Privacy Notice | Version 1.0
Privacy Notice
Version 1.0
Target Audience: All employees of NPH Group
Next Review Date: March 2021
Approved & Ratified: Mark McCaldin
Date Issued: March 2018
Author: Gill Reay
Privacy Notice
Version 1.0 | Page 1
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
Change Record:
Date Author Version Page Reason for Change
Index
1. Who we are
2. What is a privacy notice
3. Why issue a privacy notice
4. What are we governed by
5. Who are we governed by
6. Why and how we collect information
7. These records may include
8. How we use information
9. How information is retained and kept safe
10. How do we keep information confidential?
11. How long will records be retained
12. Who will the information be shared with
13. Contacting us about your information
Privacy Notice
Version 1.0 | Page 2
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
14. Can I access my information?
15. Contacting us if you have a complaint or concern
Who we are:
NPH Group are a leading provider of independent health services in Newcastle and the North East.
Offering the highest quality primary medical services, including comprehensive occupational
health advice, private health care consultations, health screenings and a dedicated travel clinic.
Our service offers dedicated time, convenience, and continuity of care for individuals, families or
organisations.
What is a privacy notice?
A Privacy Notice is a statement by NPH to patients, service users, visitors, public and staff that
describes how we collect, use, retain and disclose personal information which we hold. It is
sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy.
This privacy notice is part of our commitment to ensure that we process your personal
information/data fairly and lawfully.
Why issue a privacy notice?
NPH Group recognises the importance of protecting personal and confidential information in all
that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in
which we can demonstrate our commitment to our values and being transparent and open, and
commitment to our values of Accountability, acting with Integrity, demonstrating Care and Passion
and striving for Quality in all we do.
This notice also explains what rights you have to control how we use your information.
We recognise that all individuals have:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
Privacy Notice
Version 1.0 | Page 3
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
What are we governed by?
The key pieces of legislation/guidance we are governed by are:
General Data Protection Regulations (GDPR) – post 25th May 2018
Human Rights Act 1998 (Article 8)
Access to Health Records Act 1990
Freedom of Information Act 2000
Health and Social Care Act 2012, 2015
Public Records Act 1958
Computer Misuse Act 1990
The Common Law Duty of Confidentiality
The Care Record Guarantee for England
International Organisation for Standardisation (ISO)
Information Security Management – NHS Code of Practice
Records Management – Code of Practice for Health and Social Care 2016
Accessible Information Standards (AIS)
Who are we governed by?
Department of Health – https://www.gov.uk/government/organisations/department-ofhealth
Information Commissioner’s Office – https://ico.org.uk/
Care Quality Commission – http://www.cqc.org.uk/
NHS England – https://www.england.nhs.uk/
Our doctors, nurses, healthcare professionals are regulated and governed by professional bodies
including numerous royal colleges.
Why and how we collect information
We may ask for or hold personal confidential information about you which will be used to support
delivery of appropriate care and treatment. This is to support the provision of high quality care.
These records may include
• Basic details, such as name, address, date of birth, next of kin.
• Contact we have had, such as appointments and telephone consultations.
• Details and records of treatment and care, including notes and reports about your health
Privacy Notice
Version 1.0 | Page 4
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
• Results of x-rays, blood tests, etc.
• Information from people who care for you and know you well, such as health professionals and
relatives.
It may also include personal sensitive information such as sexuality, race, your religion or beliefs,
and whether you have a disability, allergies or health conditions. It is important for us to have a
complete picture, as this information assists staff involved in your care to deliver and provide
improved care, deliver appropriate treatment and care plans, to meet your needs.
Information is collected in a number of ways, via your healthcare professional, referral details from
you’re your employer (where applicable) or directly given by you.
How we use information
• To help inform decisions that we make about your care.
• To ensure that your treatment is safe and effective.
• To work effectively with other organisations who may be involved in your care.
• To support the health of the general public.
