Any personal information we hold about you is processed in carrying out the public task of providing healthcare and for the purposes of “…provision of health or social care of treatment or the management of health or social care systems and services…” in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
We keep records about your health and any treatment and care you receive. This helps us ensure you get the best treatment and management of your healthcare. The records may be written down, or held on a computer.
Our main electronic system for recording your care and treatment is CareNotes, but other systems may be used depending on the service you are receiving.
Records held will include both personal information and 'special category' information, which is how the law defines more sensitive information about your healthcare.
We are likely to hold:
Sensitive personal information we may hold will include:
We use the records to help plan and guide your care. They help to ensure:
Your information may also be used to help:
Information used for statistical purposes is anonymous. We take stringent measures to ensure individuals cannot be identified. Where information is used for purposes such as service improvement we will anonymise or pseudonymise your personal information wherever possible to protect your confidentiality unless there is a legal basis that permits or requires us to use it. We will only use or share the minimum information necessary.
We work in close partnership with a number of organisations in order to provide the best support and care possible.
We may need to share relevent personal information with other NHS organisations and other non-NHS organisations contracted to provide health or social care services in order to support your healthcare needs. For example we may share information with NHS England, General Practitioners (GPs), ambulance or transport services or private care homes or social care providers. We are required by law to share information with other bodies such as with the Care Quality Commission for inspection purposes.
There may be occasions when we are required by law or a specific court order to share information. This includes exceptional circumstances where we may be required to share information to the police for the purposes of prevention, investigation and detection of crime or with appropriate authorities where there is an overriding public interest to prevent abuse or serious harm to you or to others. Where there is cause to do this the Trust will always do its best to notify you of sharing information and share only the minimum information required for the purpose.
We will hold your information in confidence and it will only be used for the purposes explained to you. We will only share information where current legislation permits or requires it and will ensure so far as we are able to that any information will be shared securely and held securely and will ensure so far as possible that any such third party will hold information in accordance with current legislation and protect your confidentiality.
Devon Partnership NHS Trust takes all necessary measures to protect your information. Data security measures are in place for all the Trust’s existing services and at the heart of all new initiatives going forward. Our processes are robust and we will continue to improve and maintain our security to protect the information of the people who use our services and staff and keep up with evolving information standards.
Everyone working for the NHS has a legal duty to keep sensitive information secure and confidential. This extends to any suppliers working with Devon Partnership Trust who may come into contact with our information. Any supplier must demonstrate the same high standard of security expected from the NHS before engaging in any services.
We will also from time to time ask you to confirm the information about you is up-to-date.
The information we secure is generated from:
All of Devon Partnership NHS Trust records are maintained and destroyed in accordance with the NHS Retention Schedule. The schedule sets out the appropriate length of time the type of record is retained for. We do not keep records for any longer than is necessary.
Once the retention period is met, or the Trust has decided the record is no longer required, it is confidentially shredded and destroyed.