Fair Processing Notice (Privacy Notice)
This Fair Processing Notice informs all users of MediServices healthcare Ltd, how we use the information we collect, who we share it with and how we maintain patient confidentiality.
Our commitment to Data Privacy and Confidentiality Issues
All our Professional Practitioners, staff and associated practitioners are committed to protecting your privacy and will only process data in accordance with the Data Protection Legislation. This includes the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Act (DPA) 2018, the Law Enforcement Directive (Directive (EU) 2016/680) (LED) and any applicable national Laws implementing them as amended from time to time. The legislation requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
In addition, consideration will also be given to all applicable Law concerning privacy, confidentiality, the processing and sharing of personal data including the Human Rights Act 1998, the Health and Social Care Act 2012 as amended by the Health and Social Care (Safety and Quality) Act 2015, the common law duty of confidentiality and the Privacy and Electronic Communications (EC Directive) Regulations.
This statement is a written record that demonstrates that we have shown due regard to the need to eliminate unlawful discrimination, advance equality of opportunity and foster good relations with respect to the characteristics protected by equality law.
Why we collect information about you.
We collect and process personal and sensitive personal data about our service users to ensure that you receive the best possible treatment and care.
Information is collected in several ways, either via your healthcare professional, referral details from your GP or other referrers, or directly given by you.
To lawfully process this personal data, as required under UK Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679 (Article 6 (1)), there must be an appropriate legal basis such as:
- direct clinical care
- medical diagnosis and treatment
Categories of data
We collect information and maintain records about your health and treatment to make sure that you receive the best possible medical diagnosis, care treatment.
This information may be stored electronically and may include the following:
- Details such as your name, address, date of birth, next of kin, ethnicity, and contact details.
- Details about your care and treatment such as appointments, test results, medical history,
- symptoms, which has been provided by our partners (Referrer or NHS Trust).
- All information about patients is treated confidentially and only ever shared on a need to know basis.
Whilst attending the appointment for clinics, the NHS Trust also records CCTV images for the prevention and detection of crime and to protect staff, patients, and visitors and Trust property. (This is not monitored by MediServices)
Security of information
We take our duty to protect your personal information and confidentiality very seriously and everyone working for the NHS has a legal duty to keep information about patient’s confidential and secure, as set out in the NHS Confidentiality Code of Conduct
The information is held and processed in accordance with and under the legal governance of:
- UK Data Protection Act 2018
- EU General Data Protection Regulation 2016/679
- Human Rights Act 1998
- Health and Social Care Act 2015
- Common Law Duty of Confidentiality
- The Health Service Act 2006
- Records Management NHS Code of Practice for Health and Social Care
We are regularly audited and assessed to ensure that appropriate security measures and good practice is in place. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel only.
Senior Information Risk Owner, who provides the focus for the management of information risk and provides our Trust Board with assurance that information risk is being managed appropriately and effectively across the organisation. A Caldicott Guardian, who is a senior health professional responsible for protecting the confidentiality of patient information and enabling and overseeing appropriate information-sharing.
All employees are bound by the terms and conditions of their professional ethic codes of practice and contractual employment contract. Only authorised staff who have a legitimate involvement in patient care are given access to the records. Any potential breach of confidentiality is a staff disciplinary offence and is taken very seriously. We also ensure that other organisations e.g., suppliers who support us, have adequate information security standards in place.
All information held is used specifically for the purposes it was consented to unless
statutory legislation permits otherwise, for example disclosure is required to protect the health and safety of others who may be put at risk, or there is an urgent safeguarding matter to resolve.
We will only keep your information if it is necessary and in accordance with the retention periods set out in the retention policy of the data controller or Records Management Code of Practice 2021
All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.
Direct care purposes
The NHS Trust, partners or referrer will normally share information about patient with MediServices. we arrange the clinics for diagnostic care, once patient is seen the report will be shared back to the referrer exclusively through secure email, so that you may receive the best quality of care.
Data sharing agreements with MediServices and Partners are in place to ensure that the requirements of law and guidance are being met. Principal organisations.
All information will be stored securely on a protected IT system and only accessed by authorised persons.
Indirect care purposes
Your information will also be used to help us manage and improve the NHS and protect the health of the public by using it to:
- Investigate patient queries, complaints, and legal claims.
- Patient Satisfaction Surveys
Nationally there are strict controls on how your information is used for these purposes. These regulate whether your information must be anonymised first and with whom we may share identifiable information.
Where information sharing is required with third parties, we will always have a relevant contractual obligation and Data Sharing Agreement in place and will not disclose any health information without your explicit consent unless there are exceptional circumstances, e.g., if the health or safety of others was at risk or where the law requires it to carry out a statutory function.
Confidential personal information about your health and care is only used where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.
