Website Privacy and Cookie Policy

What type of information we collect?

 

We do not use this website for commercial purposes but rather to inform our patients of the services that Harthill PCN delivers or plans to deliver and also to allow members of our practices to access the policies and protocols (members only section).  Even so we are advising you of our privacy/cookie policy because you have a right to know what may occur in particular instances.

We may receive, collect and store any information you enter on our website when you complete a form (such as feedback form) - or when you sign up as a member of Harthill PCN team or which you provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

None of this information is used by us for any commercial purposes and we do not sell r pass you information to any third parties. We only collect personally identifiable information (including name, email, password, communications), comments, feedback, personal profile when you enter data into an embedded form. We do not otherwise track or collect personal data for any purpose other than providing our primary care network services.

How do we collect information?

When you complete a form or sign up as a team member on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.

Why do you collect such personal information?

We collect such Non-personal and Personal Information for the following purposes:

  1. To provide and operate the website

  2. To provide our PCN members with ongoing technical support;

  3. To be able to contact our PCN members with general or personalized service-related notices and messages;

  4. To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we may use to provide and improve our services; 

  5. To comply with any applicable laws and regulations.

How do we store, use, share and disclose our site visitors' personal information?

Our network website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to inform patients and members within Harthill PCN our services. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. 

How do we communicate with our site visitors?


We may contact Harthill PCN team members to notify them regarding their account or to troubleshoot problems with their account. We may contact any site visitor to poll their opinions through surveys or questionnaires, to send updates about our network services or as otherwise necessary applicable with national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.

Cookies

How do we use cookies and other tracking tools?

Cookies are small pieces of data stored on a site visitor's browser. They are typically used to keep track of the settings users have selected and actions they have taken on a site.

We do not intentionally place or use tracking cookies or any other personal data gathering cookies on our website - excepting that some third party applications such a Google Analytics or other applications employed through our use of Wix App Market may place cookies or use other tracking technologies through Wix´s services. These third parties may have their own policies regarding how they collect and store information. As these are external services, such practices are not covered by the our Privacy Policy.

Wix.com uses cookies for important reasons, such as:

  • To provide a great experience for your visitors and customers.

  • To identify your registered members (users who registered to your site).

  • To monitor and analyse the performance, operation and effectiveness of Wix's platform.

  • To ensure our platform is secure and safe to use. 

The following links explain how to access cookie settings in various browsers:


To opt out of being tracked by Google Analytics across all websites, visit this link: http://tools.google.com/dlpage/gaoptout.

How can our site visitors withdraw their consent?

If you don’t want us to process your data anymore, please contact us at Harthill PCN Webmaster email or send us a letter to: Harthill PCN Webmaster. Willerby Surgery. 45 Main Street. Willerby HU10 6BP  

 

Privacy policy updates


We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

 

Questions and your contact information


If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at Harthill PCN Webmaster emaior send us mail to: Harthill PCN Webmaster. Willerby Surgery. 45 Main Street. Willerby HU10 6BP

 

Data Protection Officer (DPO)

 

Harthill PCN has appointed Barry Jackson, Head of Information Governance at N3i (who are our Information Governance advisers and IT providers) to be our Data Protection Officer. The primary role of the DPO is to ensure that our processing of the personal data of our staff, patients, providers or any other individuals, also referred to as data subjects, is in compliance with the applicable data protection rules..

General Data Protection Regulations

The GDPR requires us to process data ‘fairly’ and in a ‘transparent manner’ which is ‘easily accessible and easy to understand’. This means that we must provide information about how Harthill PCN processes personal data in the form of ‘privacy notices’. If our network services involve the use and access of patient records from one or more of our constituent member practices the relevant privacy notice below applies.

Our Privacy Notice

How we use your medical records - Important information for patients

  • This network may handle medical records in-line with laws on data protection and confidentiality

  • We share medical records with those who are involved in providing you with care and treatment. 

  • In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill. 

  • We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.  

  • You have the right to be given access to your medical record

  • You have the right to object to your medical records being shared with those who provide you with care. 

  • You have the right to object to your information being used for medical research and to plan health services.  

