Privacy Notice/Privacy Statement
This privacy notice explains why Direct Local Health Ltd collects information about you, how we keep it safe and confidential and how that information may be used.
What is a Privacy Notice?
A privacy notice is a statement that describes how Direct Local Health Ltd collects, uses, retains and discloses personal information. This can also be called a privacy statement.
Who are Direct Local Health?
Direct Local Health Ltd is a GP-shareholding company, established in 2008 to provide local health services for patients. Local GP Practices joined together in a GP Federation to improve patient care and provide services for patients in Watford & Three Rivers and the wider area.
Privacy Notice Information
To ensure that we process your personal data fairly and lawfully we are required to inform you:
We require your data to fulfil your direct medical care. Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation.
- How your data will be used
We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of assessments.
- Who your data will be shared with
Your data will be shared with those involved directly in your medical care and within the boundaries of statutory discloses of information. You have the right to be informed about the collection and use of your health and personal data. This is a key transparency legal requirement under the Data Protection Act 1998 (DPA) and the General Data Protection Regulations 2018 (GDPR). In common with GP surgeries and GP Federations, Direct Local Health Ltd lawfully relies upon Article 6(1)(e) “Official Authority” and upon Article 9(2)(h) “Health & Social Care” of the GDPR Act to process personal data.
Personal data that we may process includes
- Health treatment or care you have received previously or else-where (e.g NHS Hospital Trust, GP Surgery, Out of Hours GP Centre, A&E, Walk in clinic etc.). These records help to provide you with the best possible healthcare.
- Details about you, such as your address and next of kin, emergency contacts
- Your home telephone number, mobile phone number, email address
- Any previous contact the service has had with you, such as appointments etc.
How we keep your information confidential and safe:
All your NHS health records are kept either digitally/electronically or in a secured paper format. Our electronic records database is hosted by EMIS Health Ltd, who is acting as a data processor, and all information is stored on their secure servers in Leeds and is protected by appropriate security and access is restricted to authorised personnel.
We also make sure that data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. We only write to you, or use your telephone number to call or text you, regarding matters of medical care, such as appointment reminders.
Your data rights:
As a “data subject”, you have the right of:
- Subject Access - to request a copy of all the data and information held on you by Direct Local Health Ltd. This can be requested by contacting Direct Local Health (please see our contact details in the last section).
- Rectification – to request to have inaccurate or incomplete personal data updated.
- Erasure – to request to have data erased from our records
The following provides detailed information on the above and on the many data fair processing activities that DLH performs:
General information sharing for direct medical care
Access to your GP record
NHS Data Sharing databases
- E-referral Services (E-RS)
Statutory Disclosures of information
- Medical Defence Organisation
Permissive disclosures of information
Only with your explicit consent, Direct Local Health Ltd can release information about you, from your GP record, to relevant organisations. These may include:
- Your employer
- Insurance companies
- Herts Valleys CCG (anonymised data)
- NHS England (anonymised data)
Communicating with our patients
The following section outlines the management of the fair processing of this notice, contact details and other access to information legislation.
Complaints about how we process your personal information
In the first instance, you should contact us:
In writing: By email: By telephone:
Direct Local Health Ltd HVCCG.email@example.com 01923 202 601
7 Printers Avenue
Please contact us if you have any questions about our privacy notice or information we hold about you. Our opening hours are: 9am to 5pm Monday to Friday.
Changes to our fair processing notice
We keep our privacy notice under regular review and we will place any updates on our website http://www.dlhealth.co.uk. This notice was last updated on 18.02.2019.
Data Protection Notification
Direct Local Health Ltd is a ‘data controller’ under the DPA and the GDPR. We have notified the Information Commissioner’s Office (ICO) that we process personal data.
Our Data Protection Officer is April Howard firstname.lastname@example.org 01923 202 689.
For independent advice about data protection, privacy, and data sharing issues, or if you wish to express your right to lodge a complaint, please contact:
Information Commissioner’s Office
Tel: 0303 123 1113