Privacy Policy
We have a legal duty to protect the privacy of all personal data obtained from you while you are using this website. Some web usage and technical information is collected by this website to help us improve our service to you, but this does not contain any personal data.
Our web privacy policy explains what information we may collect from you and the purposes for which it will be used. By using this website you give your agreement to the data practices described in this policy.
For full details of how we manage all personal data handled by us, including how to exercise your rights under the law, please read personal information and data protection.
Website Management
This website is managed by our Maudsley Private Care team. You can email them via privatecare@slam-website.verseonecloud.com
Data Protection
Under the Data Protection Act, we must protect any information collected from you. We use leading technologies and encryption software to protect your data, and maintain strict security standards to prevent any unauthorised access to it.
The Information we collect
We collect the following kind of information from people visiting the website:
- Feedback (through visitors emailing us or completing online forms)
- Site usage information, using cookies and page tagging techniques
After we reply to your feedback, a record of your message will be kept for the minimum of time required before it's deleted.
Cookies
Cookies are small text files that are held on your computer. We use cookies to gather information to help us improve the website.
How we use your information
Information we collect is used to:
- Improve the content and design of the website
- Contact visitors (with their permission)
We will never share your information with other organisations for marketing, market research or commercial purposes. We don’t pass on your personal information to any other website.
Third Party Content and linking to other websites
This website contains links to other NHS and non-NHS websites. This website privacy policy applies to South London and Maudsley NHS Foundation Trust only.
Following a link to another website
When you go to another website, read the privacy policy on that website if you want to know what it does with your information. We don’t pass on any of your personal information to other websites.
Following a link to our website from a third party website
When you come to our website from another website, we may get personal information about you from the other website. You should read the privacy policy of websites you visit that link you to us if you want to know about this.
These policies will explain how they collect and use your personal information, and whether they pass this on to websites they link you to.
Third party website content
We embed external content from third party websites such as YouTube and including cookies. This content is not published on our website. It is delivered using tools and services from third party sites that can be inserted into our site such as media players, RSS feeds and widgets. These websites may use cookies. Their content is subject to the privacy policy of the relevant third party provider and not ours.
Changes to this policy
We may make changes to this web privacy policy at any time. Changes will be posted here and are effective immediately. You should visit this page regularly so you know:
- what personal information we collect
- how we use your personal information
- when (if ever) we share your personal information with someone else
Personal Information & Data Protection
Medical Information:
In order to make sure you get the best possible health care; we keep information about you in your medical records. This information includes:
- Basic details about you, such as your name, address and next of kin
- Contacts we have had with you, such as visits to clinics
- Notes and reports about your health, any treatment and care you need or receive
- Results of investigations, such as x-rays and laboratory tests
- Information from other health professionals, relatives or those who care for you and know you well
Who can access your medical records in our organisation
You may be seen by a number of staff within Maudsley Private Care and may be transferred from one clinical service to another. The information you give to us will be available to all staff involved in your care.
Sharing information with other organisations
We will not give information about you to other organisations - such as housing departments, voluntary sector providers or education services - without your consent. However, there may be circumstances when either you or someone else might be at risk. In these circumstances, we have a legal obligation to share information with other organisations.
Why we need your personal information
We need to collect information about you mainly to provide you with health and care services.
The information that we collect is used for medical purposes that include:
- Preventative medicine
- Medical diagnosis
- Provision of direct care and treatment
We collect your personal information so that your care team has accurate and up-to-date information to plan your treatment options.
Data Protection Law
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 allow and regulate the processing of personal data. This includes where health and social care data are processed by a public authority, such as us.
Health and genetic data are amongst special categories of data requiring specific protection and are subject to additional controls. Providers of health and care are expected to:
Demonstrate satisfaction of conditions set out in Article 6 of the GDPR
Satisfy a condition under Article 9 of the GDPR when processing special categories of data, such as data concerning health
Under Article 6, processing is permitted where it is:
“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6 1 (b) .
Article 9(2) sets out the circumstances in which the processing of special categories of data, including data concerning health, which is otherwise prohibited, may take place. We process special category information on the basis of it being necessary to provide care and treatment, as outlined in the law below as follows:
9(2)(h) – Necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis Domestic law or a contract with a health professional
What information we collect about you
Health and care organisations have a legal duty to keep
This information is known as your ‘health record’ and is stored securely on managed systems.complete, accurate and up-to-date information about your health. This is so that you can receive the best possible care, both now and in the future.
