Signet Healthcare Ltd is required by law to publish a privacy notice.
Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. Signet Healthcare Ltd is therefore required to provide individuals with the type of information we hold and this is known as ‘privacy information’.
Cookies – What are cookies?
Cookies are small data files which are sometimes placed on your computer when you visit a website. Cookies are used to make it easier to navigate the website, mainly by saving your preferences or settings.
Privacy and Data Protection
Signet Healthcare Ltd in its capacity of data collector, holds certain information about you (personal data) which it needs to process for the purposes of providing care support services. The type of data we hold and process is described below.
The Data Protection Act (DPA) 1998, implements a European Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
It applies to personal data as defined in Sections 1 of the 1998 Act, that is to say information that relates to a living individual who can be identified:
a) from that data or
b) from that data and other information which is in the possession of, or likely to come into the possession of, a data controller and includes expression of opinion about the individual and any indications of the intentions of a data controller or any other person in respect of the individual.
Sensitive personal data is further defined as consisting of information relating to:
- Personal information such as date of birth, address, ethic or racial identity, married status, NHS number etc.
- Racial or ethnic origin of the data subject
- Health status or condition
- Religious beliefs of a similar nature
- Financial information
- Personal details on next of kin
- Sexual orientation
It includes manual or electronic data forming part of accessible records.
The DPA sets out eight principles of data protection. These principles limit reasons for which personal data may be obtained and how they may be used and are found in Schedule 1 of the Act.
Schedule 2 of the Act specifies conditions relevant for purposes of fair and lawful processing of any personal data, whilst Schedule 3 specifies conditions relevant to the processing of sensitive personal data.
Subject to a limited number of exemptions listed under Part IV of the DPA, any living person who is the subject of personal information held and processed by an authority (the local authority comes under this definition) has right of access to that data (this includes factual information, expressions of opinion and the intentions of the authority in relation to the individual). If access is refused, an appeal can be made to a Court or the Information Commissioner.
If a joint record is held, i.e.: within a Community Mental Health, then the relevant organisations have to be notified of the request.
An individual does not have to know what is recorded about somebody else. Therefore if a request is made for access to the family files, one member is not entitled to see information about another without the consent of that individual. However, there may be reasons for disclosing with consent and guidance by the Department of Health sets down the factors, which must be considered.
Special requirements are set down in the Department of Health Guidance where access is requested:
By or on behalf of a child/young person under 18.
- On behalf of an adult lacking capacity
- Through another person (agent).
Although the Data Protection Act is only applicable to living persons, there may still be issues of confidentiality when information is sought from a deceased individual’s file.
Exemptions from Data Access
Prevention of detection of crime
- Where data is held for social work purposes and disclosure is likely to prejudice carrying out social work, by causing serious harm to the physical/mental health of the data subject or another. Please note that this is used exceptionally and confined to serious harm.
- Information cannot be refused to be disclosed if it identifies a relevant person, i.e. a social worker, unless the serious harm test applies.
- The local authority must not disclose information about the physical or mental health or condition of an individual without first consulting ‘an appropriate health professional’. This is normally the person responsible for the data subject’s current clinical care in connection with matters to which the information relates.
- Where other enactments themselves prevent disclosure, then a data subject cannot rely on the DPA to seek access to records, i.e. adoption records/reports
Duty of confidentiality
A local authority has a general duty in common law to safeguard the confidentiality of personal information, which they hold. Where they wish to disclose information, they need to consider whether this is lawful under the Data Protection Act 1998.
Under the 1998 Act, for a disclosure without consent to be legal it must satisfy at least one of the conditions necessary to ensure that the processing is fair and lawful, as required by the first data protection principle. These conditions are set out in Schedule 2 of the Data Protection Act. If the data is ‘sensitive personal data’, one of the conditions in Schedule 3 must also be met.
Disclosures that can be made without consent fall broadly into two categories:
Social services purposes – To staff directly involved in a case, line managers, anyone caring for one of their clients, i.e.: foster carer where information is likely to be needed for the purposes of that care.
- Other purposes – This would include an inadequate provider and other purposes – i.e.: to bodies such as the police, courts, tribunals etc.
Signet Healthcare Ltd Data Protection/Access to Records
Signet Healthcare Ltd processes data including staff records and client/service user records. Staff information is obtained from application forms when they apply for membership on the Signet Healthcare Ltd application form, as well as police checks, references and conditions of membership. Staff and Workers must be informed that there maybe occasions when their records may be disclosed to clients, for example Social services and for inspection purposes by the CQC.