Fair Processing Notice

Under the new General Data Protection Regulation 2016 (GDPR) and the Data Protection Bill [2017-2019] the trust is required to inform its patients and staff of their rights. The Data Protection Bill which will become the Data Protection Act 2018 has been written to support the protection of your personal data in preparation of the UK leaving the European Union. Your rights will not be affected by these changes.

Why was the change needed?

The European Union (EU) General Data Protection Regulation (GDPR) has been years in the making. Over the last 25 years, technology has changed our lives in ways nobody could have imagined so a review of the rules was needed. In 2016, the EU adopted the GDPR, one of its greatest achievements in recent years. It replaces the1995 Data Protection Directive which was adopted at a time when the internet was in its early stages.

Therefore data protection was out of date and needed modernisation to:

  • reinforce your rights in the digital age
  • give back control to you over how your information is to be used and by whom
  • improve the free flow of information in the digital market
  • simplify the regulatory environment for business
What is a Fair Processing Notice

A Fair Processing Notice (FPN) or Privacy Notice provides accessible information to you about how the trust will use your personal data. Please click on the links to find out more.


For any additional information please email: LHNT.dpo-lchs@nhs.net

What are your rights?

You now have the rights to request the following

  • Right to rectification – this requires the trust to rectify any information that has been found as inaccurate without delay
  • Right to erasure – this requires the trust to erase any information
    • That no longer is required to be kept by the trust
    • Where there is no legal grounds to keep the data
    • That you object to the trust keeping the information.
    • Your data has been unlawfully obtained.
  • Right to restriction of processing – you have a right to stop processing if one of the following is relevant:
    • the accuracy of the data is in question
    • you restrict the use of your personal data. If this is the case the trust will advise you that if this impacts on your healthcare we may refuse. This will be explained to you if this is the case.
  • Right to data portability – you have a right to request that any data held by the trust can be transferred to another organisation in a machine-readable format for onward transfer to the recipients system.
  • Right to object – you have the right to object to unless the trust can show it is in the vital interests of you. This may include:
    • Direct Marketing – the trust can confirm that it does not use any patient data for direct marketing purposes
    • Research/Scientific or historical purposes – the trust can confirm that it does collect and use information for these purposes. This will always be with your consent. For further information go to the following link
  • Automated individual decision-making, including profiling – you have the right to object to any automated decision making or profiling and request the trust ceases this activity. Profiling is described as taking information to evaluate things about you. This will be the case when we collect information with regards Google analytics.

Research and Innovation

Please go to the following for further information - https://www.lincolnshirecommunityhealthservices.nhs.uk/about-us/privacy-policy

Who is the controller and what are our responsibilities?

Lincolnshire Community Health Services NHS Trust
Beech House
Waterside South
Lincoln
Lincolnshire
LN5 7JH

Telephone: 01522 308686

Email: Enquiries@lincs-chs.nhs.uk

You can also contact us via the trust’s contact us page by clicking on the following link.

https://www.lincolnshirecommunityhealthservices.nhs.uk/contact-us

The trust shall:

  • have in place technical and organisational safeguards to protect your data and to demonstrate that processing of your information is in accordance with the regulation
  • put in place a data protection officer as the central point of contact on all matters relating to data protection
  • adhere to codes of practice as contained in article 40

Who is the data protection officer for the trust?

If you have any concerns about the way the trust uses your personal data please contact the data protection officer using the following details

Data protection officer
Lincolnshire Community Health Services NHS Trust
Beech House
Waterside South
Lincoln
LN5 7JH

Email: LHNT.dpo-lchs@nhs.net

What information do we need to collect and why?

The trust has put in place an information charter which sets out the standards you can expect from us when we hold personal information about you and how you can access your personal data.

Personal information

Personal information is any information which can be used to identify you as an individual. It does not include information on organisations.

When we use your personal information we will do so in accordance with the General Data Protection Regulation 2016 and Data Protection Act 2018 collectively known as the Data Protection Legislation.

We need to handle personal information about you so that we can provide services or work with you. This is how we look after your information:

When we ask you for personal information, we promise:

  • to make sure you know why we need it;
  • to only ask for what we need, and not to collect too much or irrelevant information;
  • to protect it and make sure no unauthorised person has access to it;
  • to let you know if we share it with other organisations to give you better public services - and if you can say no;
  • to make sure we don’t keep it longer than necessary;

In return, we ask you to:

  • give us accurate information;
  • tell us as soon as possible if there are any changes, such as a new address. This helps us to keep your information reliable and up to date.

What categories of data do we collect?

The GDPR separates personal data into two categories as like the previous data protection act did. Under article 4 it defines personal data as any information relating to an individual who can be identified directly or indirectly from the data. This will include the use of a personal identifier such as your NHS or staff number.