SMS text messaging
When attending the Trust for an outpatient appointment or procedure, patients may be asked to confirm their contact number/mobile telephone number. We may use these numbers or where you have provided your contact details from the referral from our partners, to send your appointment details and reminder messages via SMS text message.
Most of our patients appreciate these reminders and it can help in reducing the number of missed appointments. If you do not wish to receive these texts, please inform us.
Patient Satisfaction Surveys
We may also use your details to contact you with regards to patient satisfaction surveys relating to services you have used. This is to improve the way we deliver healthcare to you and other patients.
The Trust may also pass your contact information to approved contractor to carry out surveys for the purpose of implementation. Only anonymised reports/referrals are used to help make service improvements. Details about any such surveys will be informed through posters and leaflets to enable you to make an informed decision. Any objection to taking part will be respected and you have the right to opt-out of this.
How to access your health records, raising concerns.
The EU General Data Protection Regulation 2016/679 and UK Data Protection Act Law 2018 give you the right to access the information we hold about you. Requests must be made in writing to:
MediServices healthcare Group
Unit 28, Greenland's Business Centre,
Studley road, Redditch, B98 7HD
Freedom of Information
The Freedom of Information Act 2000 provides members of the public access to recorded official information held by public authorities, subject to exemptions. For more details or to request some information from us
A Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which, and the way, any personal data are, or are to be, processed.
The Data Processor is responsible for processing data on behalf of the data controller as set out in the data controllers' agreement.
Notification with Information Commissioner's Office (ICO)
The ICO is the UK's independent regulatory body set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
We are data protection registered with the ICO, registration number: ZA228727.
Patients have the right to complain to the Information Commissioner, the supervisory authority, if they should ever be dissatisfied with the way we have handled or shared their personal information:
The Information Commissioner's Office (ICO)
Tel: 0303 123 1113
Information Commissioner's Office website www.ico.org.uk
MediServices Healthcare continuously strives to uphold an excellent standard of service.
Led by our Medical Director, our clinical governance committee ensures that the quality of all services is continually monitored and reviewed.
MediServices Healthcare is committed to providing seamless insourcing and outsourcing solutions, our clients are at the heart of everything we do.
In order to support our diagnostic backlogs, following a competitive tender MediServices Healthcare was contracted to support us for a period of 9 months. During this time they helped us to provide both EEG and EMG patients with their tests in a timely manner.
Coordinating the effective transfer of information and contacting patients for both EEG and EMG tests was a huge undertaking. However, the service that was provided was excellent, and would not have been possible without the proactive nature of the team and the exemplary team members allocated to this project. I would like to thank MediServices Healthcare, most sincerely, for their patience and the high-quality service that was provided over the period of 10 months.
SRFT have been working with MediServices for a number of years.
SRFT is one of the largest neurosciences centres in the country and has a significant and growing need for neurophysiological services including IOM and EMG. We have found MediServices to be consistently professional, flexible, and responsive to our service needs over this period and would have no reservations in recommending their services to other providers.
We have worked with MediServices for over 12 months and developed a close working partnership with both the visiting neurophysiologists and health care assistants (HCAs). Their continuing professionalism and commitment to supporting our neurophysiology service have enabled our neurophysiology service in Wolverhampton to maintain waiting times and provide patients with first-rate service.
The MediServices team has seamlessly integrated into the team, quickly adapting to our routine of working, but more importantly have been friendly and willing to help with any issues. We have utilised MediServices in a variety of ways, to reduce EMG and EEG waiting lists or to cover Consultant leave and MediServices have accommodated our needs with no fuss in negotiating the best arrangement to provide a complete service.
Patients have nothing but praise for all the MediServices personnel, complimenting them on their kindness and ability to make them, as patients, feel relaxed and at ease.
I wanted to say thank you so much for the excellent professional support you have given the department over the past 8 months (EMG/NCS). We have really enjoyed working with you. The consultants that you have provided us have been of excellent professional standards.
I would like to say Dr A has been amazing and has been an absolute pleasure to work with. We are now in the excellent and fortunately position to have appointed a substantial consultant, but I would still like to keep our working relationship open so that if we did need cover for sickness or holidays we could get in touch.
Thought I would drop you a line to say how brilliant the two members of staff were that completed the EEG on my son today. They made him feel completely at ease, were patient and answered all of our questions as well as being very kind.
The Royal Orthopaedic Hospital NHS Foundation Trust
The Royal Orthopaedic Hospital NHS Foundation Trust
Oxford University Hospitals
Nottingham University Hospitals
The James Cook University Hospital
Fulwood Hall Hospital
Cardiff and Vale University Health Board
Swansea NHS Trust
Countess of Chester Hospital
Frimley park hospital
Birmingham Children's Hospital