Privacy Statement

The NHS Test and Trace service:

• ensures that anyone who develops symptoms of coronavirus (COVID-19) can quickly be tested to find out if they have the virus, and also includes targeted asymptomatic testing of NHS and social care staff and care home residents
• helps trace close recent contacts of anyone who tests positive for coronavirus and, if necessary, notifies them that they must self-isolate at home to help stop the spread of the virus.

NHS Test and Trace is a key part of the country’s ongoing COVID-19 response and is run by Department for Health and Social Care (DHSC). It includes dedicated contact-tracing staff working at national level under the supervision of Public Health England (PHE) and local public health experts who manage more complex cases.

By maintaining records of staff, customers and visitors (and sharing these with NHS Test and Trace where requested) this can help to identify people who may have been exposed to the virus.

The Trust is collecting information about visitors and staff to support the NHS Track and Trace process. Where an individual develops symptoms of COVID-19 and identifies that they have been within Trust locations we may need to share information of other individuals that the person may have been in contact with.

Due to this, the Trust will collect information in relation to visitors:

• name
• contact telephone number
• email address
• time of arrival
• time of departure

Staff who visit sites, which is not their usual working base or location, will also be required to sign the visitors log and provide the following information:

• name
• Job title
• Time of arrival
• Time of departure

This information will be collected on site at the point of entry within each Trust location. It will be secured daily and held for 21 days; following which the information will be destroyed.

In relation to staff information, if it is confirmed that that you contracted COVID-19 from a work-related exposure, the Trust is obliged to report this to the Health and Safety Executive.

The Trusts legal basis for sharing the data with DHSC, and for DHSC’s processing of your personal data is:

• GDPR Article 6(1)(e): the processing is necessary for the performance of its official tasks carried out in the public interest in providing and managing a health service
• GDPR Article 9(2)(h): the processing is necessary for the management of health or social care systems and services
• GDPR Article 9(2)(i): the processing is necessary for reasons of public interest in the area of public health
• DPA 2018 – Schedule 1, Part 1, s.3: Public Health
• DPA 2018 – Schedule 1, Part 1, (2)(2)(f): Health or social care purposes

If you have any queries around the Trust use and sharing of data in relation to the Test and Trace service, please contact the Trust's Data Protection Officer.

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.

NHS England has commissioned NHS Arden and GEM CSU (which is part of NHS England) to implement a National Immunisation Vaccination Service (NIVS). The implementation of this service will deliver a centralised data capture tool for clinical teams delivering the seasonal flu immunisation and is an essential component of NHS England’s response to the COVID-19 pandemic. The Trust will be sharing data for inclusion within the National Immunisation Vaccination System (NIVS) which will be populated with:

1. Demographic information from the Electronic Staff Record of current NHS staff to be offered a vaccination. NHS Digital will receive a flow of ESR Data from BSA, trace the data to append the NHS Number. This data set will be forwarded to AGEM as a data feed into a secure database where it will be accessible by the application for pre-populating and validating vaccination events.
2. A record of the vaccination decisions undertaken.
3. Recorded vaccination decisions and relevant clinical data

Data will be disseminated to NHS Digital as Data Processors on behalf of NHSE.

Data will be shared under the provisions of the COPI notice, issued by the Secretary of State for Health and Social Care, where we are legally required (not just ‘requested’) to provide confidential patient information about staff to support the flu and COVID-19 vaccination programme. The COPI notice specifically states that confidential patient information can be shared in order to support:

“understanding …. about patient access to health services and adult social care services and the need for wider care of patients and vulnerable groups as a direct or indirect result of COVID-19 and the availability and capacity of those services or that care”

and can be relied upon for a number of reasons including:

• It is critical that any potential flu epidemic is managed when the NHS is already dealing with the coronavirus pandemic.
• It is important to monitor take-up of the flu vaccine by staff and the potential impact on staff absences.
• Ensuring there is an appropriate interval between administering the flu and COVID-19 vaccinations.

Further details of the vaccination process are available via NHS England’s Privacy Notice and via NHSx website.

Your COVID Recovery® Programme is a new digital platform designed to support a person’s recovery at home in the short and immediate-term post COVID-19. It has been developed by experts representing a wide range of professional bodies and societies alongside people like you who have experienced COVID. It is planned to be rolled out alongside the programme of long COVID clinics, in which the Physical Health Psychology team will be involved.

It will support you to restore your physical and emotional well-being.

On the website, it will have an ‘ask the healthcare professional’ facility to allow you direct access to local staff that should be able to answer your questions related to your recovery.