The more sensitive personal data is now defined as special category data and includes the following:

  • physical health
  • physiological
  • genetic
  • mental
  • economic
  • social identity

Consent must be obtained in all circumstances the only difference is as the trust will be using health data or as defined in GDPR as special category data we are required to obtain explicit consent.

Consent explained

Under the new regulation the trust must ensure that consent has been freely given, specific, informed and an unambiguous indication of your wishes. In other words a positive opt in. Consent must not be inferred by silence, pre-ticked boxes or inactivity. However as the Trust may not have seen you to obtain consent this may have been obtained from your GP or secondary care provider and in this case we would check with each health professional that consent has been obtained before we access your data.

There may be occasions when we will use you information without your consent. These will include:

  • Where the trust has a legal duty to share your information
  • The trust is unable to obtain consent and it is yours or another person best interests to do so.
  • The courts or coroner requests your data

We would only share what is relevant to the request and no more.

Who does the trust share information with?

We share your personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities, other NHS trusts, general practitioners (GPs), ambulance services and primary care agencies. This will always be done with your consent.

Information sharing with non-NHS organisations

We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services. However, we will not disclose any health information to third parties without your explicit consent unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.

We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. This would normally be to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Legislation.

These non-NHS organisations may include, but are not restricted to:

  • social services
  • education services
  • local authorities
  • the police
  • voluntary sector providers
  • private sector providers

This trust is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

Lincolnshire Care Portal

In Lincolnshire, NHS and social care services are working more closely together to better co-ordinate the delivery of care to people supported by local commissioners.

The Lincolnshire Care Portal is a programme which allows people to give health and care workers their consent to access their medical and care records during their treatment.

The people caring for you need to access information about your health and care record to make the best decisions about your diagnosis and treatment. By way of example this could include GPs, hospital-based clinicians, nurses, health visitors and social care workers.

To enable this to happen more quickly and to improve the care you receive, a new process has been put in place. This will allow your information to be viewed by different health and care organisations, using existing computer systems.

This new process does not share your record with third party organisations, but provides health and care workers, with your consent, access to view your information.

Information will only be accessed by health and care workers that have a legitimate relationship with you and they will only access the data required to support your care.

More information on the Lincolnshire Care Portal can be found here, https://lincolnshirehealthandcare.org/care-portal/

Research and Innovation

Lincolnshire Community Health Services NHS Trust Research team is committed to taking part in health research, aimed at improving patient care, developing better treatments and increasing our understanding of disease. Please click on the following link to know more.

https://www.lincolnshirecommunityhealthservices.nhs.uk/our-services/research-and-innovation

If you want to opt out of your data being used for any secondary use which includes research or audit please click on the following link https://digital.nhs.uk/services/national-data-opt-out-programme

If you wish to discuss your concerns with the trust data protection officer you can either email or contact them via post.

Email – LHNT.dpo-lchs@nhs.net

Data protection officer
Lincolnshire Community Health Services NHS Trust
Beech House
Waterside South
Lincoln
LN5 7JH

Clinical Audit

Clinical audit is a process or cycle of events that help ensure patients receive the right care and the right treatment. This is done by measuring the care and services provided against evidence base standards, changes are implemented to narrow the gap between existing practice and what is known to be best practice. Ideally, a clinical audit is a continuous cycle that is continuously measured with improvements made after each cycle and should be viewed as an integral part of working practice

Clinical audit was introduced in 1993 into the United Kingdom's National Health Service (NHS), and is defined as "a quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change”.

The focus of the Clinical Audit Group is to approve a programme of National (HQIP, NCEPOD) and Local Clinical audits (which will be maintained as a live audit plan and may be subject to additions during the course of the year), ensuring that all audits are relevant to the trust.

The trust carries routine audits to:

  • Improve Patient Care
  • Ensure the trust follows national standards of record keeping
  • To identify areas of improvement to meet best practice

For further information contact the clinical audit team on – clinicalaudit@lincs-chs.nhs.uk

Your Rights to complain to the supervisory authority?

If the trust's data protection officer is unable to resolve your compliant or we have not investigated your concerns fully then you have rights to complain to the supervisory authority/Information Commissioners’ Office. They can be contacted at:

https://ico.org.uk/global/contact-us/

Call the helpline on 0303 123 1113 – (local rate – calls to this number cost the same as calls to 01 or 02 numbers).

Live chat - https://ico.org.uk/global/contact-us/live-chat/

Via their webform - https://ico.org.uk/global/contact-us/email/ or alternatively emailing directly to casework@ico.org.uk

Or in writing to:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Back to Information Governance