Sharing for Direct Care
As a patient of the Trust, your data will be shared within the health care team providing you direct health care; that could be doctors, nurses and other allied health professionals providing you with care and treatment. Authorised non health professionals will also have access to information about you as appropriate in order to manage your health records, write to invite you to appointments and generally manage your contacts with the Trust. All staff are bound by a contractual duty of confidentiality and are also subject to data protection legislation. Information will also be shared with your General Practitioner (GP) to ensure that there is one continuous record of all health care that you have received from any NHS provide or other health provider.
The Trust will also share relevant information with other NHS Trusts such as a
Hospital Trust where you are being referred for specialist or hospital-based treatment.
It is necessary for the Trust to use your information in order to provide you with direct health care.
Under the UK GDPR, the lawful basis we rely on to process your personal data is:
- Article 6(1)(e) ‘the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Under the UK GDPR, the lawful basis we rely on to process your special category data is:
- Article 9(2)(h) ‘processing is necessary for the purposes of preventive or occupational medicine….’
Integrated Care Record
The Trust works with other health and social care organisations to share information that will form part of your Integrated Care Record. The Integrated Care Record allows health and care professionals involved in your care to view your records to help them understand your needs and make the best decisions with you, and for you.
The following organisations are involved in the ICR programme:
- GP practices within Coventry and Warwickshire through their membership of the Integrated Care Board
- Coventry and Warwickshire Partnership NHS Trust
- University Hospitals Coventry and Warwickshire NHS Trust
- George Eliot Hospital NHS Trust
- South Warwickshire University NHS Foundation Trust
- Coventry City Council
- Warwickshire County Council
- West Midlands Ambulance Service University NHS Foundation Trust
Health and social care organisations in the neighbouring areas of Birmingham and Solihull, and Herefordshire and Worcestershire, will be able to view your information for the purpose of giving you direct care should it be necessary.
Information we hold about you will be available, to read only to other health and care professionals when they are involved in your health or social care.
For more information on how your data is used on the Integrated Care Record and how to exercise your rights can be found here.
Section 75 Partnership Agreement
As a result of Section 75 of the National Health Services Act 2006, in some of our services we work in formal partnership working arrangements with other registered professionals, such as social workers. These are mainly within are community mental health teams where we have specialist registered social workers who are employed as part of the Community Teams. This is from the appropriate local authorities, such as Coventry City Council and Warwickshire County Council.
If you are a patient of a community mental health team your health records will have entries and information recorded within them by the whole care team including the registered social workers. These joint records will be managed in line with the current requirements as to security, confidentiality and how long we keep these records.
Information shared with your consent
Where the Trust receives a request for information about you including information from your health records, if this is not connected with your direct health/social care, the Trust would ask for your explicit i.e. written consent. For example, if a Solicitor or other external organisations asked for copies of your health records, the Trust would only provide this information about you when you have consented to share this information.
Under the UK GDPR, the lawful basis we rely on to process your personal data are:
- Article 6 (1)(a) ‘the data subject has given consent to the processing of his or her personal data for one or more specific purposes’
Under the UK GDPR, the lawful basis we rely on to process your special category data are:
- Article 9 (2)(a) ‘the data subject has given their explicit consent to the processing of their personal data for one or more specific purposes….’
Information shared in regard to Safeguarding
The Trust is dedicated to ensuring that the principles and duties of safeguarding adults and children are holistically, consistently and conscientiously applied with the wellbeing of all at the heart of what we do.
Under the UK GDPR, the lawful basis we rely on to process your personal data are:
- Article 6(1)(a) ‘the Data Subject has given consent…’
- Article 6(1)(c) ‘processing is necessary for compliance with a legal obligation to which the controller is subject’
- Article 6(1)(d) ‘processing is necessary in order to protect the vital interests of the Data Subject or another Natural Person
- Article 6(1)(e) ‘the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Under the UK GDPR, the lawful basis we rely on to process your special category data are:
- Article 9(2)(a) ‘the Data Subject has given explicit consent….’
- Article 9(2)(c) ‘processing is necessary to protect the vital interests of the Data Subject or of another Natural Person….’
- Article 9(2)(g) ‘processing is necessary for reasons of substantial public interest….’
- Article 9(2)(h) ‘processing is necessary for the purposes of preventive or occupational medicine….’
In order to share information legally between organisations there must be a defined and justifiable purpose that references the appropriate underpinning legislation and the associated duties and/or powers. It is therefore the responsibility of all organisations that share information that exchanges are justified and in accordance with key legislations:
Data Protection Act 2018 – Schedule 1, Section 18 & 19 – Safeguarding of children and of individuals at risk & Safeguarding of economic well-being of certain individuals
Care Act 2014 - This Act gives the Local Authority in each area a duty to put procedures in place to safeguard vulnerable adults who have care and support needs.
Children Act 2004
Common Law Duty of Confidence
Crime and Disorder Act 1998
Criminal Justice Act 2003
Mental Capacity Act (2005)
Domestic Violence, Crime and Victims Act 2004
Human Rights Act 1998
Immigration and Asylum Act 1999
Multi-agency Public Protection Arrangements (MAPPA)
National Health Service Act 2006
The data collected by Trust staff in the event of a safeguarding situation will be as much personal information as is necessary or possible to obtain, to handle the situation. In addition to some basic demographics and contact details, this is likely to be special category information (such as health information).
The information is used by the Trust when handling a safeguarding incident or concern. We may share information accordingly to ensure duty of care and investigation as required with other partners such as local authorities, the police, healthcare professional (i.e. their GP or mental health team).
Information shared because of other legal bases
The Health and Social Care Act 2012 set up a new NHS organisation called NHS
Digital. NHS Digital is also known as the Health and Social Care Information Centre.
One of the specific legal responsibilities of NHS Digital is to be the safe haven of health and care information. NHS Digital collects data and information about people using health and care services in England and in some cases Wales, Scotland and Northern Ireland. This information is needed to run the health service.
The Secretary of State for Health and Social Care, and NHS England, can tell NHS Digital to collect and process information on specific topics, or set up information systems to collect information. This means they can see, for example, whether policies are working or which treatments are most effective. These orders are called 'directions'.
The Care Quality Commission (CQC), National Institute for Health and Care Excellence (NICE) and NHS Improvement (NHSI) can also tell NHS Digital to collect information. These are called 'mandatory requests'.
Other health and care organisations and local authorities can also ask NHS Digital to collect information for them, if they are legally allowed to view this information.
When NHS Digital is told or asked to collect certain information nationally, this means that Coventry and Warwickshire Partnership NHS Trust has a legal duty to share the required information or data sets with NHS Digital.
NHS Digital publishes 'data provision notices', telling the Trust what data we need to provide to NHS Digital.
Some of the information provided to NHS Digital is identifiable patient information. One of NHS Digital’s roles is to convert such data into nonidentifiable data or anonymised data for use within the local Health Service Commissioning bodies such as the Clinical Commissioning Groups. Where identifiable data is not required this will be anonymised.
International transfers
The Trust will ensure that any international transfers of confidential patient information will only be undertaken in accordance with the GDPR and with countries that can ensure an adequate level of protection for the rights and freedoms of our patients. Where applicable your consent will be sought.