How we use your information
What is it?
Information Governance is a framework for managing information policy and processes that ensure security and confidentiality.
Why is it important?
Information Governance is the way in which we handle information about you, in particular personal and special category information relating to patients and employees.
It provides a framework to ensure that personal information is dealt with legally, securely efficiently and effectively in order to deliver the best possible care.
To make a request please click here
To view a copy of our privacy policy please click here
To learn more about Freedom of information please click here
To contact our Data Protection Officer
About
The Data Protection Act 2018 (Data Protection legislation) give individuals (data subjects) certain rights regarding information held about them (personal data). The Data Protection legislation also place obligations on those who process personal data (data controllers).
The definition of ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Anyone processing personal data must also comply with the data protection principles set out in the data protection legislation
Personal data
Personal data shall be:
-
processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
-
collected for specified, explicit and legitimate purposes
-
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
-
accurate and, where necessary, kept up to date;
-
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
-
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
-
The Data Protection legislation sets out the right of a data subject to access personal data held about them. However, this right of access is subject to a number of exemptions that are set out in the Data Protection Act 2018.
The ICO’s website contains further information on the Data Protection legislation and the right of access.
Making a request
This form may be used if you wish to make a subject access request under the Data Protection legislation for information believe we may hold about you.
A data controller is not obliged to comply with a request unless it is supplied with such information as it may reasonably require in order to satisfy itself as to the identity of the person making the request and to locate the information which that person seeks. Accordingly, while you may have already made a request to us by other means, we may still require you to supply us with additional information (as set out in this form).
Fee
There is no fee for processing a subject access request under the Data Protection legislation.
Identification
Unless BHNC Indicates otherwise, you should also provide identity documentation. More guidance on what type of documentation to provide can be found in the request form.
Submitting the request
Please send the completed form and copy identity documentation to
How will we process your request?
We will verify and shred your proof of identity documentation. We will aim to acknowledge receipt of your request within two working days. We may ask you to clarify the request where its terms are not clear to us or where we need additional information in order to search for the requested information.
Upon our receipt of a valid request, we will arrange for searches to be carried out for the requested personal information.
We may subsequently ask you whether you require copies of particular communications which we suppose may already be in your possession (e.g. correspondence previously sent to you by us or by other parties).
Where the personal information requested by you is contained in records of communications with third parties (e.g. an employer or contracting body, a regulator, or a public authority), we will normally seek the views of each such third party on the issue of disclosure. We do this to inform our decision-making as to whether the disclosure of certain information (e.g. the personal information of staff members of the third party) would be lawful.
We will send the response to you securely by email, or if you wish to received it by post, we will send it to your residential address or to the business address of your representative by recorded delivery.
Timeframe
There is a one calendar month timeframe for responding to subject access requests. We will endeavor to respond to your request within one calendar month of receipt of a valid request.
Privacy Policy
This page explains how we use any information you give to us, and the ways in which we protect your privacy
Freedom of Information
FREEDOM OF INFORMATION
What is freedom of information?
The Freedom of Information (FOI) Act gives the public the right to request any recorded information from a public authority. The authority will then have 20 working days to provide this information subject to any exemptions.
How do we process freedom of information requests?
We pride ourselves on being an open organisation and will endeavor to respond to requests for information where we are required to under the guidance attributable to primary care. While we will provide as much information as it can, due to the sensitivity of some of this information, the organisation has a duty of confidence to both patients and staff. In line with FOI Act, this means that no information will be released which could lead to the identification of an individual.
It is important to inform individuals who may make requests that some activities that Bexley Health Neighborhood Care undertake are exempt from FOI legislation.
Where can you make your request?
Any requests in the first instance should be made to the ICB with whom we have a contract. If you require further information, you may contact our Data Protection Officer: umar.sabat@ig-health.co.uk
Data Protection Officer
The Data Protection Officer is Umar Sabat. He is independent and oversees our data protection compliance and can be contacted at umar.sabat@ig-health.co.uk