Our Privacy Notice for Leeds IAPT
In the context of delivering elements of the care pathway for NHS Leeds IAPT service, Northpoint Wellbeing will collect, store and use personal data about you to provide you with healthcare services. Your personal data will also be used to plan our IAPT service and to make sure that service is as good as it can be.
Northpoint delivers Leeds IAPT with three other parties (LCH, TS, CL) and the parties undertake a data controller / data processor role concurrently during the delivery of the IAPT service.
Northpoint Wellbeing in its role as Data Controller has a registered address of Leeds Bridge House, Hunslet Road, Leeds LS10 1JN and is registered with the Information Commissioner’s Office (ICO) registration: Z5357295
We take our duty to protect your personal data, and maintain confidentiality very seriously. We are committed to taking all reasonable measures to ensure the security of the personal data we are responsible for, whether this is computerised or in paper form.
At Board level we have a Senior Information Risk Owner (SIRO) who is accountable for the management of all the charity’s information assets; a Caldicott Guardian who is responsible for the management of patient data and patient confidentiality. We have a Data Protection Officer who ensures the charity is accountable and in compliance with the General Data Protection Regulation (GDPR) and the forthcoming Data Protection Act 2018.
The Data Protection Officer is: Jon Davis
What information do we collect about you?
We keep records about your health, treatment and care you receive within the NHS Leeds IAPT service and associated NHS services.
The information in the record may come from you, other care providers e.g. a GP, Social Care or Hospital. The maintenance of these records will ensure that you receive the best possible care. They may be written down on paper or held on a computer and include:
- Basic personal details about you such as your name, address, date of birth, next of kin etc.
- Contacts we have had with you such as appointments or clinic visits
- Relevant information from people who care for you and know you well, such as health professionals, relatives and carers
- Notes and reports about your health, treatment and care
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.
How your personal information is used
Your records are used to direct, manage and deliver the care you receive to ensure that:
- The health professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you
- Healthcare professionals (including partner organisations) delivering your care have the information they need to be able to assess and improve the quality and type of care you receive
- Appropriate information is available if you see another health professional, or are referred to a specialist or another part of the NHS
Your data will also be used to help manage the NHS and protect the health of the public, through reviews, statistical analysis, and research.
Your anonymised data will also be used to ensure the charity receives payment for the care you receive, ensuring our services can meet patient needs in the future, or for statistics on NHS performance.
Our lawful basis for processing your information under Data Protection legislation is:
- Public task: the processing is necessary to perform a task in the public interest, or our official functions, which have a clear basis in law (GDPR Article 6(1)e).
- The processing is necessary for the purposes of preventative or occupational medicine, the assessment of the working capacity of employees, medical diagnosis, the provision of health or social care or treatment or management of health or social care system (GDPR Article 9(2)h).
Who do we share personal information with?
Everyone working to provide an NHS service has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
We will share information with the following main partner organisations:
- Other organisations involved in delivering NHS Leeds IAPT service
- NHS Trusts and hospitals involved in your care
- Clinical Commissioning Groups and other NHS bodies
- General Practitioners (GP’s)
You may be receiving care from other people as well as the NHS, for example Social Care services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:
- Social care services
- Education services
- Local authorities
- Voluntary and private sector providers working with the NHS
We will not disclose your information to any other third parties unless:
- We have your permission
- We have to share it by law
- We have good reason to believe that failing to share the information will put you or someone
- else at risk of serious harm or abuse
- We hold information that is essential to prevent, detect, investigate or punish a serious crime
Please ask our staff if you have any concerns or would like further information. Alternatively you can contact the Data Protection Officer, Northpoint Wellbeing, Leeds Bridge House, Hunslet Road, Leeds, LS10 1JN Tel: 0113 243 3400
We will ensure your rights are respected.
- The Right to be Informed – we tell you what we do with your information. We do this through notices like this, service information leaflets, notices on our websites and posters.
- The Right to Rectification – we will correct any personal information that is inaccurate or rectify any data that is incomplete.
- The Right to Object – you have the right to object to how we process your information. Your objection will be considered in relation to your particular situation; we will stop processing unless there is a legitimate reason for us to continue e.g. we will not be able to stop the processing of your data to provide you with direct patient care and this is needed to provide safe care.
- The Right to Restrict Processing – we will temporarily restrict processing your data, whilst we check the information, if you query the accuracy of it. We will also restrict processing (if you raise an objection to how we process your data) whilst we consider your objection.
- The Right of Access – you can ask for copies of information we hold about you. This is called a subject access request. If you would like to request a copy of your medical records, please contact the Data Protection Officer, Northpoint Wellbeing, Leeds Bridge House, Hunslet Road, Leeds, LS10 1JN.
Sending data to other countries
Sometimes your data may be processed outside of the UK but in most circumstances it will remain within the European Economic Area (EEA) and will have the same protection as if processed within this country. When this is outside the EEA we will identify the data protections in place prior to transfer.
How long do we keep your information?
All personal information will be kept in line with the retention periods in the Department of Health Records Management Code of Practice for Health and Social Care Records 2016.