Healogics Ltd handles and stores information about identifiable people – for example, about patients – therefore we are legally obliged to protect that information.
Under the Data Protection Act, we will follow the 8 Data Protection principles:
Principle 1. Processed fairly and lawfully
Principle 2. Processed for specified purposes
Principle 3. Adequate, relevant and not excessive
Principle 4. Accurate and kept up-to-date
Principle 5. Not kept for longer than necessary
Principle 6. Processed in accordance with the rights of data subjects
Principle 7. Protected by appropriate security (practical and organisational)
Principle 8. Not transferred outside the EEA without adequate protection
Information will not be transferred outside the European Economic Area (EEA) and only transferred within the EEA, utilising adequate protection.
Requests for Personal Information
Our patients have rights to see their personal information. A subject access request to see the personal information can be made using this form
Information about data subjects may only be disclosed to themselves or third parties under the following circumstances:
Compulsion by law
Duty to the public
In response to a request/following agreement of a data subject
Data Breaches in the Health and Care System
The health sector handles some of the most sensitive personal data, and patients have the right to expect that information will be looked after.
Any data breaches which occur in health, public health and adult social care services are reported at the earliest opportunity, and are handled effectively. Data breaches are reported via an Information Governance Toolkit Repoting Tool to the Health and Social Care Information Centre (HSCIC), Department of Health, Information Commissioners Office and other regulators. The incident reporting tool makes the reporting process simpler and more efficient – automatically informing the appropriate organisations.
Registering with the Information Commissioners Office in full
As we handle personal information, we are registered with the ICO as a Data Controller. This is a statutory requirement; every organisation that processes personal information must notify the ICO, unless they are exempt.