Benenden Hospital Privacy Notice

What is a Privacy Notice?

A privacy notice is a statement of how Benenden Hospital Trust collects, uses, retains and discloses your personal information. Personal information is information that identifies you and is about you.

To ensure that we process your personal data fairly and lawfully we are required to inform you:

  • Why we need your data
  • How it will be used and
  • Who it will be shared with
  • What rights you have in relation to the personal data we collect from you

The law determines how organisations can use personal information. The key laws are: the Data Protection Act, EU General Data Protection Regulation, the Human Rights Act, relevant health service legislation, and the common law duty of confidentiality.

Within these pages we describe instances where Benenden Hospital Trust is the “Data Controller” (the organisation who decides what data we collect and how it is used), and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.

Benenden Hospital Trust recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties.

This notice applies to Patients, Visitors, Staff Members, Clinicians, Consultants, Contractors, Vendors and Suppliers to Benenden Hospital.  Benenden Health Society Members please note for clarification this notice applies to Benenden Hospital Trust and not The Benenden Healthcare Society Limited, who will issue a separate notice.

This privacy notice is effective from 25 May 2018

Your information

What information do we collect about you?

We only collect and use your personal information where at least one of the legal basis applies and for the lawful purposes of administering the business of Benenden Hospital Trust. The legal basis are as follows:

  • Under consent – where you have given your ‘consent’ to the processing of your personal data.
  • Performance of a contract – where the processing of your data is necessary for the fulfilment of a contract, for example e-referrals of NHS patients is subject to a contract.
  • Compliance with a legal obligation – processing of your data is required by law and the hospital is required to comply.
  • In the vital interest – we may process your personal data in order to protect your vital interests, for example in providing emergency treatment or care should it be required.
  • Public interest – we may process personal data in order to complete a task carried out in the public interest.
  • Legitimate interest – we may process your personal data as we hold a legitimate ‘business’ interest in processing that information.

The table below shows the purposes and the associated legal basis under which we process your personal data;

Purpose of processing

Legal basis for processing

Accounting and Auditing

Compliance with a legal obligation and Legitimate interest

Accounts and Records

Compliance with a legal obligation and Legitimate interest

Advertising and Public Relations

Under Consent and Legitimate interest

Consultancy and Advisory Services

Performance of a Contract and Legitimate interest

Crime Prevention and Prosecution of Offenders

Compliance with a legal obligation

Education

Legitimate interest

Healthcare Administration and Services

Performance of a Contract andLegitimate interest

Information and Databank Administration

Performance of a Contract and Legitimate interest

Research

Legitimate interest and

Under Consent

Sharing and matching of personal information for national fraud initiative

Compliance with a legal obligation

Employment and Staff administration

Compliance with a legal obligation and Legitimate interest

What types of personal data do we handle?

We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts, promote our services and to support and manage our employees. We also process personal information about healthcare professionals that deliver services within Benenden Hospital Trust.

The types of personal information we use include:

  • Personal identity - such as title, name, marital status, date of birth, National Insurance number
  • Contact details - such as addresses, telephone & mobile numbers, email address
  • Family details – such as next of kin details, relationships to next of kin
  • Financial details – such as bank sort code/ account number, Payment card number, payroll, tax information
  • Employment details – such as salary, annual leave, pension, benefits, discipline and grievance, performance data, occupational health data and security clearance data
  • Education and training details of staff and consultants - such as Training records, Qualification verification
  • Details held in the patient’s record, where we hold or manage the patient’s record – such as NHS Number, GP Details
  • Lifestyle and social circumstances – such as questions about smoking, drinking and general lifestyle
  • CCTV images – for providing security monitoring of the grounds and hospital, internal employment processes and training
  • Responses to surveys where individuals have responded to surveys about issues

We also process special category of information for patients, staff and consultants, that may include:

  • Racial and ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Data concerning health
  • Genetic data
  • Biometric data
  • Data concerning a person’s sex life or sexual orientation
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment tribunal applications, complaints, accidents, and incident details

How will we use information about you?

Your information is used to run and improve Benenden Hospital Trust. In respect of our patients, their data may be used to:

  • Register all patients onto our Patient Administration System
  • Register new referrals for existing patients on our systems, update demographic details and health records with new referral details
  • Record telephone calls made to the hospital patient appointments department in relation to appointment enquiries
  • Allow the preparation of health record folder (notes) for the patient
  • Investigate complaints, legal claims or important incidents
  • Make sure services are planned to meet patients’ needs in the future
  • Check and report on how effective Benenden Hospital Trust and the services it commissions has been
  • Display your name on LCD TV screens within patient waiting areas, as a means to call you to the relevant clinic.
  • Display on LCD TV screens in nurse stations within the Inpatient Wards
  • Create operation notes and letters for communicating outcomes with your GP
  • Ensure correct patient information at all times by using your name on identity bracelets, if you are admitted as an inpatient. If you are unable to clearly identify yourself a band maybe used in cases of outpatients
  • Ordering medical devices, such as hip and knee prosthetics for surgical procedures
  • Help patients to make informed choices for treatment by processing anonymised statistical information on private hospital performance
  • To address customer service enquiries made via the website
  • If you request to meet with a chaplain, we may share your name with them

We may keep your information in a written form or on a computer. Whenever possible all information that identifies you will be removed.