  • You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. Y

  • Your medical records are held by your registered practice and not by Harthill PCN - any information we create about you as a patient will be recorded in your medical record and access will be able to be gained by approaching your registered practice.

Other important information about how your information is used to provide healthcare

  • All patients who receive NHS care are registered on a national database.  

  • This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.  

  • The database is held by NHS Digital and how it uses information can be found at: https://digital.nhs.uk/home , a national organisation which has legal responsibilities to collect NHS data. 

More information can be found at: https://digital.nhs.uk/home or the phone number for general enquires is 0300 303 5678

Identifying patients who might be at risk of certain diseases

 

  • Your medical records may be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital. 

  • This means we can offer patients additional care or support as early as possible and create network services specifically aimed at particular groups of patients.  

  • This process will involve linking information from your GP record with information from other health or social care services you have used 

 

Safeguarding

  • Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm. 

  • These circumstances are rare. 

  • We do not need your consent or agreement to do this.

LEGAL STUFF

Below are the four legal sections of information we are obliged tell you about in respect of the handling of your information for the purposes our providing you with a health care service. These cover the four areas described above

  1. Provision of direct healthcare 

  2. Medical research and clinical audit 

  3. Legal requirements to share 

  4. National screening programmes.  

Data Controller contact details are available to patients from your registered GP practice 

This network has appointed Barry Jackson to be the Data Protection Officer (DPO)

We are required by law to provide you with the following information about how we share your information for provision of direct healthcare 

Purpose  of the processing  

  

   To give direct health or social care to individual patients.   

  

For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.  

      To check and review the quality of care. (This is called audit and clinical governance).  

Lawful basis for processing  

  

These purposes are supported under the following sections of the GDPR:  

Article  6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and   

Article 9(2)(h)‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”   

  

Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.  

Recipient or categories of recipients of the processed data  

  

   The data will be shared with:   

·    healthcare professionals and staff in this surgery;  

·    local hospitals;  

·    out of hours services;   

·    diagnostic and treatment centres;   

·    or other organisations involved in the provision of direct care to individual patients including national screening bodies; 

·     medical research and clinical audit/risk stratification providers as above; 

  

Rights to object  

  

·  You have the right to object to information being shared between those who are providing you with direct care.   

·   This may affect the care you receive – please speak to the practice.   

 ·         You are not able to object to your name, address and other demographic               

           information being sent to NHS Digital.   

 ·         This is necessary if you wish to be registered to receive NHS care.  

 ·         You are not able to object when information is legitimately shared for  

           safeguarding reasons.   

 ·         In appropriate circumstances it is a legal and professional requirement to  

           share information for safeguarding reasons. This is to protect people from 

           harm.   

 ·         Such information will be shared with the local safeguarding service of the East

            Riding of Yorkshire Council and the Named Safeguarding Doctor/Nurse 

  

Right to access and correct  

·     You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website Your Medical Records 

We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.  

  

Retention period 

  

GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 

Right to complain 

  

You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/or call the helpline 0303 123 1113  

Data we get from other organisations 

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.  

  

We are required by law to provide you with the following information about how we share your information for medical research and clinical audit purposes. 

Purpose  of the processing  

  

Medical research and to check the quality of care which is given to patients (this is called national clinical audit).  

Lawful basis for processing  

  

The following sections of the GDPR mean that we can use medical records for research and to check the quality of care (national clinical audits)  

  

Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.  

  

For medical research: there are two possible Article 9 conditions.  

Article 9(2)(a) – ‘the data subject has given explicit consent…’  

OR  

Article 9(2)(j) – ‘processing is necessary for… scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member States law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject’.   

  

To check the quality of care (clinical audit):  

Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’  

  

Recipient or categories of recipients of the processed data  

  

For medical research the data will be shared with EMIS Clinical Systems QSurveillance programme and risk stratification programme. 

For national clinical audits which check the quality of care the data will be shared with NHS Digital.   

  

Rights to object and the national data opt-out  

  

You have a choice about whether you want your confidential patient information to be used for national clinical audits. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.   

