Privacy Notice for Patients
(including users of the Healogics UK Website)
Who are we:
Healogics specialise in the provision of wound healing & lymphoedema services. Using an evidence-based systematic approach to chronic wound healing, Healogics provides speciality wound care and lymphoedema services to both NHS and private patients.
How we use your information:
The purpose of this leaflet is to tell you how Healogics collects and processes information about you in accordance with the Data Protection Act 2018 (UK GDPR). This is sometimes known as a Privacy Notice. It tells you:
- about our commitment to meet the requirements of the Data Protection Act 2018 (UK GDPR)
- why we collect information about you
- what information we collect about you
- in what format your information is held
- the legal basis for collecting information about you
- how your information is used
- how we keep your information safe
- when we might share information about you
- your rights
- how this affects you
About the Data Protection Act 2018 (UK GDPR):
The Data Protection Act 2018 (UK GDPR) brings the European General Data Protection Regulation (GDPR) in to UK law. References to the Data Protection Act 2018 include provisions of the GDPR. Healogics must ensure data protection standards within the company meet the regulatory obligations of the Act.
Our commitment to meet the requirements of the Data Protection Act 2018 (UK GDPR) includes:
- meeting the guidelines for the collection and processing of personal identifiable information, your information
- undertaking regular reviews of our Data Protection Impact Assessment
- keeping your information safe
- fully respecting your rights
Why we collect information about you:
We aim to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
To facilitate the acquisition of wound care products, supplies or treatments, in support of your care.
To meet our obligations to you under Health & Safety Legislation.
We process some of your information for statistical purposes and in these instances, we take strict measures to ensure that you cannot be identified. Examples of this include contractual reporting, business / service development / data which reflects website usage.
We collect and process your information so that we can be paid for the care that we provide to you.
We collect and process your information so that we can communicate with you, to respond to enquiries generated by you and to send you appointment reminders.
We may utilise your information for the training and education of other healthcare professionals to enhance their knowledge and skills. We take care to hide your identity when using your information in this way.
We collect and process surveillance camera photographic data to help us keep you and your information safe.
What information we collect about you:
- basic details about you, such as name, address, date of birth, mobile/home telephone numbers
- details relating to ethnic origin, cultural / religious beliefs
- details of allergies, special needs, hosiery measurements
- contact we have had with you such as appointments and home visits
- notes and reports about your health, physical and mental condition
- details and records about your treatment and care
- results of investigations such as x-rays and laboratory test results
- relevant information from people who care for you and know you well, such as healthcare professionals and relatives
- accident, incident reporting
- surveillance camera photographic data
In what format your information is held:
- computer including, electronic patient records, text reminders via diary system, emails
- Smart Survey including questionnaires, audits, surveys
- photographs, including printed and digital
- anonymised database derived by combining data sets
- encrypted surveillance camera photographic data
The legal basis for collecting and processing information about you includes:
Necessary for Contract: the processing of your information is necessary for the Patient Contract that we hold directly with you as a private patient or our NHS Contract, as commissioned by the Clinical Commissioning Group, of the healthcare professional who referred you to our service
Public Interest: to support education and training for local / national healthcare professionals, via journals, publications and education/training events, we may process your information, to present it in a format that is anonymised so that you cannot be identified
Legitimate Interests: we may process your information to anonymise it, to use for improving services, service planning and business development. You will not be identified where your information is anonymised. We manage your information to allow us to charge for the care that we provide to you. We use your information to communicate with you about your booked appointments and to respond to enquiries generated by you, through Healogics UK Website. The use of surveillance cameras supports the well-being of visitors to our Eastbourne clinic, supports our efforts to keep your information secure whilst helping us to maintain business continuity.
