• Data Protection

  •  

    Healogics Ltd handles and stores information about identifiable people – for example, about patients – therefore we are legally obliged to protect that information.

    Under the Data Protection Act, we will follow the 8 Data Protection principles:

    Principle 1.   Processed fairly and lawfully

    Principle 2.   Processed for specified purposes

    Principle 3.   Adequate, relevant and not excessive

    Principle 4.   Accurate and kept up-to-date

    Principle 5.   Not kept for longer than necessary

    Principle 6.   Processed in accordance with the rights of data subjects

    Principle 7.   Protected by appropriate security (practical and organisational)

    Principle 8.   Not transferred outside the EEA without adequate protection

     

    Information will not be transferred outside the European Economic Area (EEA) and only transferred within the EEA, utilising adequate protection.

     

    Requests for Personal Information

    Our patients have rights to see their personal information. A subject access request to see the personal information can be made using this form

    Information about data subjects may only be disclosed to themselves or third parties under the following circumstances:

    • Compulsion by law

    • Duty to the public

    • In response to a request/following agreement of a data subject

     

    Data Breaches in the Health and Care System

    The health sector handles some of the most sensitive personal data, and patients have the right to expect that information will be looked after.

    Any data breaches which occur in health, public health and adult social care services are reported at the earliest opportunity, and are handled effectively. Data breaches are reported via an Information Governance Toolkit Repoting Tool to the Health and Social Care Information Centre (HSCIC), Department of Health, Information Commissioners Office and other regulators. The incident reporting tool makes the reporting process simpler and more efficient – automatically informing the appropriate organisations. 

     

    Registering with the Information Commissioners Office in full

    As we handle personal information, we are registered with the ICO as a Data Controller. This is a statutory requirement; every organisation that processes personal information must notify the ICO, unless they are exempt.