To find out more or to register your choice to opt out, please visitwww.nhs.uk/your-nhs-data-matters.  On this web page you will: 

  •       See what is meant by confidential patient information 

  •       Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care 

  •       Find out more about the benefits of sharing data 

  •       Understand more about who uses the data 

  •       Find out how your data is protected 

  •       Be able to access the system to view, set or change your opt-out setting 

  •       Find the contact telephone number if you want to know any more or to set/change your opt-out by phone  

  •       See the situations where the opt-out will not apply 

 

You can also find out more about how patient information is used at: 

https://www.hra.nhs.uk/information-about-patients/  (which covers health and care research); and 

https://understandingpatientdata.org.uk/what-you-need-know  (which covers how and why patient information is used, the safeguards and how decisions are made) 

 

 You can change your mind about your choice at any time. 

 

Data being used or shared for national purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement. 

 

Health and care organisations have until 2020 to put systems and processes in place so they can apply your national data opt-out choice. Our organisation is not currently able to apply your national data opt-out choice to any confidential patient information we may use or share with other organisations for purposes beyond your individual care 

  

Right to access and correct  

·     You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our policy on the practice website Your Medical Records

  • We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

  •   

Retention period 

  

GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at:  https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016   

or speak to the practice. 

  

Right to complain 

  

You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this linkhttps://ico.org.uk/global/contact-us/   or call the helpline 0303 123 1113 

  

We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data. 

 

Purpose  of the processing  

  

Compliance with legal obligations or court order.  

 

Lawful basis for processing  

  

The following sections of the GDPR mean that we can share information when the law tells us to.  

  

Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’  

  

Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’  

Recipient or categories of recipients of the processed data 

·         The data will be shared with NHS Digital.  

·         The data will be shared with the Care Quality Commission. 

·         The data will be shared with our local health protection team or Public    

           Health England.   

·         The data will be shared with the court if ordered.  

Rights to object and the national data opt-out   

  

There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.  

  

NHS Digital  

·      You have the right to object to information being shared with NHS Digital for reasons other than your own direct care.   

·     This is called a ‘Type 1’ objection – you can ask your practice to apply this code to your record.   

·     Please note: The ‘Type 1’ objection, however, will no longer be available after 2020.   

·     This means you will not be able to object to your data being shared with NHS Digital when it is legally required under the Health and Social Care Act 2012. 

  

The national data op-out model is intended to provide you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons. 

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters

  

Public health  

·     Legally information must be shared under public health legislation. This means that you are unable to object.  

  

Care Quality Commission  

·     Legally information must be shared when the Care Quality Commission needs it for their regulatory functions. This means that you are unable to object. 

  

Court order  

·     Your information must be shared if it ordered by a court. This means that you are unable to object.  

Right to access and correct  

·     You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our policy on the practice website Your Medical Records

  • We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.  

Retention period 

  

GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016   

or speak to the practice. 

  

Right to complain 

  

You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/   or call the helpline 0303 123 1113 

  

  

We are required by law to provide you with the following information about how we handle your information in relation to our legal obligations to share data for national screening programmes. 

 

Purpose  of the processing 

  

·     The NHS provides several national health screening programmes to detect diseases or conditions early such as cervical and breast cancer, aortic aneurysm and diabetes.  

  

·     The information is shared so that the correct people are invited for screening. This means those who are most at risk can be offered treatment. 

  

Lawful basis for processing 

  

The following sections of the GDPR allow us to contact patients for screening.  

  

Article 6(1)(e) – ‘processing is necessary…in the exercise of official authority vested in the controller...’’  

  

Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’ 

Recipient or categories of recipients of the processed data 

  

The data will be shared with Public Health England 

https://www.gov.uk/topic/population-screening-programmes

Rights to object

  

For national screening programmes: you can opt so that you no longer receive an invitation to a screening programme.   

See:  https://www.gov.uk/government/publications/opting-out-of-the-nhs-population-screening-programmes    

  

Right to access and correct

·     You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of your registered practices staff.

We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view. 

Retention period 

  

GP medical records will be kept in line with the law and national guidance.   

Information on how long records can be kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016   

or speak to the practice.

  

Right to complain 

  

You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this linkhttps://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113  

  

Data we get from other organisations

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.