Covid-19 Privacy Notice
This notice describes how we may use your information to protect you and others during the COVID-19 outbreak. It supplements our main Privacy Notice which is available here.
The health and social care system is facing significant pressures due to the COVID-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
The processing of special category data, in relation to this privacy notice for Covid – 19 is regulated and controlled under GDPR Article 6(1)(c), compliance with a legal obligation, or Article 6(1)(e), that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (the provision of statutory health care services).
The exemptions in GDPR Article 9(1)(g) and 9(2)(h) will be applied, that processing is necessary for matters of substantial public interest in the area of public health or for the management of health care systems.
The conditions in paragraphs 2 (management of health care systems), 3 (public health) and 6 (statutory and government purposes) of schedule 1 of the Data Protection Act 2018 are engaged. Further information can be found below in regards the law and necessary duties imposed on Spencer Private Hospitals as a care provider at this time.
Where a patient has tested positive for COVID-19, the results of the test may also be notified to next-of-kin, partners, or people the patient may live with, this communication will usually be made by via telephone, email or text message service.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI), and related legislation, the Secretary of State has issued COPI Notices which requires NHS Digital; NHS England and Improvement; Arm’s Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the COVID-19 outbreak. Any information used or shared during the COVID-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. The notices will be reviewed on or before 30 September 2020. Further information is available on gov.uk here and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the COVID-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. Where data is used and shared under these laws your right to have personal data erased will also not apply.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111 as well as our own trusted Data Processors, where appropriate. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency, we may offer you a consultation via telephone. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
Where appropriate, we may also process your Personal Data in the form of ‘Get well soon card’ well-wishing to patients staying in our hospital. This can be done through our website from family members, friends and other individuals to patients. This is a mechanism for patients to stay in touch with the outside world during this period of limited hospital visitations, enabling us to protect both our patients and our staff and facilitate social distancing. By completing the online form, you are consenting to your
Personal Data being used for this purpose. The contact information you provide may be used to attempt
to contact you if our Customer Service Team have any queries about your message or are unable to pass on your message for any reason. Please bear in mind that our Customer Service Team, our ward staff and other related staff may need to review your message before passing it on the patient so that we can ensure that the service is operating as intended. Our staff will not share your Personal Data, your contact details, or your messages, as they relate to the ‘Get Well Soon Card’ only. We will not process this Personal Data for any purpose other than to pass on your message and perform any directly associated actions. We will not retain your Personal Data for any longer than necessary; this data will be managed and subsequently deleted by Spencer Private Hospitals in line with the Record Management Code of Practice for Health and Social Care 2016, and internal retention policies of which will be reviewed regularly based on the frequently-changing situation and will be dealt with in line with Government advice and legislative requirements.
We may also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak, otherwise referred to as NHS Track and Trace. We will be recording staff, patient, visitors, contractors and other attendees to our sites in order to comply with the scheme. The data will be recorded for a minimum 21 days and following this destroyed in line with our retention policies. Please refer to government guidance here for details on the track and trace programme.
Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the COVID-19 response is available here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the COVID-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include hospital occupancy and capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of Data Protection Legislation.
In such circumstances where you tell us you’re experiencing COVID-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require, and we will ensure that any information collected is treated with the appropriate safeguards.
It may take us longer to respond to Data Subject Access Requests, Freedom of Information Requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
Please be aware that Spencer Private Hospitals resources are currently diverted in some areas as we respond to the COVID-19 pandemic. As a result, our response to your Data Subject Access Request
(DSAR) and Freedom of Information Requests (FOI) may to take longer than usual at this time. This is particularly likely to be the case if your request will require input from our clinical staff. Spencer Private Hospitals continue to monitor and act in line with the latest guidance from the Information Commissioner’s Office during this period.
We apologise for any inconvenience this may cause and thank you for your understanding at this time. We remain committed to responding to your request and will aim to do so as soon as we are able.
For more information please refer to our other Privacy Notices available on our website here:
You can also access further information from the Information Commissioner’s Office, please see the link here.
If you have any concerns about the above, please contact the Data Protection Team via: firstname.lastname@example.org
If you are dissatisfied with the way your request has been handled, you have the right to complain to the Information Commissioner. They can be contacted via their website: https://ico.org.uk/global/contact-us/ or via telephone: 0303 123 1113.
We may amend this notice frequently as the Covid 19 Pandemic develops. Please refer regularly for any updates.