• To ensure our services can meet future needs.
• To review care provided to ensure it is of the highest standard possible.
• To train healthcare professionals.
• For research and audit.
• To prepare statistics on performance.
There is huge potential to use your information to deliver care and improve our health and care
services. The information can be used to help:
• Improve individual care.
• Understand more about disease risks and causes.
• Improve diagnosis.
• Develop new treatments and prevent disease.
• Plan services.
• Improve patient safety.
It helps you because;
• Accurate and up-to-date information assists us in providing you with the best possible care.
• If you see another healthcare professional or specialist they can readily access the information
they need to provide you with the best possible care.
Privacy Notice
Version 1.0 | Page 5
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
• Where possible, when using information to inform future services and provision, non-identifiable
information will be used.
How information is retained and kept safe?
Information is retained in secure electronic and paper records and access is restricted to only
those who need to know.
It is important that information is kept safe and secure, to protect your confidentiality. There are a
number of ways in which your privacy is shielded; by removing your identifying information, using
an independent review process, adhering to strict contractual conditions, and ensuring strict
sharing or processing agreements are in place.
GDPR regulates the processing of personal information. Strict principles govern our use of
information and our duty to ensure it is kept safe and secure. NPH Group is registered with the
Information Commissioners Office (ICO). Details of our registration can be found on
https://ico.org.uk/esdwebpages/search Enter our registration number (Z3160611) and click
‘search register’.
Technology allows us to protect information in a number of ways, in the main by restricting access.
Our guiding principle is that we are holding your information in strict confidence.
How do we keep information confidential?
Everyone working for NPH Group is subject to the Common Law Duty of Confidentiality and GDPR.
Information provided in confidence will only be used for the purposes to which you consent to,
unless there are other circumstances covered by the law.
Under the Confidentiality Code of Conduct, all staff are required to protect information, inform
you of how your information will be used and allow you to decide if and how your information can
be shared. This will be noted in your records.
All NPH staff are required to undertake annual training in data protection, confidentiality, IT/cyber
security, with additional training for specialist, such as healthcare records, and data protection
officers.
How long will records be retained
The lifecycle of a document shall be determined at point of creation. This shall be in accordance
with the retention periods set out in the Records Management NHS Code of Practice or
any other statutory retention regulations which NPH have adopted.
NPH will only retain records as long as there is a legal obligation to do so. Unless agreed for
extended perseveration, all records will therefore be securely destroyed on expiry of minimum
retention periods.
Privacy Notice
Version 1.0 | Page 6
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
Who will the information be shared with?
To provide best care possible, sometimes we will need to share information about you with
others. We may share your information with a range of Health and Social Care organisations and
regulatory bodies. You may be contacted by any one of these organisations for a specific reason;
they will have a duty to tell you why they have contacted you. Information sharing is governed by
specific rules and law.
For your benefit, we may also need to share information from your records with both NHS and
non-NHS organisations, from whom you are also receiving care or support, such as social services,
private healthcare organisations or your employer. However, we will not disclose any health
information to third parties without your explicit consent, unless there are exceptional
circumstances, such as when the health or safety of others is at risk or where the law requires the
disclosure of information. We may also be asked to share basic information about you, such as
your name and parts of your address, which does not include sensitive information from your
health records.
Generally, we would only do this to assist them to carry out their statutory duties (such as usages
of healthcare services, public health or national audits). In these circumstances, where it is not
practical to obtain your explicit consent, we are informing you through this notice, which is
referred to as a Privacy Notice, under the GDPR.
We will never disclose any clinical information about you to anyone without your consent.
Where patient information is shared with other NHS or non-NHS organisations, information
sharing agreement are in place to ensure information is shared in a way that complies with
relevant legislation.
Non-NHS organisations may include, but are not restricted to: social services, education services,
local authorities, the police, voluntary sector providers, private sector providers or your employer.
