Privacy Policy

Who we are

TyneHealth is a GP federation representing all 26 practices in North Tyneside. Together with our GP members, we deliver improved health care in the community to over 215,000 residents, closer to patients’ homes. We are registered in England and Wales under registration number 05927008.

TyneHealth takes your privacy rights very seriously and are committed to always protecting and respecting these rights. This Privacy and Cookies Policy sets out the way in which the personal information you provide to us (and the information collected by us) is handled, stored and processed.

TyneHealth is registered with the Information Commissioner’s Office for data protection purposes (registration number Z1096290).

Scope of this Privacy & Cookies Policy

This Privacy & Cookies Policy relates to all personal information collected and used by TyneHealth either in relation to our staff, our business contacts, website users and individuals who access our services. It provides an overview of how we use this personal information and your rights in relation to this use.

The majority of TyneHealth clinical services are delivered on behalf of practices within the North Tyneside area. Where this is the case, further information on use of this information can be found in the relevant practice’s privacy notice.

In addition all TyneHealth potential or existing staff will be provided with an Employee Privacy Notice.

Information we use

We collect and use different types of information for different purposes. These include:

Information that you provide to use when using our services, or that is generated in the course of the use of these services e.g. if you use one of our clinical services such as Extended Access or a service provided by us through your GP practice (out of hours doctors services, sexual health services etc). Information collected may include your personal contact details and any health information needed to deliver the service to you)
You may be offered a remote consultation as an alternative to attending an appointment in person. If you agree to a remote consultation the GP or healthcare professional may need to receive and store images taken by patients for clinical purposes; this could include images for the purpose of intimate clinical assessment. This will only be done in the interests of the patient where it is necessary for providing health care and with patient consent. The approach to video consulting, image sharing, and storage is the same as it would be for face to face interactions. If we need to store images on your GP record this will be only for as long as necessary. It is a patient’s choice to share an image either of a patient’s own accord or on request of the health professional treating you. Refusal to share an image does not prevent access to care and treatment or result in patients receiving an inferior standard of care. Further details about how remote consultation works can be obtained by contacting the practice.
Information that you may provide to us through our recruitment processes or as a TyneHealth member of staff.
Information contained in or relating to any communications that you send to us or send through our website (including the communication content and meta data associated with the communication)
Any other personal information that you choose to provide to us

Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.

Source of information

We collect personal information from a number of different sources, including:

directly from you. For example, when you access healthcare services, submit a query to us including via our website, by email or post
from other healthcare organisations, such as your GP, an NHS body or a private healthcare provider, for example in order to access your medical records

How we use your information

We may use your information for a number of different purposes. For each purpose we must have a “legal ground” to use your personal information in such a way. When the information that we process is classed as sensitive personal information/ special categories of personal information, we must have a specific, additional “legal ground” to process such information.

Generally we will rely on the following “legal grounds”, as appropriate:

We have a legal or regulatory obligation to use such personal information. For example, where our regulators require us to hold certain records of our dealings with you.
We need to use your personal information in order to protect your vital interests or those of a third party. For example, in order to ensure your safety or the safety of others.
We need to use your personal information for the performance of a task carried out in the public interest or in the exercise or our official authority. For example, in order to provide healthcare services.
We need to use your personal information for purposes of medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems. For example, in order to provide healthcare services and treatment to you.
We need to use such personal information to establish, exercise or defend our legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
We need to use your personal information to manage employment practices as part of our recruitment and staffing processes
You have consented to the use of your personal information

Uses of your information which rely on some of the legal grounds detailed above include:

Providing healthcare and related services
Administration and management of healthcare services (such as maintaining records, receiving professional advice)
Service improvement, evaluation and audit (in order to improve the healthcare we provide, and to protect and improve the health of the public)
Communicating with you and resolving any queries or complaints that you might have
Complying with our legal and regulatory requirements
Safeguarding purposes (for example, in order to ensure the health and safety of an individual)
Preventing and investigating fraud. This might include sharing your personal information with third parties such as the police or fraud prevention agencies, for example, NHS Counter Fraud Authority or Audit One
Managing staff employment and recruitment
Delivering the TyneHealth website
Responding to enquiries or complaints received

For more general information on how NHS and care services use your information, see our Transparency Statement below.

