Privacy Policy
Confidentiality and Data Protection Policy
Stoke Hospital needs to keep certain information about residents, service providers and trustees and these people have a right to privacy and to expect that all personal information about them will be handled sensitively and confidentially. To comply with the law information must be used fairly, stored safely and not be disclosed to any other person unlawfully. Stoke Hospital agrees to comply with the Data Protection Principles which are set out in the Data Protection Act 1998 and the new General Data Protection Regulation that came into force in May 2018. In summary these state that personal data shall:
be obtained and processed fairly and lawfully
be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose
be adequate, relevant and not excessive for those purposes
be accurate and kept up to date
not be kept longer than is necessary for that purpose
be processed in accordance with the data subject’s rights
be kept safe from unauthorised access, accidental loss or destruction.
An information audit has been carried out (February 2018). Privacy Notices for residents, and for trustees/service providers specify the information collected, how it is used and shared and the person’s rights in relation to it. These are individually signed, to give specific and informed consent for its collection, processing and use. Records of each person’s consent are kept.
Names and contact details of each resident’s next of kin and doctor’s surgery are kept as legitimate interests, as are names and contact details of contractors who provide services to Stoke Hospital. A legitimate interests assessment has been carried out (February 2018) to confirm that retaining such data has minimal privacy impact, is necessary to protect the interests of residents and is using data in ways that next of kin and contractors would reasonably expect.
Rights relating to Personal Information
Residents, trustees and service providers have the right to access any personal data held about them by contacting the Clerk to the Trustees in writing. They also have the right to correct any inaccuracy, to restrict processing and to require erasure of personal data, provided that this is compatible with their status as beneficiary and Stoke Hospital Regulations, or their role as a trustee or service provider. These rights are explained in the Residents’ Handbook and on Privacy Notices for residents, trustees and service providers.
Stoke Hospital, its trustees and service providers will:
Treat all personal and sensitive organisational information as confidential to the charity
Comply with the law regarding the protection and disclosure of information
Not disclose personal information without the prior informed consent of the individual concerned, except in the circumstances outlined below in the section on disclosure
Not disclose confidential information about one resident to another
Not gain or attempt to gain access to information they are not authorised to have.
Stoke Hospital is registered with the Information Commission Office’s Data Protection Register.
Any service providers and trustees of Stoke Hospital who process or use any personal information must ensure that they follow these principles at all times. Residents’ confidentiality and privacy are to be respected at all times.
Data Security
All sensitive information will be kept and handled confidentially, whether the information has been received formally, informally or discovered by accident. Broadly, this means:
Any personal information about a resident, applicant, service provider or trustee including:
- information contained on the Stoke Hospital Application Form or verbally given at interview
- references obtained about an applicant
- information contained on the Tenant Information Form for the Emergency Call Centre
- any social services assessments undertaken relating to home adaptations or care packages.
Sensitive organisational information which could be used to damage the charity or threaten the security of property or buildings
Tenders and quotations for services and works.
These records are all considered confidential and are kept in secure individual files. Stoke Hospital undertakes that personal information on paper will be kept in in a locked filing cabinet or a locked drawer in a secure and private office. If it is held electronically, it will be password protected, or kept only on a disk which is itself secure.
Personal information will not be disclosed either orally or in writing to any unauthorised third party without specific and informed consent from the individual.
Any breach in security of personal data will be reported to the Information Commissioner’s Office. It could have very serious consequences for an individual or for the charity and will be treated as a serious disciplinary matter.
Conduct of those holding personal information
Service providers and trustees are obliged to respect the information shared with them by the residents and other trustees/service providers. This information should not be discussed outside of the professional network involved. Service providers and trustees should not discuss such information with other residents or the general public. Where service providers or trustees are meeting with residents in a public place they should be aware that sensitive information could be overheard. Service providers and trustees should not gossip about residents or one another.
Disclosure
Disclosure of personal information outside Stoke Hospital will be made only with the informed consent of the individual concerned, except:
To comply with the law (e.g. the police, Inland Revenue and Council Tax Registration Officer) or a court order
Where there is a clear and serious health or safety risk or evidence of fraud
In connection with court proceedings or statutory action to enforce compliance with tenancy conditions (e.g. applications for possession or for payment of HB direct)
The name, address and contact number of a resident when necessary to contractors or other agents providing services on Stoke Hospital’s behalf
Anonymously for bona fide statistical or research purposes, provided it is not possible to identify the individuals to whom the information relates.
Disposal
When a resident leaves Stoke Hospital, or a trustee/service provider ceases to hold that position, all personal information will be archived and stored securely for the period of one year, then deleted or destroyed, unless the person requests otherwise.