Our Commitment to Data Privacy and Confidentiality
We are committed to protecting your privacy and will only process personal confidential data lawfully and in accordance with the EU General Data Protection Regulation, the Common Law Duty of Confidentiality and the Human Rights Act 1998.
Outlook SW Ltd is a Data Controller under the terms of the Data Protection Act. We are legally responsible for ensuring that all personal information that we hold and use is done so in compliance with the law. All data controllers must register with the Information Commissioner’s Office (ICO). Our ICO Data Protection Register number is ZA152401 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website.
Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee, the NHS Constitution, the Health and Social Care Information Centre Guide to Confidentiality, and the NHS Confidentiality Code of Practice provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.
If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.
We would not share information that identifies you unless we have a fair and lawful basis
- You have given us permission;
- To protect children and vulnerable adults;
- When a formal court order has been served on us;
- When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
- Emergency Planning reasons such as for protecting the health and safety of others;
- When permission is given by the Secretary of State for Health or the Health Research Authority (HRA) on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals
All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis.
All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
In all circumstances we will only use the minimum amount of information necessary about you.
We will only keep information for as long as is necessary and in accordance with the retention periods set out in the Records Management Code of Practice for Health and Social Care 2016 – http://systems.digital.nhs.uk/infogov/iga/rmcop16718.pdf. When the retention period has expired and the information is no longer necessary for the stated purpose, the information will be destroyed. Personal confidential data held on paper is securely destroyed.