You have the right to refuse/withdraw consent to information sharing at any time. We will fully
explain the possible consequences to you, which could include delays in you receiving care.
Contacting us about your information
NPH Group has a member of the Board who is responsible for protecting the confidentiality of
your information and enabling appropriate sharing. This person is known as the Caldicott
Guardian. In addition, there is a Governance Group, whose responsibility it is to ensure that
requests for information are considered carefully, taking into account both the rights of individuals
but also taking into account any exemptions.
Whilst it is recognised that an individual’s rights must be observed at all times, there are
exemptions to some organisations such as NPH due to the nature of the information held. That
said, should a request be made in relation to an individual’s rights, full consideration will always be
given by our Governance Group and a formal response provided.
Privacy Notice
Version 1.0 | Page 7
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
The right of access
Individuals have the right to access their personal data and supplementary information.
The right of access allows individuals to be aware of and verify the lawfulness of the processing.
The right to rectification
Individuals have a right to have inaccurate personal data rectified or completed if it is incomplete.
An individual can make a request for rectification in writing
Responses must be provided within one calendar month to respond to a request.
In certain circumstances NPH can refuse a request for rectification.
The right to erasure
The right for individuals to have personal data erased.
The right to erasure is also known as ‘the right to be forgotten’.
Individuals can make a request for erasure in writing.
Responses must be provided within one calendar month to respond to a request.
The right is not absolute and only applies in certain circumstances.
The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data.
This is not an absolute right and only applies in certain circumstances.
When processing is restricted, NPH is permitted to store the personal data, but not use it.
An individual can make a request for restriction in writing.
Responses must be provided within one calendar month to respond to a request.
The right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their
own purposes across different services.
It allows an individual the right to move, copy or transfer personal data easily from one IT
environment to another in a safe and secure way, without affecting its usability.
Doing this enables individuals to take advantage of applications and services that can use this data
to find them a better deal or help them understand their spending habits.
The right only applies to information an individual has provided to a controller
The right to object
Individuals have the right to object to:
Processing based on legitimate interests or the performance of a task in the public
interest/exercise of official authority (including profiling);
Direct marketing (including profiling); and
Processing for purposes of scientific/historical research and statistics.
Privacy Notice
Version 1.0 | Page 8
NPH Group | 4th Floor of Dobson House, Regent Centre, Gosforth, Newcastle upon Tyne NE3 3PF
Phone: 0191 605 3140 | Fax: 0191 284 1942 | Email: info@nph-group.co.uk
If you have any questions or concerns regarding the information we hold on you, the use of your
information or would like to discuss further, please contact us as follows:
• By Post: Governance Group, NPH Group, 4th Floor Dobson House, Regent Centre, Newcastle
NE3 3PF
• By Email: info@nph-group.co.uk
• By Website: https://nph-group.co.uk/contact-us
Can I access my information?
Under the Data Protection Act 1998 (GDPR) a person may request access to information (with
some exemptions) that is held about them by an organisation. For more information on how to
access the information we hold about you please contact us in writing using any of the abovementioned contact methods.
Requests for rectification or erasure of a record or restricting of processing, should also be in
writing and sent using any of the above-mentioned contact methods. Your request will be
discussed, and consideration given to the reasons for requesting rectification or erasure of the
record.
Contacting us if you have a complaint or concern
We try to meet the highest standards when collecting and using personal information. We
encourage people to bring concerns to our attention and we take any complaints we receive very
seriously. You can submit a complaint through NPH Group Complaints Procedure, which is
available by request through our website:
https://nph-group.co.uk/contact-us/
Or writing to our Quality Assurance Manager at NPH Group, 4th Floor Dobson House, Regent
Centre, Newcastle NE3 3PF.
If you remain dissatisfied with the decision following your complaint, you may wish to contact:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Their web site is at www.ico.gov.uk. The Information Commissioner will not normally consider an
appeal until you have exhausted your rights of redress and complaint to the Trust.
