Privacy Notice – Safeguarding
Some members of society are recognised as needing protection, for example children and vulnerable adults. If a person is identified as being at risk form harm the ICB is expected as professionals to do what they can to protect the individual. In addition, the Integrated Care Board (ICB) is bound by certain specific laws that exist to protect individuals. This is called safeguarding.
Where there is a suspected or actual safeguarding issue the ICB will share information that they hold with other relevant agencies whether or not the individual or their representative agrees.
There are three laws that allow us to do this without relying on the individual or their representatives agreement (unconsented processing), these are:
Section 47 of The Children Act 1989 ,
Schedule 1, Part 2, Section 18 and,
Section 45 of the Care Act 2014
In addition there are circumstances when the ICB will seek the agreement of the individual or their representative to share information with local child protection services, the relevant law being, Section 17 of The Children Act 1989,
Data Controller contact
If you have any queries, concerns, or want to request that we change or delete your information, you may contact NHS Derby and Derbyshire ICB at the following address:
Information Governance Team, Scarsdale, Nightingale Close, Newbold, Chesterfield, Derbyshire, S41 7PF
Email: ddicb.igteam@nhs.net
Purpose of the processing
The purpose of the sharing and processing this data is to protect the child or vulnerable adult.
Lawful basis for processing
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the UK General Data Protection Regulations (UK GDPR):
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”*
Recipient or categories of recipients of the processed data
The data will be shared with the ICB quality and nursing directorate safeguarding teams, as well as health and social care organisations to ensure that the appropriate care and protection is provided.
Right to object
You have the right to object to some or all the information being processed under Article 21 of UK GDPR. To object to the processing of your information, please contact the controller. You should be aware that this is a right to raise an objection, which is not the same as having an absolute right to have your wishes granted in every circumstance.
Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of law.
Retention period
The data will be retained in line with the law and national guidance. Or speak to the ICB.
Right to complain
You have the right to complain to the Information Commissioner’s Office (ICO).
Contact the ICO online or call their helpline on 0303 123 1113 (local rate) or 01625 545 745 (national rate).
There are National Offices for Scotland, Northern Ireland and Wales.
References
* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.
The general position is that if information is given in circumstances where it is expected that a duty of confidence applies.
In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, must not normally be disclosed without the consent of the patient or the reasonable expectation that the information will be shared to organisations as part of the patient’s direct care. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.
Four circumstances making disclosure of confidential information lawful are:
- There is a reasonable expectation from the data subject that the data will be shared with organisations for the specific purpose of their direct care.
- where the individual to whom the information relates has consented;
- where disclosure is in the public interest; and
- where there is a legal duty to do so, for example a court order.