General Data Protection Regulation (GDPR)

PRIVACY POLICY FOR PATIENTS

How We Use Your Information

Olympus Health is committed to ensuring that your privacy is protected. However, where you are receiving a service from Olympus Health we are required to share that information with other organisations as part of your treatment and care. This is to ensure that your health records are accurate and up to date.

We may also use your information to inform, improve and maintain the services that we are delivering. This information may be included in reports that are used by employed members of Olympus Health to show how we are improving and maintaining services, however, any identifiable information which can identify you will be removed and anonymised to preserve your privacy and confidentiality.

We will not sell, distribute or lease your information to any third parties, unless we have your permission to do so.

For more information on how we use your information please contact Abbas Tejani, Data Protection Officer via e-mail on atejani@nhs.net

Data Protection

Olympus Health is committed to ensuring that any information it collects and retains is kept safe and secure and in line with the Data Protection Act 2018 and General Data Protection Regulations (GDPR).

Olympus Health has completed a number of requirements associated with changes in Data Protection law, this includes:

• Appoint a Data Protection Officer
• Continually reviewing and updating our policies and procedures
• Reviewing our Information Asset Register – This is a register that lists all our databases which hold corporate and patient information

Ensuring that there are Data Protection Impact Assessments in place where it has been determined that the information being processed is high risk due to the amount of sensitivity of the information. A Data Protection Impact Assessment policy is now in place.

Ensuring that any privacy notices are included or on documentation where this will require personal information to be used.

In addition to this, Olympus Health will also ensure adherence to the 7 Caldicott Principles.

Principle 1 – Justify the purpose for using confidential information
Principle 2 – Don’t use personal confidential data unless it is absolutely necessary
Principle 3 – Use the minimum necessary personal confidential data
Principle 4 – Access to personal confidential data should be on a strict need to know basis
Principle 5 – Everyone with access to personal confidential data should be aware of their responsibilities
Principle 6 – Comply with the law
Principle 7 – The duty to share information can be important as the duty to protect patient confidentiality

Security

We ensure your information is always secure. In order to prevent unauthorised access or disclosure we have put in place safeguards that protect physical, electronic and managerial procedures to secure information we collect. Please see our policies that show our commitment ensuring information is safe.

1. Information Governance Policy - Information Governance Policy
2. Data Protection Impact Assessment Policy - Data Protection Impact Assessment Policy
   
3. Confidentiality Policy - Confidentiality Policy
   

Subject Access Requests
If you are or receiving a service from Olympus Health and would like to know what information we hold, you have the right to ask us to provide that information to you.

This is known as a subject access request (SAR). There is no fee for this.

To be able to provide you with that information you will need to provide proof of identification. Please speak to any member of staff to request this.

Employees and Contractors

Olympus Health needs to process data about you because we enter in a contract with you. In some cases, Olympus Health also processes your data to comply with a legal obligation.

Therefore, we may process your data in several different ways

1. Maintain accurate up to date employment record and contact details
2. Operate and keep a record of disciplinary
3. Keep a record of application form
4. Obtain occupational health and support for you, sharing your information with consent
5. Ensure effective HR and business administration
6. Provide references on request for current and former employees.

In addition to this Olympus Health works with appointed contractors that deliver clinical services on our behalf and your information will be shared with them for the purpose of delivering clinical care.

Further information

Questions, comments and requests regarding this privacy policy are welcome and should be addressed to:

Data Protection Officer
Olympus Health

Groby Road Medical Centre

9 Groby Road

Leicester

Leicestershire

LE3 9ED