Privacy Statement

• Who are we?

  We are an NHS community trust which provides a wide range of health services across the East of England and employ over 2,000 staff covering a range of expertise and specialisms.

  Cambridgeshire Community Services NHS Trust is the Data Controller for the information which we hold and use. The Trust is registered with the Information Commissioners Office (ICO) and details of our registration can be found on https://ico.org.uk/esdwebpages/search.
  

  Our Head Office address is Cambridgeshire Community Services NHS Trust, Unit 7-8, Meadow Lane, St Ives, Cambridgeshire PE27 4LG and can be contacted on 0300 555 6655.
  Our Data Protection Officer can be contacted by email: ccs.accesstoinfo@nhs.net or on the telephone number above.

• Why and how we collect information

  We collect personal confidential information about you which will be used to support the delivery of appropriate, high quality care and treatment. Your information is known as your personal data.  We process your data to help us deliver our services in fulfilment of our public task of delivering health care. We are legally obliged to do this in certain situations.
  
  The information we collect may include:

  • Name, address, date of birth
  • Contact we have had with you, such as appointments
  • Details and records of treatment and care, including prescriptions, notes and reports about your health
  • Medical Results e.g. x-rays, blood tests, etc.
  • Photos or videos used as part of your care

  Your medical information is known as special category data. This may also include information such as your sexuality, race or religious beliefs.
  
  When we process your special category data, we do so to provide a medical diagnosis; for the purpose of health or social care or treatment or the management of health or social care systems and services. We may also use your data for research purposes (see How We Use Information).
  
  It is important for us to have a complete picture as this information assists staff involved in your care to develop care plans, deliver appropriate treatment and deliver and provide improved care.

• How we use information

  • To help inform decisions that we make about your care

  • To ensure that your treatment is safe and effective

  • To work effectively with other organisations who may be involved in your care

  • To support the health of the general public

  • To safeguard children and vulnerable adults

  • To plan our services to ensure we can meet future needs

  • To review care provided to ensure it is of the highest standard possible

  • To train healthcare professionals

  • For research and audit

  • To prepare statistics on NHS performance

  • To monitor how we spend public money.

  It helps you because:

  • Accurate and up-to-date information assists us in providing you with the best possible care

  • If you see another healthcare professional within iCaSH, they can readily access the information they need to provide you with the best possible care.

  Where possible, when using information to develop future services and provision, or carry out research, anonymised information will be used.
  
  We retain and destroy your data in accordance with our Retention Schedule.  For more information about how your information may be used in research and your rights please visit:  https://www.hra.nhs.uk/information-about-patients/.
  
  Your information may be used to deliver care and improve health and care services across the NHS and social care. This may include to:

  • Improve individual care

  • Understand more about disease risks and causes

  • Improve diagnosis

  • Develop new treatments and prevent disease

  • Plan services

  • Improve patient safety

  • Evaluate Government, NHS and Social Care policy.

• Use of information for Research

  All NHS organisations are expected to participate and support health and care research. Conducting high-quality clinical research helps us keep improving NHS care by finding out which treatments work best. To be effective, we may need to contact you to ask you to take part in our research. If we think your information may be of use in a research project, usually someone in the care team looking after you will contact you. People in your care team may look at your health records to check whether you are suitable to take part in a research study, before asking you whether you are interested or sending you a letter on behalf of the researcher.
  
  Where we are processing your special category data for research purposes, we are doing so in the pursuit of scientific or historical research purposes or statistical purposes.

• How information is retained and kept safe?

  Information is retained in secure electronic and paper records and access is restricted to those who need to know. It is important that your information is kept safe and secure to protect your confidentiality. There are a number of ways in which your privacy is shielded:

  • By removing your identifying information

  • Using an independent review process

  • Adhering to strict contractual conditions

  • Ensuring strict sharing or processing agreements are in place

  • Managing who has access to what information (user access controls)

  Further information about records retention can be found here  
  
  

• How do we keep information confidential?

  Everyone working for the Trust is subject to the common law duty of confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes for which it has been gathered, or for purposes closely associated with it, unless there are other circumstances covered by the law which mean we have to disclose the data. 
  
  Under the NHS Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if, and how, some of your information can be shared. This will be noted in your records. 
  
  All Trust staff are required to undertake annual training in data protection, confidentiality and IT/cyber security, with additional training for specialists, such as healthcare workers, data protection officers and IT staff.
  
  Clinical placements for students and learners commonly take place within the NHS. Some medical files are needed to teach student clinicians. Without such materials, new clinicians would not be properly prepared to treat you. 
  
