for planning purposes this will be anonymised data only as stated above in ‘How we Use Your Information’.