Legal Obligations: we collect and process your information to meet our legal obligations for records management, including archiving your information, held in your patient record. We collect and process your information to meet our legal obligations to Health & Safety Legislation
How your information is used:
- to provide a good basis for any treatment or advisory services we provide to you
- to make sure your treatment is safe and effective and the advice we provide is appropriate and relevant to you
- to work effectively with others providing you with treatment or advice
- to facilitate the acquisition of wound care products, supplies or treatments in support of your care
- to facilitate text appointment reminders being sent to your personal mobile phone
- to respond to the enquire we receive from you, via the Healogics UK Website
- to charge for the care provided to you
- to properly investigate your concerns if you raise a complaint
- to provide feedback to improve the services we offer
- to provide anonymised statistics in support of business development and service / website improvements
- to provide anonymised information to support reporting for NHS Contracts, including for the purpose of charging for our service
- to provide information to regulatory authorities, including Care Quality Commission; https://www.cqc.org.uk/about-us/our-policies/privacy-statement
- to support internal audits as required by regulatory authorities
- to ensure we meet legal obligations in relation to records management
- in the event of an incident within 3rd party premises, (such as a satellite clinic), we may require to share your information with a 3rd party to ensure we meet legal obligations in relation to Health & Safety Legislation during combined investigations
- to support local / national training and education of other healthcare professionals
- to assist law enforcement to deal with criminal activities
How we keep your information safe:
- by providing Information Governance Awareness Training annually for all of our staff
- by ensuring robust Information Governance Security measures are in place
- we undertake regular Information Governance Security Audits
- we undertake annual Information Governance Compliance Audit / Training
- we adhere to the legislation including the Human Rights Act (1998) and the Common Law Duty of Confidentiality
- adherence to the Data Security & Protection Toolkit, formerly Information Governance Toolkit
- by committing to Data Quality supported through training and annual audits
- through our commitment to the Records Management Policy
- by ensuring that the Healogics UK Website and data is supported with TLS1.2 technology using RSA 2048 bit security standard
- by encrypting our surveillance camera photographic data
Healogics UK Website:
- We use reasonable, organisational, technical and administrative measures to protect personal information under our control. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- Our website may include links to third-party websites. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
You can view our full cookies policy at https://uk.healogics.com/cookies-policy
When we might share information about you:
Your information is kept secure and only shared on a ‘need to know’ basis. Limited and proportional sharing may occur with:
- healthcare professionals (such as doctors, nurses, pharmacists, physiotherapists and occupational therapists, for example)
- 3rd party premises management for non Healogics managed sites
- suppliers of wound dressings, hosiery, treatments
- administrative support staff, including accountants
- healthcare students in training
- pathology and radiology staff involved in the analysis and reporting of diagnostic tests
- staff conducting local clinical audits to evaluate the care provided to you
- authorised personnel from visiting regulatory authorities, including the Care Quality Commission, The Health & Safety Executive
- Insurance Company(s) associated with company benefits, employers and public liability insurance, medical malpractice cover
We may also share your information with your consent and subject to strict sharing protocols about how it will be used, with:
- social services
- education services
- local authorities
- voluntary sector providers
We may also share your information with your consent with others that need to use records about you to:
- check the quality of treatment or advice we have given you
- protect the health of the general public
- manage the health service
- help investigate any concerns or complaints you or your family have about your health care
There may be times when we need to share your information without your consent, for example:
- where there is a risk of harm to you or other people
- where we believe that the reasons for sharing are so important that they override our obligation of confidentiality (for example, to support the investigation and prosecution of offenders or to prevent serious crime)
- where we have been instructed to do so by a Court
- where we are legally required to do so
- to control infectious diseases such as meningitis, tuberculosis (TB) or measles
- if you are subject to the Mental Health Act (1983), there are circumstances in which your 'nearest relative' must receive information even if you object
The national data opt-out is a service that enables the public to register to opt out of their confidential patient information being used for purposes beyond their individual care and treatment; patients can change their national data opt-out choice at any time.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
We are bound both by law and a strict code of confidentiality. In accordance with NHS guidance, Healogics has appointed a Caldicott Guardian; a senior member of staff responsible for protecting the confidentiality of patient and service user information and enabling appropriate information sharing.
In addition, we have appointed a Data Protection Officer (DPO) who is responsible for ensuring Healogics adheres to the Data Protection Act 2018 (UK GDPR). The DPO ensures that we are registered with the Information Commissioner’s Office (ICO).
Our ICO Registration Reference is ZA101854
How does this affect you:
You can be confident that we are adhering to the regulations and laws that apply to us about how we manage your information. You should know that anyone who receives your information from us also has a legal duty to keep it confidential.
If you wish to discuss the management of your information, discuss your rights under the Data Protection Act 20187 (UK GDPR) or would like to view the Healogics Data Protection Impact Assessment then please do contact the Governance Officer:
Healogics Wound Healing
& Lymphoedema Centres
Wish Tower House
1c Edward Road
East Sussex BN23 8AS
Telephone: 01323 735588