  Trainees, such as student nurses, midwives and medics, could be receiving training in the service that is caring for you.
  
  If staff would like a student to be present they will always ask for your permission before that meeting or episode of care. The treatment or care you receive will not be affected if you decline to have a student present during your episode of care. 
  

• Who will the information be shared with?

  To provide the best care possible, sometimes we will need to share your data with others. We only do this where it will be in your, or others', best interests, or where we are under a legal obligation to do so. 
  
  We may share your information with a range of health and social care organisations and regulatory bodies, for example your GP, the hospital which treats you, a consultant, the local Council or a school. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. 
  
  Where we share your information, we will have appropriate security measures in place such as a contract or information sharing agreement. We will only share your information where we are satisfied that there are secure arrangements in place with the other organisation.

• Sharing with non-NHS organisations

  For your benefit, we may also need to share information from your records with non-NHS organisations who are providing you with care or other services, such as social services or private healthcare organisations, such as our laboratory services and pharmacy service provider.
  
  We may also be asked to share basic information about you, such as your name and parts of your address, which does not include special category information from your health records. Generally, we would only do this to assist another organisation to carry out their statutory duties (such as usages of healthcare services, public health or national audits).
  
  Non-NHS organisations may include, but are not restricted to:

  • Social services

  • Education services

  • Local authorities

  • Police

  • Voluntary sector providers

  • Private sector providers, such as our laboratory services and pharmacy service provider.

• What are your information rights

  You have certain rights in relation to your information, depending on the reason we process your data.
  
  Your rights are:

  • The right to request a copy of your personal data

  • The right to request that the Trust corrects any personal data if it is found to be inaccurate or out of date

  • The right to request your personal data is erased where it is no longer necessary for the Trust to retain such data

  • The right to withdraw your consent to the processing at any time, where we have sought your consent for this processing

  • The right to data portability i.e. to transfer your data to another controller, where certain conditions are met

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

  • The right to object to the processing of personal data

  • The right to lodge a complaint with the Information Commissioners Office.

  It may not be possible to agree to your request; if it is not, we will explain the reason for this to you.

  If you would like further information about any of these rights, please contact the Trust’s Data Protection Officer using the details below or visit our website.

• Contacting us about your information

  Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian.

  You can contact the Trust’s Caldicott Guardian or Data Protection Officer by using the Contact Us section of this website. 

  If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact the Information Governance team via email: ccs.accesstoinfo@nhs.net or on 0300 555 6655.

• Further processing of information ​

  If we wish to use your personal data for a new purpose, not covered by this Privacy Statement or reasonably foreseeable from the original reason(s) we processed your data, then we will provide you with a new statement explaining the new use(s) prior to commencing the processing, setting out the relevant purposes and processing conditions.

• Contacting us if you have a complaint or concern

  Our Patient Advice and Liaison Service (PALS) support patients, their families, carers and our staff by:

  • Listening to your queries and concerns relating to your in confidence

  • Finding solutions to any problems relating to your care that you may be having, as quickly as possible 

  • Directing you to other sources of help, where this is appropriate

  • Advising you how to make a formal complaint

  • Ensuring that your comments, concerns and compliments are heard and used to improve the Trust’s services.

  Our PALS Team can be contacted via email at ccs-tr.PALS@nhs.net or call 0300 131 1000. Please note the PALS Team are unable to help with appointments, results or general queries.
  
  Or you can write to the PALS Team at:

  Freepost: RTGA-CTLG-SCKH

  PALS & Patient Experience Team
  Units 7/8, Meadow Park
  Meadow Lane
  St Ives
  Cambs PE27 4LG 

  If you or your relatives are unhappy about any aspect of your care or the service you have received, if you feel able to, in the first instance, please speak to a member of iCaSH staff, as soon as possible, to give them the opportunity to put things right.
  
  If you don’t want to speak to a member of staff or you still feel your issues have not been resolved, you can either contact our PALS team (see above) or you can choose to make a formal complaint.
  
  Our Complaints Team can be contacted via email at ccs.complaints@nhs.net or call 0300 555 5544 or you can write to the Complaints Team at:
  
  FREEPOST: RTGA-CTLG-SCKH

  Complaints Team
  Units 7-8
  Meadow Lane
  St Ives
  Cambs PE27 4LG
  
  We view complaints and feedback positively using them as an opportunity to improve services.
  
  If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact: 
  
  Information Commissioner’s Office 
  Wycliffe House 
  Water Lane 
  Wilmslow 
  Cheshire 
  SK9 5AF 
  
  Their web site is at: www.ico.gov.uk