At Novus Health we are committed to ensuring the best standards of practice in all our activities. This extends beyond assuring the quality and safety of our clinical services, to ensuring high standards of quality and safety in the way we handle and manage personal data. We take a transparent approach to how we process personal data by being, open, honest and transparent.
In particular, our approach to data privacy and security is designed to protect the interests of:
- Our Patients
- Our Staff and Shareholders
- Individuals who use with our website
Individuals from any of the above categories can be assured that the protection of privacy and confidentiality are given the highest priority, with all personal information being collected, held and used in strict compliance with the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) 2018.
Type of data and the legal grounds on which data is processed
As a Healthcare organisation we have a legal duty to collect and process information relating to the creation of medical records (patients), personnel records (staff), shareholder records, as well as receiving enquiries (website) and conducting surveys. As such, we will ensure all personal data is collected, held and transferred (where required) in a lawful manner and in line with GDPR ‘good practice guidelines’.
Who controls the data we hold
Novus Health Ltd will be the Data Controller for the information we gather from you. We use NHS approved systems to process patient data, the companies that operate these systems are data processors. In all cases we have confirmed that they are compliant with relevant legislation in relation to the management of your data. No data will be transferred outside of EU borders.
How long will the data we hold be kept for?
The length of time we keep your personal data depends on what it is and whether we have an ongoing duty to retain it (for example, to provide you with ongoing care or to comply with legal and regulatory requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing duty to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
How we use your data (Patients)
First and foremost, we use your personal data to support and manage your care. We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
- Provide you with information about your care; such as appointments times and information about the care you will receive.
- To understand how you are responding to your care.
- To obtain feedback from you on the standard and quality of the care we have provided usually in the form of questionnaires.
National Data Opt Out
Novus Health Ltd is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Novus Health Limited can confirm that we do not have, or plan to have, any agreements in place to share confidential data with third parties.
The rights of the individuals whose data we process (Data Subjects)
GDPR regulations allow individual ‘data subjects’ particular rights, the key ones being:
- Right to be informed – of how we fairly process your data
- Right to access – the data that is held on you
- Right to rectification – of any data felt to be inaccurate or incomplete
- Right to erasure – of your data (otherwise known as ‘right to be forgotten’)
- Right to restrict processing – to ‘block’ or prevent further processing of existing data
- Right to data portability – transferring data to another provider/data controller
- Right to object – to processing (inc. profiling), direct marketing, and certain types of research
- Right to question automated decision making (e.g. for the purpose of profiling)
We will accommodate your wishes in line with your rights under GDPR as long as it is not contravened by any other relevant associated regulations.
Third Party Disclosure
We will never pass any personal information to any third party outside of our organisation (unless they are commissioned for data processing activities where we remain the ‘data controller’) without your consent.
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
Integrity of Data
We take all reasonable measures to ensure that the information we hold is accurate. In particular we use reliable collection methods and destroy or convert to an anonymous form, any out of date data. Individuals may request details of all personal information held by us so as to contest inaccurate or incomplete data, verify the information and have it corrected as appropriate.
Complaints & Concerns
Alternatively, you can raise an issue, if you feel we have in any way handled your personal data unfairly or inappropriately, with the Information Commissioners Office. Further details on GDPR and data protection laws can also be found at the ICO website.