The website and information collected via the website is managed by the University of Hospitals of Leicester NHS Trust. Further information about the security and use of your information through the Your COVID Recovery® Programme is available via the Your COVID Recovery Website.

How do I get access to ‘Your COVID Recovery’?

• A health care professional will need to refer you to a centre that will assess your needs and support you through this programme.
• Ask your primary care team or hospital team to find out if the programme is offered in your area.

The Trust's Data Protection Officer (DPO) is:

Katie Sparrow, Head of Information Governance and Data Protection

Email: Katie.sparrow@nhs.net

Tel: 0121 612 8017

The Data Protection Officer operates independently on how to deal with data protection matters putting patient rights at the heart of their decision making process. The Data Protection Officer will be the first point of call for individuals, such as patients, whose data is being processed, but will also be the person for staff to turn to relating to any data protection queries.

Any request for access to health records should be forwarded on to:

Information Governance
Dorothy Pattison Hospital
Alumwell Close
Walsall 

WS2 9XH

Email: bchft.infogov@nhs.net 
Telephone: 0121 612 8037

Information for Healthcare Purposes

Your doctor and the team of Health Professionals caring for you keep records about your health and any care or treatment you receive from the NHS. These records help to ensure that you receive the best possible care.
They will need to keep records, which may be written or held on computer, about your health and the care and treatment that you are receiving from them.

Information about our Foundation Trust Members

Being a Foundation Trust means we have a statutory duty to ensure that our membership is representative of the organisation and the areas it serves. We are also accountable to our members to ensure we are developing services that meet local needs. This means all our members are free to have their say on the way our services are shaped and delivered. 

For full details on the data we collect and hold in relation to our Foundation Trust Members please see our Membership Privacy Notice.

Information for Employment Purposes (Staff information)

We need to obtain information about you without which we would be unable to employ you. Your information enables us to meet various administrative and legal obligations for example ensuring you have a right to work within the UK, paying you and for tax purposes.

Information about why we collect specific information will be provided to you via the Trusts recruitment process, the information required will depend on the job role you have applied for and your previous NHS employment.

For full details on the data we collect and hold in relation to employment with the Trust please refer to our Staff Members Privacy Notice.

The records that we keep about you will include:

• Personal details about you, such as name, address, date of birth, next of kin and telephone numbers.
• Sensitive details about you such as ethnicity, gender, what you are doing at the moment and what problems, if any, you may have.
• Any contact that we have had with you previously
• Notes and reports about your health and any treatment you have and may receive.
• Results of investigations and tests.
• Relevant information from people who care for you and know you well such as other health professionals and relatives.

It is essential that we have your correct details to ensure the appropriate care and treatment is provided to you, if your detail change please inform us as soon as possible.

We will collect your information from a variety of sources, however most of the information which we hold will be directly from you. We will collect information in different ways such as:

• Face to face: Most of the information we hold about you will be collected from you at the time you engage with the service. Any data provided will be used for the reasons listed in this notice and will only relevant data will be requested and recorded.

• Video calls: Since the pandemic in 2020 the Trust have moved to the use of video conferencing methods, allowing us to conduct virtual appointments with you via video calls. The platforms used are secure and information you disclose over the video call will be written within your Health Records. Video Calls have the ability to be recorded, if your session is to be recorded this will be explained to you and your consent obtained prior to the start of the recording.

• Telephone calls: The information you disclose over a telephone call may be written within your Health Records by the Trust either to support your care or as a record of the conversation. Ordinarily we will inform you if we record or monitor any telephone calls you make to the Trust. This is to increase your security, for our record keeping of the phone call and for training and quality purposes.

• Emails: If you email us we may keep a record of your contact and your email address.

• Other organisations: We may receive information from other organisations that are also required by law to share information with us about you, to help us have a full picture of your needs and provide you with care. Some examples of information we receive from other organisations are:
  • Referrals - We may receive referrals or a transfer of your notes to specific specialties as a result of your care being transferred to our organisation. This can be from another Trust, your GP or any health or social care provider initiating a referral.​​​​​​​
  • Direct access - The Trust and its staff may, on a need to know basis have access to specific clinical systems from other organisation such as the summary care record, other Trust clinical systems in order to access information about you that is relevant to your care delivery. All systems are auditable and access is on a need to know basis

Provide Healthcare

Predominantly we will use your data for direct care purposes, where our staff will use this information to enable them to assess your health and to decide what care and treatment you will need. To maintain the accuracy of this information it will be regularly up dated and kept securely. 

For your benefit we may need to share some information with others involved in your care.  This may mean that we will work with other agencies such as; other NHS Trusts, your GP, Social Care Services.  We will only ever use or pass on information about you to support your direct care where others are involved in your care or where we have consent to do so. However please be aware that there may be occasions where we have a statutory obligation to do so by law.

