Privacy Notice - How we use your information
This privacy notice tells you what to expect when Barnet Enfield & Haringey Mental Health NHS Trust (the Trust) collects personal information. It applies to information we collect from people accessing our services.
The Data Protection Officer for the Trust is:
Doreen Todd email@example.com
Tel 020 8702 4134
The Trust collects your personal information to ensure that you receive appropriate care and treatment and to meet certain statutory obligations. This information is kept, together with details of your care, because it may be needed if you require treatment again.
In accordance with Caldicott 2 – To Share or Not to Share, the Trust shares information if and when for example, child protection or safeguarding concerns have been raised
The Trust provides services into a range of criminal justice settings. Your information may be shared with criminal justice agencies and other associated partners in order to ensure your safety whilst in those settings and to enable you to access the appropriate care and treatment. This will always be in accordance with Data Protection legislation such as the General Data Protection Regulation.
The Trust and the police are working together planning the implementation of Serenity Integrated Mentoring (SIM) & High Intensity Network with the aim on reducing the number of people being detained by the police under the Section 136 of the Mental Health Act (MHA) in the community. Again, your information will only be shared in line with Data Protection Legislation, such as the General Data Protection Regulation (GDPR).
Ways in which your information may be used to help the NHS
- Ensure services meet patient needs in the future
- Investigate legal claims, complaints or untoward incidents
- Monitor clinical practice
- Provide anonymised statistics on the NHS performance and activity
- Train and educate our staff
- Audit accounts and services within the NHS
- Research and development, to support the health of the general public
Your information may sometimes be disclosed as a requirement of the law, for example monitoring ethnicity.
Improving Services - The Trust aims to provide service users with the best possible care. We assess the effectiveness of the care we provide so we can continually improve. We do this by collecting information about your condition, the type of care you receive and the outcome of your treatment.
We collect data about our Community Services such as health visiting services, school nursing services and diabetes services, and data about you such as referrals, assessments, diagnoses, activities (for example, taking a blood pressure test) and, in some cases, your answers to questionnaires.
The data is securely sent to NHS Digital which is the central organisation that receives the same data from all publicly-funded Community Services across England. NHS Digital removes all identifying details and combines the data we send with the data sent by other care providers, forming the Community Services Data Set.
The data set is used to produce anonymised reports that show only summary numbers of, for instance, patients referred to different types of services. It is impossible to identify any individual patient in the reports, but the reports do help us to improve the care we provide to you and other patients. No information that could reveal your identity is used in national reports.
The benefits to you as a patient include:
- Ensuring that Community Services are available to all patients in all areas by measuring the care that is being delivered.
- Improved care, through monitoring progress to allow future services to be planned.
Informing patients about the care offered at different hospitals.
- Personalised and better organised care for through understanding what care is needed nationally, for example understanding how many patients who are discharged from hospitals then need looking after at home.
To get the most accurate picture and therefore get most benefit, data has to be collected from as many patients as possible.
If, however, you do not want your information to be used to help better manage and plan care provision, you do have the right to object.. This will not affect your treatment in any way. If you would like to find out more about how we use the information, including how to object, please speak to a member of staff or the Trust’s Data Protection Officer.
The Trust retain records in accordance with the Records Management Code of Practice for Health and Social Care 2016 applying the criteria stipulated in section 4 of the code (Retention schedules). For example the Trust are required to retain information held in a mental health record for a minimum of 20 years since the last contact in most cases. Children’s records are retained for a longer period of time.
Information Sharing - Your information may be disclosed to other non-NHS organisations who may be involved in your care, such as the Local Authority or Education services. All NHS staff have a legal duty to maintain confidentiality. Non-NHS staff who have received information from us about you also have a legal duty to maintain confidentiality. The Trust would only share information about you when there is a justifiable reason to do so, and where an appropriate legal basis under data protection law has been identified, enabling us to work together for your benefit.
Legal Basis for Processing. In accordance with the law the Trust must have a legal basis for processing your information. For the delivery of health services and administration this will include the following conditions:
- Art 6 (1) (e) Public Task, the processing is necessary for the Trust to perform a task in the public interest of for the Trust’s official functions, where the task has a clear basis in law.
- Art 9 (2 ) (h) For the provision of health or social care or treatment or the management of health or social care systems and services
- Health and Social Care Act 2015.
The NHS Constitution for England (revised 2013) The NHS Constitution sets out a series of patients' rights and NHS pledges. All NHS bodies are required by law to take account of the Constitution in their decisions and actions. The rights and pledges include:
- The right of access to your own health records and to have any factual inaccuracies corrected;
- The right to be informed about how your information is used;
- The right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis.
Please inform your clinical team if you have any objections to your information being shared beyond your direct care, alternatively contact the Trust Data Protection Officer via:
firstname.lastname@example.org or tel 020 8702 4134
Keeping in touch
We will keep in touch with you using the contact details provided by you. The ways we keep in touch include sending you correspondence by post, email, calling you on the telephone and sending you appointment reminders via text messaging. We will always use appropriate secure methods of transfer to protect your information. It is very important that you let us know if any of your contact details change to avoid us sending your information to the wrong person. Please inform your clinical team if you do not want to be contacted via text messaging.
The Protecting Your Information leaflet provides more details on how we use your information.
In addition to the NHS Constitution the General Data Protection Regulation (GDPR) provides the following rights for individuals
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Not all of these rights apply at all times, there are some exceptions. Contact the Trust’s Data Protection Officer for more information, alternatively detailed guidance relating to individuals rights can be found on the Information Commissioners website
Data Protection by Design
The Trust carry out data protection impact assessments in accordance with the General Data Protection Regulation, when contemplating new projects that involve personal data or changes in processing operations. Please contact the Data Protection Officer if you would like more information relating to Data Protection Impact Assessments.
CCTV on Trust Premises - The Trust is compliant with Data Protection law and CCTV codes of practice. The Trust locates CCTV signage in areas where cameras are located. This ensures that members of the public are aware of CCTV in each location and are aware that they are being monitored for the purposes of crime prevention, crime detection and promotion of public safety.
Car park Management - is provided by a third party company under a contract with the Trust. The contractor will collect vehicle information on behalf of the Trust when individuals park their vehicles in restricted areas, this is to support traffic flow and for the prevention and detection of crime.
For more information or to raise a concern: The Trust are committed to maintaining good information security standards and developing a culture of data security awareness, if however you have any questions or would like to raise a concern please contact the Trust’s Data Protection Officer. Doreen Todd email@example.com Tel 020 8702 4134.
The Trust investigates concerns raised by members of the public, including staff, if however you feel that the Trust have not addressed your concerns effectively you are entitled to discuss the issues with the supervisory authority, who in the UK is the Information Commissioner. https://ico.org.uk/
What are cookies?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
This is used to store whether you are in textOnly mode or not.
Persistent for three months.
This is used to store user preferences for viewing sites in textOnly mode e.g. font-size and colour.
Persistent for one month.
This cookie has two functions.
Firstly it serves as a session cookie for extranet users. Without this cookie, an extranet user will have to login to each individual page in the extranet.
It also enables us to track the pages that a user visits while they navigate around the site.
This is used to store whether you have agreed to receive cookies.
Persistent for one year.
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.