Let’s Talk IAPT is actively involved in research to improve services provided. This can sometimes involve temporary and restricted access to personally identifying information. If you do not wish for your information to be accessed in this way, please let us know by speaking to one of our staff members attending to your care.
This privacy notice tells you what to expect when Barnet Enfield & Haringey Mental Health NHS Trust (the Trust) collects personal information. It applies to information we collect from people accessing our services.
The Data Protection Officer for the Trust is:
Doreen Todd firstname.lastname@example.org
Tel 020 8702 4134
The Trust collects your personal information to ensure that you receive appropriate care and treatment and to meet certain statutory obligations. This information is kept, together with details of your care, because it may be needed if you require treatment again.
In accordance with Caldicott 2 – To Share or Not to Share, the Trust shares information if and when for example, child protection or safeguarding concerns have been raised
The Trust provides services into a range of criminal justice settings. Your information may be shared with criminal justice agencies and other associated partners in order to ensure your safety whilst in those settings and to enable you to access the appropriate care and treatment. This will always be in accordance with Data Protection legislation such as the General Data Protection Regulation.
Ways in which your information may be used to help the NHS
- Ensure services meet patient needs in the future
- Investigate legal claims, complaints or untoward incidents
- Monitor clinical practice
- Provide anonymised statistics on the NHS performance and activity
- Train and educate our staff
- Audit accounts and services within the NHS
- Research and development, to support the health of the general public
Your information may sometimes be disclosed as a requirement of the law, for example monitoring ethnicity.
Improving Services – The Trust aims to provide service users with the best possible care. We assess the effectiveness of the care we provide so we can continually improve. We do this by collecting information about your condition, the type of care you receive and the outcome of your treatment.
We collect data about our Community Services such as health visiting services, school nursing services and diabetes services, and data about you such as referrals, assessments, diagnoses, activities (for example, taking a blood pressure test) and, in some cases, your answers to questionnaires. The data is securely sent to NHS Digital which is the central organisation that receives the same data from all publicly-funded Community Services across England. NHS Digital removes all identifying details and combines the data we send with the data sent by other care providers, forming the Community Services Data Set.
The data set is used to produce anonymised reports that show only summary numbers of, for instance, patients referred to different types of services. It is impossible to identify any individual patient in the reports, but the reports do help us to improve the care we provide to you and other patients. No information that could reveal your identity is used in national reports.
The benefits to you as a patient include:
- Ensuring that Community Services are available to all patients in all areas by measuring the care that is being delivered.
- Improved care, through monitoring progress to allow future services to be planned.
Informing patients about the care offered at different hospitals.
- Personalised and better organised care for through understanding what care is needed nationally, for example understanding how many patients who are discharged from hospitals then need looking after at home.
To get the most accurate picture and therefore get most benefit, data has to be collected from as many patients as possible.
If, however, you do not want your information to be used to help better manage and plan care provision, you do have the right to object.. This will not affect your treatment in any way. If you would like to find out more about how we use the information, including how to object, please speak to a member of staff or the Trust’s Data Protection Officer.
The Trust retain records in accordance with the Records Management Code of Practice for Health and Social Care 2016 applying the criteria stipulated in section 4 of the code (Retention schedules). For example the Trust are required to retain information held in a mental health record for a minimum of 20 years since the last contact in most cases. Children’s records are retained for a longer period of time.
Information Sharing – Your information may be disclosed to other non-NHS organisations who may be involved in your care, such as the Local Authority or Education services. All NHS staff have a legal duty to maintain confidentiality. Non-NHS staff who have received information from us about you also have a legal duty to maintain confidentiality. The Trust would only share information about you when there is a justifiable reason to do so, and where an appropriate legal basis under data protection law has been identified, enabling us to work together for your benefit.
Legal Basis for Processing. In accordance with the law the Trust must have a legal basis for processing your information. For the delivery of health services and administration this will include the following conditions:
- Art 6 (1) (e) Public Task, the processing is necessary for the Trust to perform a task in the public interest of for the Trust’s official functions, where the task has a clear basis in law.
- Art 9 (2 ) (h) For the provision of health or social care or treatment or the management of health or social care systems and services
- Health and Social Care Act 2015
The NHS Constitution for England (revised 2013) – The NHS Constitution sets out a series of patients’ rights and NHS pledges. All NHS bodies are required by law to take account of the Constitution in their decisions and actions. The rights and pledges include:
- The right of access to your own health records and to have any factual inaccuracies corrected;
- The right to be informed about how your information is used;
- The right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis.
Please inform your clinical team if you have any objections to your information being shared beyond your direct care, alternatively contact the Trust Data Protection Officer via:
email@example.com or tel 020 8702 4134
Keeping in touch
We will keep in touch with you using the contact details that you provide us with at your initial appointment. The ways we keep in touch include sending you correspondence by post, calling you on the telephone and sending you appointment reminders via text messaging. It is very important that you let us know if any of your contact details change to avoid us sending your information to the wrong person.
The Protecting Your Information leaflet provides more details on how we use your information.
In addition to the NHS Constitution the General Data Protection Regulation (GDPR) provides the following rights for individuals
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Not all of these rights apply at all times, there are some exceptions. Contact the Trust’s Data Protection Officer for more information, alternatively detailed guidance relating to individuals rights can be found on the Information Commissioners website
CCTV on Trust Premises
The Trust is compliant with Data Protection law and CCTV codes of practice. The Trust locates CCTV signage in areas where cameras are located. This ensures that members of the public are aware of CCTV in each location and are aware that they are being monitored for the purposes of crime prevention, crime detection and promotion of public safety.
For more information or to raise a concern: The Trust are committed to maintaining good information security standards and developing a culture of data security awareness, if however you have any questions or would like to raise a concern please contact the Trust’s Data Protection Officer. Doreen Todd firstname.lastname@example.org Tel 020 8702 4134.
The Trust investigates concerns raised by members of the public, including staff, if however you feel that the Trust have not addressed your concerns effectively you are entitled to discuss the issues with the supervisory authority, who in the UK is the Information Commissioner. https://ico.org.uk/