Privacy Notice
|
[i]Public health encompasses everything from national smoking and alcohol policies, the management of epidemics such as flu, the control of large scale infections such as TB and Hepatitis B to local outbreaks of food poisoning or Measles. Public Health England (PHE) monitors the numbers of certain infections that occur in healthcare settings through routine surveillance programmes, and advises on how to prevent and control infection in establishments such as hospitals, care homes and schools. In order to allow PHE to carry out accurate monitoring of infections, it may rely on information held by providers with regards to Healthcare Acquired Infections (HCAIs).
This will necessarily mean the subject’s personal and health information being shared with the Public Health organisation.
Some of the relevant legislation includes:
Health Protection (Notification) Regulations 2010 (SI 2010/659) Health Protection (Local Authority Powers) Regulations 2010 (SI 2010/657) Health Protection (Part 2A Orders) Regulations 2010 (SI 2010/658) Public Health (Control of Disease) Act 1984 Public Health (Infectious Diseases) Regulations 1988 and The Health Service (Control of Patient Information) Regulations 2002
CSH Surrey are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.
|
|
|
1) Controller contact details |
CSH Surrey |
|
2) Data Protection Officer contact details |
NHS NEL CSU 03000 428 430 |
|
3) Purpose of the processing |
There are occasions when medical data needs to be shared either under a legal obligation or for reasons of public interest. |
|
4) The Lawfulness Conditions and Special Categories |
The legal basis will be Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.” And Article 9(2)(i) “processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices,..”
|
|
5) Recipient or categories of recipients of the shared data |
The data will be shared with Clinical Commissioning Groups, the Local Authority Director of Public Health, the Health Protection Agency, or Public Health England and equivalents in the devolved nations.
|
|
6) Right to object |
You have the right under Article 21 of the GDPR to object to your personal information being processed. Please contact CSH Surrey directly if you wish to object to the processing of your data. You should be aware that this is a right to raise an objection which is not the same as having an absolute right to have your wishes granted in every circumstance.
|
|
7) Right to access and correct |
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a Court of Law.
|
|
8) Retention period |
The data will be retained in line with the law and national guidance or speak to the organisation.
|
|
9) Right to Complain. |
You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
Or by calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate) There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).
|
[i] GDPR requires information regarding how your data is processed to be provided to you in an easily understandable format however, please feel free to contact the Controller if you have any further questions.