Cookies Policy

Cookies are small text files that are placed on your computer by websites that you visit to distinguish you from other users of the site. TyneHealth and its partners use technologies, such as cookies, and process personal data, such as IP addresses and cookie identifiers, to personalise ads and content based on your interests, measure the performance of ads and content, and derive insights about the audiences who saw ads and content.

TyneHealth will ask for your consent to the use of this technology and the processing of your personal data for these purposes when you visit the TyneHealth website. You can change your mind and change your consent choices at any time by returning to the site through the privacy dashboard.

You will be able to set your consent preferences and determine how you want your data to be used on the website and you will also be able to set consent preferences for each individual third-party company.

Profiling

At the current time, we do not use your information to actively profile you or to make decisions based on characteristics of our service users, neither do we carry out any automated processing of your personal information that would lead to significant decisions being made about you.

When we might disclose your information

We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as is reasonably necessary for the purposes set out in this policy. We will also share information with your GP for the purpose of providing appropriate ongoing medical care.

We may disclose your personal information:

to the extent that we are required to do by law
in connection with any ongoing or prospective legal proceedings
in order to establish, exercise or defend our legal rights (including providing information to others for the purpose of fraud prevention and reducing credit risk)
to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such or authority would be reasonably likely to order disclosure of that personal information

Except as provided in this policy, we will not provide your personal information to third parties or share or process any of your personal information outside the EU.

How we store your information

Your information is transferred, stored and processed securely and in accordance with this privacy and cookies policy. We have strict measures, procedures and security features to prevent unauthorised access to your information. Although all appropriate technical security measures have been taken to protect your personal information, be aware that the transmission of any information via the internet is never completely secure and as such any transmission of personal information is made at your own risk.

How long we keep your information for

Personal information that we process for any purpose shall not be kept for longer than is necessary for that purpose. Notwithstanding the other provisions of this section, we will retain your personal information:

to the extent that we are required to do so by law
if we believe that the information may be relevant to any ongoing or prospective legal proceedings
in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
to support the ongoing business purposes of TyneHealth as specified above (with due consideration for the rights and freedoms of individuals privacy)

If you would like further details of how personal information is retained by our organisation, please contact us directly.

Your rights

You have a number of rights under Data Protection law including:

The right to be informed about the collection and use of your personal information e.g. via this privacy notice

The right to access your personal information
The right to have any inaccurate personal information rectified, or completed if it is incomplete
The right to have your personal information erased in certain circumstances (please note that information which is clinically relevant cannot be deleted from medical records, although notes relating to accuracy etc can be added and access appropriately restricted as necessary)
The right to request the restriction or suppression of their personal information in certain circumstances
The right to data portability – to obtain and reuse your personal information for your own purposes across different services
The right to object to our use of your information in certain circumstances e.g. for marketing or profiling purposes

If you would like to access your own personal information or exercise any of the rights detailed above, please contact us by email email address

In the majority of cases, we will respond to your request within one month of receiving the necessary information required to deal with your request.

We may ask you to supply appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport plus an original copy of a utility bill showing your current address) and any additional information to help us to deal with your request effectively.

There may be some exemptions to dealing with your rights as specified in Data Protection law, but we will ensure you are fully informed of this within a month of receiving your request.

Full information on your rights under the Data Protection Act can be found from the following link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you have a concern that cannot be resolved through discussion with us, these can also be raised with the Information Commissioner’s Office. More information can be found from the following link https://ico.org.uk/concerns/

Transparency Statement – How the NHS and care services use your information

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
monitoring safety
planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

See what is meant by confidential patient information
Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
Find out more about the benefits of sharing data
Understand more about who uses the data
Find out how your data is protected
Be able to access the system to view, set or change your opt-out setting
Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.

Changes to our Privacy and Cookies Policy

Any changes we may make to our Privacy and Cookies Policy in the future will be posted on this page, so please check from time to time to see if there are any changes.

Contact

Questions, comments and requests regarding this privacy and cookies policy or about the way we use your personal information are welcomed and should be addressed to email address