The General Data Protection Regulation (GDPR) is a regulation that the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The principle of GDPR is to give control back to citizens and residents over their personal data and to simplify and clarify how and why information about you might be used. It becomes enforceable from 25 May 2018. Woking & Sam Beare Hospice is working to be GDPR compliant.
As a specialist palliative care provider, Woking & Sam Beare Hospice needs to keep important information about our patients and, where appropriate, their next of kin. This is so we can give you the best possible care.
The privacy of our patients is an organisation wide priority. We follow a national approach called Information Governance. This ensures data protection and the correct handling of personal and sensitive information about patients, staff and our volunteers, as well as any individual, business or organisation that supports us or partners with us. Information is dealt with legally, securely, efficiently and effectively.
For more information you can download a data handling leaflet by clicking on the button below. Alternatively, if you click on each of the statements below they will expand to provide additional information about how we handle patient information and your privacy.
To ensure that we process your personal data fairly and lawfully we are required to inform you:
- Why we need your data
- How it will be used and
- Who it will be shared with
- How to access your information
This information also explains what rights you have to control how we use your information.
The law determines how organisations can use personal information. The key laws are: the Data Protection Act 1998(DPA), the Human Rights Act 1998 (HRA), relevant health service legislation, and the common law duty of confidentiality. The latter is not outlined in any one specific act but refers to the obligation that we have to respect the confidentiality of our patients’ affairs. Information that we obtain about our patients’ affairs may be confidential, and must not be used for the benefit of persons not authorised by the patient.
In all cases we would consider the Legitimate Interests to process information as necessary, as referenced: ‘Processing will be lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms
of the data subject which require protection of Personal Data, in particular where the data subject is a child.’
Within these pages we provide you with examples of how Woking & Sam Beare Hospice is the “Data Controller”, for the purposes of the Data Protection Act 1998, and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.
Woking & Sam Beare Hospice recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties.
This part of the fair processing notice outlines the management of the notice, contact details and other access to information legislation.
In order to treat patients effectively we collect personal information about your treatment history and care in paper and/or electronic format.
Your information is used to ensure:
- Staff caring for you have accurate, up-to-date information to guide provision of the best care for you
- We can contact you in relation to your care and treatment
- Treatment and services meet local community needs
- Efficient referral to other services
Your information may also be used for other purposes:
- Public health needs
- Review and audit of the quality of care
- To teach and train healthcare workers
- Conduct research
- Investigation of complaints
- Preparation of statistics on national health
- Monitoring health budget spending
If you do not want certain information shared please talk to the person in charge of your care.
The type of information we keep about you may include:
- Your full name and title
- Data of birth
- Home address, telephone number[s], email address
- Marital status
- GP’s name and surgery details
- Medical records and test results
- Troublesome symptoms that you tell us are important to be addressed
- Medications you are taking
- Details of your carer and family members and their contact details
- Any allergies
- Should you have a disability
- Racial and ethnic background
- Religious or spiritual believes
The healthcare professionals at Woking & Sam Beare Hospice who provide your care will use your information to:
- Confirm who you are when we contact you or when you contact us
- Make decisions about your ongoing care and treatment
- Make sure your care is safe and effective
- Check the quality of your care
- Enable us to contact your carer and/or next of kin as directed by you
We may also use your data, but you will not be personally identifiable, for one or more of the following purposes:
- Check and report on how effective the hospice’s services are
- To improve and develop our staff as part of our training programme [you will be given the option to choose whether to be involved or not]
- To help us manage and plan our services, and to constantly be able to review and improve
- Investigate complaints, legal claims or important incidents
- As part of a research project, to enable us to continually strive to offer the best possible care [your consent will be required first and you remain anonymous]
- Ensure that money is used properly to pay for the services we provide
- Make sure services are planned to meet patients’ needs in the future
All staff and volunteers are legally obligated to keep patient information strictly confidential. We may keep your information in written form or on a computer. Whenever possible all information that identifies you will be removed. The information held in these systems is primarily used for healthcare purposes, but may also be used for other non-healthcare related purposes, and shared with other statutory bodies/organisations to enable them to fulfil their statutory obligations.
The information will only be shared with other organisations where there is a statutory obligation to do so, or with the agreement of Woking & Sam Beare Hospices’s Caldicott Guardian.