The information stored includes: |
|
Category |
Data type |
Identifiers |
Your name, date of birth, NHS number |
Contact details |
Your address, telephone number, email address (if provided) |
Support contact details |
Names, contact details of carers, relevant close relatives, next of kin, representatives, and dependants |
Physical, social or mental health situation or condition |
Your medical history, treatments, test results, referrals, care plans, care packages, medication, medical opinions and other relevant support you are receiving |
Protected characteristics |
Your ethnicity, religion, sexual orientation, gender, which are required for equality monitoring and ensuring that the services are suitable and provided in the right way for the people being cared for |
Other information we may collect |
Criminal convictions, potential vulnerable characteristics for safeguarding purposes, risks (clinical and non-clinical risks) |
Where we get your information from
Most of the information we collect about you is from:
- you
- your GP
- directly from you or a friend or relative
- other health and care organisations
Typically, we get information by referral. For example, if your GP decides you need an appointment with a hospital team or social care professional, they will provide those professionals with necessary information about you so that you can be supported appropriately. This may include identifiers, history, diagnosis and medications. This information is increasingly being made available electronically to improve the quality, safety and speed of delivery of care.
All care professionals and others working with them in care services have a legal duty to keep information about you confidential and secure and only use it for the purposes of providing and improving the care they provide. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
Who we share information with
With your consent we will share your information with those health and care partners who are directly involved in your care. These may include:
- Local NHS hospitals
- Your GP practice
- Local voluntary and private care providers
- Urgent and emergency care services, such as NHS 111 and the London Ambulance Service
You may be receiving care from other people as well as Maudsley Private Care, for example social care services. Health and social care providers may need to receive or share some information about you if they have a genuine need. This may help them form a complete picture of your health needs and provide care and treatment that is most suited to your needs and preferences. They will only share information where it is necessary to providing the best standards for your care or with your permission.
If you have unpaid debts to Maudsley Private Care, we may need to pass your details to a debt recovery company to ensure the debt is paid.
We will not normally give your information to any other third party for any reason outside your individual care and treatment (or recovery of outstanding debts) without your permission. However, there may be exceptional circumstances where we may do so, such as if someone’s health and safety is at risk or if the law requires us to pass on information.
Why we share your information
People often access a range of services available to them to support their health and care needs. Care organisations are increasingly providing services in regional partnerships.
If care services do not share information about you, then they may be making decisions without the best available information. This may affect the quality and safety of care they give you.
You have a legal right to opt out of having your data shared between your care professionals. However, you should be aware of the risks to the safety and the quality of the care you receive.
Sharing information helps care professionals to work together across organisational boundaries. Up-to-date information about your health and care improves the quality of clinical decision making by care professionals. Health and care providers are increasingly using digital technology, subject to strict rules, to further improve your health. We will make every effort to inform you about new digital technology and point you to resources to help you access and use it securely. We will always respect your right to opt out if you do not wish to make use of it.
Other uses of your personal information
Using information for regulatory compliance
Under the Competition & Markets Authority (CMA) Private Healthcare Market Investigation Order 2014 (as amended), we are required to provide information to the Private Healthcare Information Network (PHIN). PHIN cannot directly identify you from any of the data they receive or any patient data they process. They do, however, recognise that the data they hold is still personal and confidential. You can find more about the data processed by PHIN and their legal basis in their privacy policy at phin.org.uk/about/our-privacy-policy.
Service evaluation contributes to the overall quality and effectiveness of clinical services to you and a group of people with a similar condition. This routine quality assessment of care services falls outside the scope of your direct care. It covers:
- Care services management
- Preventative care and medicine
- Health and social care research
Service evaluations are routinely undertaken using anonymised data. Where identifiable information is to be used, we will always do it lawfully and securely in a way that will always protect your privacy
Other ways your information is used
We may also use your personal data in the following areas:
- Any complaints you have made about services
- Any incidents you may have been involved in while you were receiving treatment and care from us
- Any paid, un-paid work with us, including your involvement in volunteering, public engagement or other projects (eg social, community, art, consultation) we run solely or with partners
- Any training, education, supervision delivered to you by us
- CCTV (closed-circuit television) and use of multimedia device
How we keep your information secure
As a health and care provider, we store and use large volumes of sensitive personal data every day, such as your health records. Your health records are stored electronically.
Other personal data and computerised information are stored on various other systems across your health and care providers. These systems are managed by NHS IT departments or under contract with an approved public framework supplier.
