Medway Foundation Trust Privacy statement 2017
- What information we keep about you and how we use it
- Sharing information with other organisations
- Sending information abroad
- How we keep your information safe and secure
- Use of CCTV and lone-worker protection solutions
- How long do we keep your information for
- Visitors to our website
- Calling us via our switchboard
- People who email us
- People who make a complaint to us
- Job applicants
- Access to personal information
- Links to other websites
- Changes to this privacy notice
- How to contact us
When you are a patient of the Trust we collect and keep your health and personal information confidential. This may include:
- basic details about you e.g. your address, date of birth or next of kin and how you want us to contact you;
- your contact with us e.g. visits to clinics;
- the notes of your treatment;
- results of investigations including Xrays or laboratory tests;
- If you contact us in writing, we will keep a record of that correspondence.
We use your information to provide you with the best of care.
- where we have agreements with other organisations for sharing information. An example of this may be where you as a patient, move from our care to community care;
- with local authorities and particularly Medway Council under the Child Protection-Information Sharing (CPIS) scheme to protect the safety and well-being of vulnerable and looked-after children;
- with Virgin Care Services where they provide community care in Swale and Sheppey community hospitals;
- under section 251 of the NHS Act 2006 to support essential medical research where it is not possible to use anonymised information and where obtaining consent is not practical. We may only share information under section 251 with bodies that are approved to receive such information. For more details please visit the Health Research Authority website;
- where we are required by law to report information to appropriate authorities e.g.
- when a baby is born
- where an infectious disease may endanger the safety of others
- we can pass on personal data without consent to the police, to prevent and detect crime; and
- to produce anonymised statistics
The Trust sends very little information overseas. Where we do, we check to ensure that the companies that we use have excellent information security standards and practice. We will tell you if your personally identifiable information is to be stored overseas.The Trust has recently endorsed the use of forward App as a means of facilitating clinicians’ discussion about patient care. All information stored on this App is stored on secure servers in the USA. The Trust has avoided such transmissions since the dissolution of the Safe Harbour agreement in 2015. However the new 2016 EU-US Privacy Shield arrangements now covers this data flow.
The Trust takes the protection of your personal information seriously.
All our staff are regularly trained on the steps needed to keep patient information safe and secure. Staff are only able to access patient information on a ‘need to know’ basis.
The Trust ensures that patient information is stored and accessed securely, this means that our staff use passwords and other security measures to ensure that the ‘need to know’ philosophy is maintained.
We use technical security measures (such as data encryption) in combination with strong passwords and physical measures (such as Smartcards - these are special cards similar to an “Oystercard” that are held by staff and identify who the member of staff is and what systems they can access) to prevent unauthorised access to patient information. Passwords must be changed regularly and this is enforced by the systems.In addition, the Trust employs other tools to guard our network and the devices on the network. Anti-Malware software is used by the Trust and the Network is monitored and managed to ensure that only devices belonging to the Trust can access the network and information. The Trust also has the benefit of two data centres such that patient information is fully protected in the event of failure of a single data centre.
- alleged security incidents, theft, assault or baby abduction on Trust premises
- staff, visitor and patient safety
- investigation of traffic incidents or congestion on the Trust site
- supporting the management of a fire or major incident alert
- the security of Trust premises
- investigation of persons acting suspiciously on Trust premises
CCTV images are retained for 28 days only.
Images are only viewed by Trust personnel, but images may be shared with the police to aid the investigation or prosecution of criminal activities within Trust grounds and premises.
Traffic enforcement officers and security personnel wear body-worn cameras that record both sound and images. Before cameras are activated staff will formally advise that they are going to do so. Images and sound will be used in the prevention and de-escalation of security incidents; patient, visitor and staff safety; traffic and parking enforcement; and the investigation of persons acting suspiciously on Trust premises.
Images and sound recording from body-worn cameras are retained for 28 days only.
Lone-worker protection solutions
The Trust values the safety and security of its staff, especially where staff may visit patients by themselves at a patient’s home. For their safety and security the Trust uses Reliance Protect lone worker solution which when triggered, will relay live conversation and the GPS location of our staff to the Reliance Customer Support Team in order to effect their safe care as quickly as possible.
The time we keep information for can vary depending on treatment and the type of record. In the main we keep adult patient records for 8 years after a patient is discharged, but this time can extend up to 30 years for example where someone is diagnosed with cancer we will keep the record for 30 years from the time of diagnosis.
When someone visits www.medway.nhs.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for ten years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in an intelligible form.