Privacy Notice For Secondary Uses Data
Who We Are
We are the Kent and Medway Shared Health and Care Analytics Board (SHcAB), a partnership of health and social care organisations who are instructed to use citizen’s data to help prevent ill health, encourage wellbeing and join up services to better meet the needs of the population of Kent and Medway.
Whenever you use a health or care service, such as visiting your GP or attending Hospital or using Care services in the community, important information about you is collected in a patient/client record for that service. This is known as data processing for direct care purposes. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you can also be used for and shared with other organisations for purposes beyond your individual care. This is known as data processing for Secondary (indirect) care purposes.
- Planning, implementing and evaluating population health strategy - Describing population health needs, understanding where the gaps are, the levels of ill health and reasons for them, and designing and implementing services to improve health.
- Managing finances, quality and outcomes - Understanding costs of services delivered, allocating budgets to invest and improve them, and using information to ensure those services are fit for purpose.
- Risk stratification for early intervention and prevention - Identifying which of our residents are in greatest need and ensuring our services are delivered in a timely and effective manner to improve their health.
- Co-ordinating and optimising patient or service user flows - Using service activity data and contact data to optimise health care use by citizens of hospitals and other care facilities whilst improving health and care outcomes.
- Undertaking research - Working with approved researchers to utilise the best possible methods to analyse data and give useful recommendations for planning and delivery of services.
- Public Health including analysis and reduction of healthcare inequalities - Ensuring that delivery of health and healthcare services is equal and equitable for the whole population, for example: Health Checks Equity Audit (audit of access to relevant health services, and how related outcomes are distributed across the population).
Using information as described can only happen when there is a reason supported by the law. Confidential information about your health and care is only used when a legal purpose has been identified.
The SHcAB will receive requests to use data collected routinely by organisations across the Kent and Medway Integrated Care System and make sure it is allowed by law. The information from more than one source may be joined together and used.
What Type Of Information Is Used
The data that is routinely collected about you would include Personal Identifying Data and Special categories of Personal Data. For further information about your data please visit the ICO website
Anonymised data – data where personal identifiable identifiers have been removed. Data protection laws and the Common Law of Confidentiality to do not apply to anonymised data.
Pseudonymised data – data where any information which could be used to identify an individual has been replaced with a fake identifier. Pseudonymised data remains personal data and as such the Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
Personal Identifying data – The Common Law Duty of Confidentiality and Data Protection legislation apply and there must be a lawful reason for using such data.
Data Protection laws give you rights in respect of the personal information that is held about you. You have the right to:
√ Be informed why, where and how your information is used
√ Get access to it
√ Rectify or change it if it inaccurate or incomplete
X Erase or remove it
√ Restrict or stop processing it
X Move, copy or transfer it
√ Object to it being processed or used
√ Know if a decision was made by a computer rather than a person
Our Data Protection Officer (DPO)
The SHcAB Information Governance & Data Analytics group is assisted by an appointed Data Protection Officer (DPO) of the Kent & Medway ICS to monitor compliance with the GDPR, and will inform and advise us of data protection obligations, provides advice regarding Data Protection Impact Assessments (DPIAs) and will act as a contact point for data subjects and the ICO. Our Data Protection Officer can be contacted via the KeRNEL website.
Approved researchers may hold personal data for specified periods of time, as set out in the Records Management Code of Practice 2021 – A guide to the management of health and care records.
If you don’t want your identifiable NHS patient data to be shared for purposes except for your own care, you can opt-out by registering a Type 1 Opt-out (opting out of NHS Digital collecting your data) or a National Data Opt-out (a service that allows patients to opt out of their confidential patient information being used by NHS Digital and other health and care organisations for research and planning), or both.
How To Complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
The SHcAB is not a legal entity and has no statutory responsibility for ensuring compliance with data protection legislation or the common law duty of confidentiality. This responsibility remains with individual data controllers and processors.
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.