Sharing of sensitive personal information is strictly controlled by law (Data Protection Act 1998). In general those providing your care will commonly share your records with those organisations which have a genuine need for it and with your consent.
Woking & Sam Beare Hospice clinical and clinical administrative staff share your records in order to optimise your care and treatment, as well as providing emotional and spiritual support. All of these personal are directly involved in your care and are therefore deemed to have a legitimate interest in your data.
Your records may be shared with other healthcare professionals or organisations [GP, consultants, referring hospital]. Information may be shared with trainee healthcare professionals to facilitate training.
We may be required to share certain information with management or governing bodies.
This could include the Clinical Commissioning Groups [CCGs] and the Care Quality Commission [CQC], for purposes of contributing to audits, public health, and standards regulation.
When we pass on information we ensure its transfer is secure and confidentiality is maintained.
On initial assessment in the community or on admission, we will ask you which family, friends, or carers you do or do not want to share information about your care and treatment with.
We will respect your wishes and consult you before information is shared. You have a right to change your mind at any time.
We regularly update this information during your care.
Commonly we provide information to your GP, hospital consultant or the healthcare organisation involved in your care. We communicate by letter or email, proving them with referral details, discharge summaries and we usually send you a copy of these letters.
If you have reservations about sharing your information with a particular professional or organisation please discuss this with your clinical team. We will respect your decision.
There is a footnote in each letter / email that is sent to other healthcare professionals we share your information with that reads as follows:
“This letter has been copied to ……………………. If you wish to opt out of receiving this information please inform your CNS / Consultant.”
If you would like to opt out of receiving this information then please notify a member of your care team.
Some information within your records may be shared with other organisations with interests in healthcare research, audit or statistics. This may facilitate training of health and social care professionals, contribute to national public health audits or contribute to monitoring healthcare expenditure. When your information is used in this way we remove any personal, identifiable information about you wherever possible. If this is not possible we will seek your consent.
Your wishes will be respected and this will not affect your care.
There may be times when we are required by law to share your information without your consent.
Occasionally we are required by law to share information from your record. For example: if there is an infection control risk that could put others at risk; a request from the CQC for audit data; a formal court or police order; or where a crime has been committed.
In such cases we may be prevented from respecting your wishes not to share your data.
You or your legal representative have the right to apply for access to your healthcare record.
You can make an informal request during a consultation, or you can call or write to us to request to see your records. You also have the right to obtain copies of your records. We will send you the required requested documents to complete, including proof of ID.
We aim to respond to your request within 21 working days from receipt of the completed documents.
Please contact us to make an application:
Director of Nursing
Woking and Sam Beare Hospices
Goldsworth Park Centre
Surrey, GU21 3LG
We take our duty to protect your personal information and confidentiality seriously, it is an organisation wide priority. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. Our ‘Caldicott Guardian’ is responsible for the management of patient information and patient confidentiality. All staff are required to undertake annual information governance training and are provided with an information governance user handbook that they are required to read, understand and agree to adhere to. We also have a number of governance committees who meet regularly to ensure best practice and to ensure all staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.
All of our staff are required to protect your information, and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared. Everyone working for Woking & Sam Beare Hospice is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.
A Caldicott Guardian is a senior person within a health or social care organisation who makes sure that personal information about those who use its services is used legally, ethically and that confidentiality is maintained.
Caldicott Guardians are senior healthcare professionals responsible for protecting confidentiality of patient and service-user information and enabling appropriate information sharing. They are experts on confidentiality issues and access to patient records and are responsible for safeguarding the confidentiality of patient information.
If you have any concerns or questions about the confidentiality of your information, then please talk to the staff providing your healthcare and treatment, or contact email@example.com.
Depending on whether you are under the care of the community team or the in-patient ward in the hospice, please either speak directly to any member of staff or you can contact the different teams as follows:
In-patients: 01483 881750
Woking Community Team: 01483 881755
Sam Beare Community Team: 01932 598385
Or you can contact our Caldicott Guardian who is responsible for protecting patient confidentiality: firstname.lastname@example.org.
Data Protection Notification
Woking Hospice is a ‘data controller’ under the DPA. We have notified the Information Commissioner that we process personal data. Our registration number is ZA088704 and the details are publicly available from:
Information Commissioner’s Office
Wilmslow SK9 5AF
We keep our privacy notice under regular review and we will place any updates on this web page. This notice was last updated on 02 March 2018.