Find more information on how your information is kept securely on NHS information systems
Important information used by the Trust for your private care
Purpose |
System name |
Electronic health records |
DGL Practice Manager |
Electronic staff records |
ESR |
Complaint and incident records |
Datix |
Clinical observations |
eOBS |
Clinical incident records |
SafeCare |
Business intelligence |
Microsoft BI |
Translational research using de-identified data |
CRIS (research pipeline) |
Internal staff communication |
Intranet |
Staff rosters |
eRoster |
Workforce recruitment |
TRAC |
Workforce training and professional development |
LEAP |
Enterprise network and email |
Office365 / UK Azure Cloud |
Finance system |
eFinancials |
Procurement system |
eProcurement (eFinancials module) |
Invoicing system |
ITSOFT |
Contracts monitoring |
Soles |
IT service desk |
BMC |
Estates and facilities helpdesk |
PlanetFM |
VoIP |
Cloud Telephony |
Electronic prescription service |
ePMA |
Billing Company |
MBC |
The information we collect is used by people in their work for the purposes stated in this notice. We take our duty to protect your personal information and confidentiality very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
We encrypt all outgoing email containing personal data
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems
We provide training to all staff on how to handle all types of data
We manage and retain records in line with the NHS Records Management Code of Practice
At the most senior level, we have:
- A senior information risk owner who is accountable for the management of all information and any associated risks and incidents
- A Caldicott Guardian who is responsible for the management of patient information and patient confidentiality
- A data protection officer oversees all activities related to the use of data. They make sure data use is done within the law and best practice
You can contact these senior responsible officers by emailing us via dataprotectionrequests@slam-website.verseonecloud.com or writing to:
Information Governance
Maudsley Hospital
Denmark Hill
London
SE5 8AZ
Your legal rights
You have several rights under the data protection law:.
Your request must be made to the following address:
South London and Maudsley NHS Foundation Trust
Information Governance Office
Maudsley Hospital
Denmark Hill
London
SE5 8AZ
Email: dataprotectionrequests@slam-website.verseonecloud.com
a. Right to be informed: you have a right to be informed about uses of your information, with an emphasis on transparency. This fair processing notice, in support of other privacy notices makes sure that your right to be informed is upheld.
b. Right of access: you have a right to receive:
Confirmation of what information is recorded about you
Confirmation of how your information is used
Access to your personal health information and other information we hold
To exercise your right of access, you will be asked to complete a subject access request form (SAR), provide proof of identification and may be asked to explain exactly what information you require. This is not compulsory, however it will make it easier to deal with your request and for you to include all the details we might need to locate your information.
You will not be charged for this service.
Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs if it decides you cannot manage them yourself.
c. Right to rectification: rectification means correcting inaccuracies or incomplete data we hold about you. This often applies to factual information only such as identifiers and next of kin. We are unable to remove or alter professional opinions that you may disagree with. You do however have the right to include your personal statements alongside professional opinions.
To rectify your information please contact your clinical team.
d. Right to deletion: in some circumstances you can request that we delete the information we hold about you. This right will apply only if the processing has been based on consent which is withdrawn, the processing of data is found not to be lawful or the information is no longer required. We will tell you about activities to which this right applies
There are exceptions to the right to deletion. Your health and care providers are legally required to maintain your records in accordance with the retention guide in the Record management code of practice for health and social care
e. Right to object: you do not have a general right to object to processing of your personal information for your individual care, however you can object if the information is used for a secondary purpose, such as:
- Marketing
- Scientific or historical research
- Statistical purposes
- Purposes in the public interest or under an official authority (e.g. NHS Act 2006)
- Public patient involvement groups
f. Right to restrict processing: the right to restrict processing means that, if you have disputed the accuracy of information, objected to its use or require data due for destruction to be maintained for a legal claim, you can have the data stored by the Trust but not allow other uses until the dispute is settled. To request restriction to processing, please contact the data protection officer.
We will respect your rights under the data protection legislation whether you are an adult or a child. We will respect the wishes of parents’ (or legal guardians’) in respect of data rights of children who are younger than 14 years old.
You should also tell us how you would like us to contact you. Your preferences may include post, text messaging and phone. You should notify your care team about your preferences and ask it to be recorded in your health and care record. You can change your mind later as long as you give timely notifications to your care team about any changes to your preferences.
Other bodies
There are some exceptional circumstances where we must share information with official bodies or other organisation about employees without their express permission. These include circumstances owing to a legal or statutory obligation. These bodies may include:
Disclosure and Barring Service
Home Office
Her Majesty’s Revenue and Customs (HMRC)
financial institutes, for example banks and building societies for approved mortgage references
educational, training and academic bodies
Department for Work and Pensions (DWP)
If you want to complain
If you think that information in your health records is wrong, please talk to the health professional looking after you and ask to have the record amended. You can also ask for the information to be amended by contacting the Information Governance team, if your request to have your records amended is not upheld because it is not deemed that the information is factually incorrect, we will add a statement of your views to the record.
Information Governance Team
South London and Maudsley NHS Foundation Trust
Maudsley Hospital
Denmark Hill
London
SE5 8AZ
Telephone: 020 3228 5174
Email: InformationGovernance@slam-website.verseonecloud.com
If you are unhappy with our response, you have the right to complain to the Information Commissioner’s Office (ICO), which regulates and enforces the Data Protection Act.
For details of how to do this:
visit the ICO website at www.ico.org.uk
Further information
Please talk to the team looking after you if you want to know more about how we use your health records, or if you do not want your information used in any of the ways described in this leaflet.
Patient Advice and Liaison Service (PALS)
Freephone 0800 731 2864 or email us via pals@slam-website.verseonecloud.com