Skip to main content Skip to footer

Privacy Policy

Allied Health Professionals Suffolk Patient Privacy Statement
February 2023
1. Introduction
1.1 This notice is directed at patients who use our services. For information about the use of this website
more specifically, please see our website privacy notice.
1.2 We take your privacy seriously and we want to provide you with information about your rights, who
we share your information with and how we keep it secure.
2. Your Information
2.1 We are registered with the Information Commissioner’s Office as a Data Controller and our
registration number is Z3108099.
2.2 We aim to provide you with the highest quality health care. To do this we must keep records about
you, your health and the care we have provided or plan to provide to you.
2.3 These records may be stored in paper form or on computer and electronic systems and may include
Personal Data:
• basic details about you, such as address, date of birth, NHS number, and next of kin as well as
Sensitive Personal Data;
• contact we have had with you, such as clinical visits
• notes and reports about your health
• details and records about your treatment and care
• results of x-rays, laboratory tests etc
• information about your sexual life or home life
• information about ethnicity and religion
2.4 Healthcare providers are permitted to collect, store, use and share this information under Data
Protection Legislation which has a specific section related to healthcare information.
2.5 If you have any questions or wish to make a request in relation to your information, please contact
us using the details on our main page or contact our Data Protection Officer at
emma.cooper35@nhs.net
2.6 Our Data Protection Officer service is provided by Kafico Ltd. When we ask for their support, we will
aim to remove any reference to individual patients. Where this is not possible, we will use the
minimum necessary to allow us to obtain advice and support.
2.7 You can find out more about Kafico Ltd, including their privacy policy at
https://www.kafico.co.uk/privacy-policy
3. Children and Young People
3.1 Young people from aged 13 (and sometimes younger) are allowed to make decisions about how their
health information is shared.
3.2 A parent or guardian may apply for access to young person's information.
3.3 If a young person does not consent – we may not provide access to the parent or guardian.
3.4 If the young person does not have the capacity to understand, we may provide access to the parent
or guardian because it is in the young person's best interest to do so.
3.5 Young people can ask us to keep certain parts of their information confidential.
3.6 If the young person is making decisions about their information that puts them at risk – we may
notify adults with parental rights.
Allied Health Professionals Suffolk Patient Privacy Statement
February 2023
4. What We Do with Your Information?
• Obtain information about your health background so we can give you the right care
• Refer you to other healthcare providers when you need other service or tests
• Discuss or share information about your health or care with other health or social care providers
• Share samples with laboratories for testing (like blood samples)
• Share test results with hospitals or community services (like blood test results)
• Allow out of hours or extended hours GPs to look at your health information when you are going to
an appointment.
• Send prescriptions to a pharmacy.
• Text you in relation to healthcare services
• Provide your samples to the courier for delivery to pathology.
• Share reports with the coroner.
• Receive reports of appointments you have attended elsewhere such as with the community nurse
or if you have had a stay in hospital.
• Movement of your patient records to Primary Care Support England
• To confirm your identity, we send basic demographics (name, DOB, postcode, gender) to NHS
Digital to receive a full copy of patient demographics including NHS number.
5. What Else Do We Use Your Information For?
Along with activities related directly to your care, we also use information in ways which allow us to check
that care is safe and provide data for the improvement and planning of services:
• Quality / payment / performance reports are provided to service commissioners.
• As part of clinical research – information that identifies you will be removed, unless you have
consented to being identified.
• Undertaking clinical audits locally to ensure safety and efficiency.
• Partner with organisations that can support us to manage and analyse data so that we can report on
our activity and improve our care and performance.
• Supporting staff training
• Incident and complaint management
6. Who Do We Share Your Information With?
6.1 We will share your information with other health and care providers such as hospitals, care homes
and GP practices.
6.2 We also routinely share patient information as part of an MDT (Multi-Disciplinary Team). This is a
meeting attended by others involved in your care; the hospital, your GP, social workers, the social
care department of the local authority, for example.
6.3 During these meetings, we will share relevant information to ensure that we are able to give you the
best care.
6.4 If you have questions or any objections to Allied Health Professionals or other providers sharing
information in this way – do let us know.
6.5 Additionally, we use a number of providers who process your personal data on our behalf, and they
are all contractually bound to keep your information secure and use it only in the way we tell them.
Allied Health Professionals Suffolk Patient Privacy Statement
February 2023
Clinical System Provider Website
EMIS Web https://www.emishealth.com/products/emis-web
Systm One (TPP) https://www.tpp-uk.com/
Integrated Care Board Website
Suffolk and North East Essex ICB https://suffolkandnortheastessex.icb.nhs.uk/
Confidential Waste Services Website
Restore https://www.restore.co.uk/Datashred
Shred-It https://www.shredit.co.uk/en-gb/home
Health Software Website
AccurX https://www.accurx.com/
MJOG https://www.mjog.com/
E-Referrals https://digital.nhs.uk/services/e-referral-service
IT Service Providers Website
Astute Data Ltd http://www.astutedata.co.uk/
Nodescape Ltd
Protocopy www.protocopy.co.uk
East Suffolk and North East Essex
Foundation Trust (ESNEFT)
https://www.esneft.nhs.uk
Video Consultation Providers Website
Microsoft Teams https://www.microsoft.com/en-gb/
Other Providers Website
Survey Monkey https://www.surveymonkey.co.uk
Microsoft Forms https://www.microsoft.com/en-gb/
7. Sharing When Required by Law
Sometimes we will be required by law to share your information and will not always be able to discuss this
with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the
wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where
required by court order.
8. Care Quality Commission Access to Health Records