For our staff, contractors, consultants, clinical agency staff, vendors and suppliers personal data may be used to:

  • Verify employment history, qualifications and experience
  • Validate ‘right to work’
  • Assess suitability for employment during selection process
  • Personal development of employees
  • Payroll
  • NI and tax accounting
  • Disciplinary and grievances
  • Undertake due diligence and risk assessment of supply chain

Allscripts Patient Administration System

Benenden Hospital Trust is the data controller for the Allscripts Patient Administration System (APAS) system. This system holds personal details of all patients that have been either referred by Benenden Health Society, referred by a GP via the NHS e-Referrals system or as a private patient that has attended and subsequently discharged.

The information held on this system is used primarily for the purpose of administering healthcare services, it may however be used for other non-health related purposes and shared with statutory bodies/organisations to enable them to fulfil their statutory obligations. ‘Non-health related purposes’ relate to processing such as contracted reporting to the Private Hospitals Information Network (PHIN) using pseudonymised data which allows patients to make informed choices of where they may want accept treatment. We may also use the information within the administration system for statistical analysis to see how the hospital itself is performing with respect to business targets and objectives. 

The information will only be shared with other organisations where there is a statutory obligation to do so, or with the agreement of the Benenden Hospital Trust, Caldicott Guardian and the Data Protection Officer. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service user information and enabling appropriate information-sharing.

Sharing your information

We may disclose your personal information for a number of reasons (to the extent necessary). This can be due to:

  • Our obligation to comply with current UK legislation
  • Our duty to comply with a court order
  • A contractual commitment to report statutory information
  • Providing us with your consent to the disclosure of your data

In fulfilling our obligation to provide healthcare services we may share your data with the following organisations:

  • Benenden Healthcare Society
  • National Health Service (NHS)
  • NHS General Practitioners (your Doctor)
  • Imaging Exchange Portal (a web-based portal used to allow sharing of scan images between healthcare trusts/organisations)
  • Specialist consultants
  • National joint registry
  • PROMS
  • PHIN (Private Healthcare Information Network)
  • Contracted 3rd parties providing medical services or devices (such as Zimmer Biomet, RehabWorks)
  • Healthcare insurance providers
  • Pathology laboratories
  • Where we are required to do so by law
  • In the event that sharing your data will ultimately benefit you as the data subject

Sharing your Information outside of the EEA?

We may from time to time be required to share your information with other service providers who are outside of UK and the EU. The sharing of your information with these providers is necessary in order to provide the necessary medical device or service. The transfer of personal data internationally will be conducted with the appropriate legal mechanisms in place.

How long will we keep your data for?

We will keep your personal information in accordance with our Documented Information Retention Policy and for as long as is lawfully necessary to conduct our business with you, and/ or in accordance with our legal obligations for data retention.

If you are treated at this hospital, we will create an adult patient health record for you. This Patient health record is kept for 8 years following the last treatment provided. 

If you make a query via the hospital website, we ask for your name, email address and if you are a member of Benenden Healthcare Society.  We will retain this information for a period of no longer than 1 year. It will be kept for this period in case of any further enquiries and/or complaints.  

What rights do I have regarding your use of my information?

You have the following rights in relation to the personal data that we hold on you:

  • You have a right to make a subject access request
  • You have the right to rectify/amend your personal information if it is incorrectly recorded. Accounting for the purposes of processing you have the right to have incomplete personal data completed, including by means of providing a supplementary statement
  • You may have the right for your personal data to be deleted
  • You have the right to restrict the processing of your data, if you believe that the personal data being processed is inaccurate or is being processed unlawfully
  • You may have the right to data portability. This is the transfer of your data to another data controller, where you have provided your consent and the processing is carried out by automatic means
  • You have the right to make an objection to the processing of your personal data relating to your particular situation, at any time, based on processing of data in the public interest or for the purposes of legitimate interests pursued by Benenden Hospital Trust
  • Where personal data is processed for marketing purposes you have the right to object to the processing of your personal data and to withdraw your consent, at any time, to direct marketing

To enquire about or exercise any of your rights please contact us using the details provided below.

Do I have a choice?

Providing Benenden Hospital Trust with your personal data helps us to fulfil our contract to provide you with relevant healthcare services. When providing our services we will have entered into a contractual agreement with either Benenden Health, the NHS or other Health Insurance Providers.

Failure to provide Benenden Hospital Trust with your personal data may impact on the level of healthcare we can provide, it may even result in non-acceptance for healthcare treatment at Benenden Hospital Trust.     

For staff, consultants, contractors, vendors and suppliers the restriction on processing of personal data may impact any contractual agreements in place between either party, that may result in failure to meet the contractual obligation.

Data Protection Notification

Benenden Hospital Trust is a ‘data controller’ under the DPA. Our registration Number is: Z729839X. We have notified the Information Commissioner’s Office that we process personal data and the details are publicly available from the:

Information Commissioner’s Office

Wycliffe House

Water Lane,

Wilmslow.

SK9 5AF

ico.org.uk

Changes to our privacy notice

We keep our privacy notice under regular review and we will place any updates on the Benenden Hospital webpage.

Complaints about how we process your personal information.

In the first instance, you should contact the Data Protection Officer on the details below

Andrzej Koper, Data Protection Officer

Telephone: 01580 857 469

Email: dpo@benenden.org.uk

Post: Benenden Hospital Trust, Goddard's Green Road, Benenden, Cranbrook, Kent TN17 4AX.

 

Our office opening hours are: 9am to 5pm Monday to Friday.

You may also refer any complaints directly to the ICO on the contact details provided above.