Management and Evaluation of Services

Health Records can also be used within service evaluation, audit and for teaching purposes; in these cases we use anonymous information when possible. Service evaluation and audit is a way for the Trust to review the service's effectiveness or efficiency through systematic assessment of its aims, objectives, activities, outputs, outcomes and costs.  Where possible we will use anonymised information to complete audits and evaluations.  Please be aware that we may speak to you about the service and ask if you want to be involved within service evaluation processes, such as answering set questions about the service and how you feel the service has benefited you this will be completed when you are in contact with the service.

Your information can also be used for statistical purposes; in these cases we take strict confidentiality measures to ensure that the information is anonymous so individual patients cannot be identified.

Research

The Trust has an internal research department and where you are involved in a research project, you will be provided full information about the study or project and will be asked for consent before your information is used as part of the research.

Yes the Trust does share information. We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it.

You may be receiving care from other people as well as the NHS (e.g. Social Services), in this case we may need to share information about you with them so we can all work together for your benefit. We will only ever pass this information about you if:

• They have a genuine need for it
• where there is a danger of harm to a child or vulnerable adult
• To aid the prevention and detection of serious crime
• There is a court order
• We have your consent

We will not disclose your information to a third party without your consent unless there are exceptional circumstances, such as when the health and safety of others is at risk or if the law requires us to.

We may share information about you with the following organisations in order to support the delivery of your care:

• Department of Health and other NHS bodies
• Clinical Commissioning Groups (CCG’s)
• Other providers involved in your care - such as NHS hospitals
• General Practitioners (GP’s)
• West Midlands Ambulance Service
• Other Mental health Services Providers
• Social Services

We may also share your information, with your consent and subject to strict sharing protocols about how it will be used with:

• Education services
• Local authorities
• Voluntary sector providers
• Private sector

We may also share your information with others that need to use records about you to carry out the following:

• Check the quality of treatment of advice we have given you
• Protect the health of the general public
• Manage the health service
• Help investigate any concerns or complaints you or your family have about your healthcare

This will be done with protocols or agreements in place to govern the sharing of data to ensure it is adequate and relevant to the purpose listed above.

Some information we have to share is used for statistical, research or audit purposes, and in these instances we take strict measures to ensure that individual patients cannot be identified and where appropriate anonymisation and pseudonymisation techniques will be used to protect your identity.

Anyone who receives information from us also has a legal duty to keep it confidential and secure.

If you do not wish personal data that we hold about you to be used in the way that is described in this notice, please discuss the matter with us. You have the right to object in certain circumstances, such as where you have given consent to the processing or have entered into a contract you have given consent, but this may affect our ability to provide you with care or advice. Further details about your rights is available within this privacy notice.

The Trust follows destruction and retention periods as set out in the Health and Social Care Record Management Code of Practice.

The Trust’s Record Management Policies and Procedures in relation to retention and destruction of information has been produced in line with the Code of Practice and is available via our Publication Scheme.

1. TO BE INFORMED

Individuals should know what information is collected, how it is used, how long it is held for, who it is shared with. This is available within the Trusts Privacy Notices (such as this one), in addition staff involved within your care will be able to provide further details in relation to the use of your data. Where we need to share information the staff involved in your care will discuss this with you and will be able to provide clarity in relation to what information will be shared and why.

2. SUBJECT ACCESS

This provides you, or an individual acting on your behalf, to view or have copies of the information which hold about you. The Data Protection Act 2018 provides a right of access to your information; however the Trust is entitled to withhold information considered to be detrimental to the physical or mental health of the patient or other person, or if the information contains information given by a third party.

3. TO RECTIFICATION

Right to have information corrected if inaccurate.

You can ask for corrections to be made to your records and you are entitled to a copy of the correction, or, if the record is not corrected, the record holder’s note of the request and any discussion.

4. TO ERASURE

Known as ‘Right to be forgotten’. 

You can ask for your information to be deleted/erased; however there are limitations to this such as where the information we hold about you is for the provision of health not all information can be erased.

5. RESTRICT PROCESSING

To limit what organisations can do with your information, including who to share it with.

You have the right to limit the way in which we can use your data; this includes who we share data with. Please note that there are limitations to this as we need to ensure that we can meet your Health and Care needs.

6. DATA PORTABILITY

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. Please note that there are limitations in relation to this right across the NHS.

7. TO OBJECT

To stop an organisation processing your data.