8.1 The CQC has powers under the Health and Social Care Act 2008 to access and use your health
information where it is necessary to carry out their functions as a regulator.
8.2 This means that inspectors may ask to look at certain records to decide whether we are providing
safe, good quality care.
Allied Health Professionals Suffolk Patient Privacy Statement
February 2023
8.3 More information about the CQC can be obtained on their website https://www.cqc.org.uk/aboutus/our-policies/privacy-statement
9. Information Rights
Data protection law provides you with a number of rights that the we are committed to supporting you with:
9.1 Right to Access
a) You have the right to obtain:
• Confirmation that your information is being used, stored or shared by us
• A copy of information held about you
b) We will respond to your request within one month of receipt or will tell you when it might take
longer.
c) We are required to validate your identity including the identity of someone making a request on your
behalf
9.2 Right to Object or Withdraw Consent
a) We mainly use, store and share your information because we are permitted in order to deliver your
healthcare but you do have a right to object to us doing this.
b) Where we are using, storing and sharing your information based on explicit consent you have
provided, you have a right to withdraw that consent at any time.
c) You can choose to opt out of sharing your confidential patient information for research and
planning. There may still be times when your confidential patient information is used: for example,
during an epidemic where there might be a risk to you or to other people’s health. You can also still
consent to take part in a specific research project.
d) Visit https://nhs.uk/your-nhs-data-matters to opt out
e) Our Data Protection Officer will be happy to speak with you about any concerns you have.
9.3 Right to Correction
a) If information about you is incorrect, you are entitled to request that we correct it
b) There may be occasions, where we are required by law to maintain the original information – our
Data Protection Officer will talk to you about this and you may request that the information is not
used during this time
c) We will respond to your request within one month of receipt or will tell you when it might take
longer.
9.4 Right to Complain
a) You also have the right to make complaints and request investigations into the way your information
is used. Please contact our Data Protection Officer or visit the link below for more information.
b) For more detailed information on your rights visit https://ico.org.uk/for-organisations/guide-to-thegeneral-data-protection-regulation-gdpr/individual-rights/
10. Information Technology
10.1 We will use third parties to provide services that involve your information such as:
• Removal and destruction of confidential waste
• Provision of clinical systems
Allied Health Professionals Suffolk Patient Privacy Statement
February 2023
• Provision of connectivity and servers
• Digital dictation services
10.2 Data analytics or warehousing (these allow us to make decisions about care or see how effectively
the organisation is run – personal data will never be sold or made available to organisations not
related to your care delivery)
10.3 We have contracts in place with these third parties that prevent them from using it in any other way
that instructed. These contracts also require them to maintain good standards of security to ensure
your confidentiality.
11. Keeping Your Information Safe
11.1 We are committed to ensuring the security and confidentiality of your information.
11.2 There are a number of ways we do this:
a) Staff receive annual training about protecting and using personal data.
b) Policies are in place for staff to follow and are regularly reviewed.
c) We check that only the minimum amount of data is shared or accessed.
d) We use restricted access to systems, this helps to ensure that the right people are accessing data –
people with a ‘need to know’
e) We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your
information.
f) We report and manage incidents to make sure we learn from them and improve.
g) We put in place contracts that require providers and suppliers to protect your data as well.
h) We do not send your data outside of the United Kingdom unless there are appropriate and lawful
safeguards in place
12. How Long Do We Keep Your Information?
12.1 In line with the Department of Health Code, we will retain / store your health record for your lifetime.
12.2 When a patient dies, we will send your record to Primary Care Services England review the record
and generally it will be destroyed 10 years later, unless there is a reason to keep it for longer.
12.3 If you move away or register with another provider, we will send your records to the new provider.
13. Our Use of CCTV
13.1 CCTV has been installed solely for the safety and security of our patients and staff / prevention of
crime, to prevent and deter crime.
13.2 Images are recorded 24 hours a day and stored on the hard drives of the recording devices that are
situated in secure areas and only the practice managers and those delivering technical support
services will have access to the system.
13.3 The CCTV only records images and does not record audio.
13.4 All CCTV recordings are stored on our recording devices for a limited time before being deleted.
13.5 There are signs in the practice telling you that CCTV is in place.
13.6 We will only ever share information with the relevant authorities in connection with the safety and
security of patients and staff / prevention of crime and will not share with any other third parties
Allied Health Professionals Suffolk Patient Privacy Statement
February 2023
unless compelled or permitted by law.
13.7 Visitors to the location have the right to request to see images of themselves on CCTV as part of a
request made under the privacy legislation.
13.8 We have followed the CCTV guidelines produced by the Information Commissioners’ Office
We may make changes to this notice from time to time. If any of them materially impact the way in
which we process your data, or your rights, we will notify you directly.
Allied Health Professionals Suffolk Patient Privacy Statement
February 2023
Document Control
Reference/Version Number: IG008
Owner: Data Protection Officer
Author: Joseph Russell
Other contact: Senior Information Risk Officer
Previous version dated: N/A
Date reviewed: 7/2/23
Date adopted: 09/02/23
Next review date: Feb 24
Location of electronic master AHP Suffolk Intranet/Sharestor
AGREED POLICY REVIEW / RATIFICATION / ADOPTION PATH:
Level 1:
Information Governance Steering Group
Date Agreed: 9/2/23

This site uses cookies to store information on your computer.

Some of these cookies are essential, while others help us to improve your experience by providing insights into how the site is being used.