This includes stopping data sharing, please be aware by objecting to data usage and/or sharing (including the restricting sharing of data), it may make the provision of care or treatment you receive more difficult or unavailable and we will fully inform you of this. You can also change your mind at any time about your decisions.

8. RIGHTS RELATING TO AUTOMATED DECISION MAKING AND PROFILING

There are provisions on:

• automated individual decision-making; making a decision solely by automated means without any human involvement.

• profiling; automated processing of personal data to evaluate certain things about an individual.

Please be aware that the Trust does not utilise automated decision making and profiling.

If you would like to enforce any of your rights you can discuss this with your clinical team or contact the Information Governance Team (details below).  In addition to the above you also have the right to raise any complaints or concerns in relation to the use of your information with the Information Commissioner, who is the UKs supervisory body who oversees the Data Protection Act 2018 and GDPR 2016.

Everyone working for the NHS has a legal duty to keep information about you confidential and secure under the General Data Protection Regulation 2016 / Data Protection Act 2018 and the Caldicott principles. We use the minimum amount of information required to inform the people who need to know to provide you care.

Anyone who receives information from us is also under a legal duty to do the same and our staff all have a confidentiality clause within their contract. Breaking these rules can result in staff members being dismissed.

Yes; the below table provides the Trust's lawful basis for the types of processing that we undertake:

The Better Care fund is a transformation incentive which is designed to bring about the integration of health and social care services, launched nationwide in April 2015.

Working together on this programme are the City of Wolverhampton Council, Wolverhampton Clinical Commissioning Group, The Royal Wolverhampton NHS Trust, Black Country Healthcare NHS Foundation Trust and GPs, alongside groups and forums with whom we have engaged with, and continue to do so.

Data is being used and shared between the above mentioned organisations to assist in the review and redesign of services, as well as directly improving the care you receive. The programme is focusing on the following priorities:

• Reducing emergency admissions to hospital
• Reducing the number of delayed transfers of care from hospital Improving the effectiveness of re-ablement
• Reducing the number of people permanently placed in nursing and residential care
• Improving the experience of people using service
• Improving the number of people in Wolverhampton with a diagnosis of dementia.

For more information about this initiative, please see the Better Care Wolverhampton webpages on the Woverhampton.gov website.

If you do not wish your information to be shared, please email WOLCCG.bettercarefund@nhs.net

Black Country Healthcare NHS Foundation Trust is required [by law] to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed on the gov.uk website.

MERIT is one of 50 pilots across the country that are exploring new models of care which will act as the blueprints for the NHS moving forward and the inspiration to the rest of the health and care system.

MERIT comprises our Trust along with Birmingham and Solihull Mental Health NHS Foundation Trust and Coventry and Warwickshire Partnership NHS Trust.

This unique mental health alliance will focus on three priority areas: Every day working in acute services, crisis care and the reduction of risk and recovery culture.

Some of the specific transformations we want to see are:

• Crisis care – exploring ways to map bed management and improving access and the patient experience
• Recovery – helping people to gain and stay in employment, working better with local communities, and developing a way to track quality of life
• Every day services (previously known as Seven Day Working) – exploring the benefits of weekend services, and charting comparisons with best practice in similar organisations
• Equality and diversity – developing a bespoke equality impact assessment to support other work streams and exploring ways to gather improved equality data Information technology – scoping options for a shared patient record
• Quality governance – developing a mock inspection tool to develop a consistent standard, which will also support CQC inspections
• Research and innovation – supplying evidence to support work stream priorities
• Workforce – developing baselines for statutory training and wider workforce planning

The Trust is continuing to work with Dudley CCG, Dudley Group of Hospitals NHS Trust, Dudley Integrated Health and Care NHS Trust, Dudley Council and Dudley Voluntary Services as part of the aim to develop an Integrated Community Provider Trust within Dudley which will integrate GP-led providers across health and social care.

Further information in relation to this is available via Dudley Integrated Health and Care NHS Trusts’ Website.

Black Country Healthcare NHS FT is working with other health and social care organisations to develop a Shared Care Record.  We will share information that will form part of your Shared Care Record. The Shared Care Record allows health and care professionals involved in your care to view your records to help them understand your needs and make the best decisions with you, and for you.

Birmingham and Solihull Shared Care Record

Information we hold about you will be available, to read only, to other Health and care professionals in Birmingham and Solihull, Coventry and Warwickshire, and Herefordshire and Worcestershire when they are involved in your health or social care.

For more information on how your data is used on the Birmingham and Solihull Shared Care Record and how to exercise your rights please see the full Privacy Notice or copy and paste this link https://www.livehealthylivehappy.org.uk/birmingham-and-solihull-shared-care-record/