Privacy
Privacy Commitment Statement
In order to comply with the new European General Data Protection Regulation (GDPR) enforced within the UK from 25th May 2018, Saffronland Homes in relation to the services it offers, is required to process personal data about its staff, service users and, in some instances, the friends/relatives or other third parties. “Processing” can mean collecting, recording, organising, structuring, storing, adaption or alteration, retrieving, sharing or destroying data.
What is GDPR?
It is a new European framework which enhances the principles of the Data Protection Act 1998, giving you greater protection and rights, and more control over how your data is used. However, Saffronland Homes' Information Governance policy predominantly serves to mandate practices already in place as required within the health and social sector.
Aim
The organisation aims to ensure that the privacy and confidentiality of service users is respected and that confidential personal data held about them is maintained securely and not shared without their consent.
Background
The organisation understands confidentiality to refer to the duty upon all health and social care organisations to keep information about their service user’s private and protected at all times and to only grant access to people who have a right to that access. This is a vital element in building a trusting relationship where service users can live safe in the knowledge that their personal information, private thoughts and wishes will be kept private and where information about them will be safely protected.
Policy
The organisation believes that confidentiality and privacy is an absolute right of every service user and that breaches of confidentiality may lead to distress and harm. Saffronland Homes is strongly committed to respecting privacy and accordingly privacy and confidentiality of personal information is protected whether provided through paper based, electronic communication, on the telephone or in person. We maintain physical, electronic and procedural safeguards to ensure security of information provided.
-
The privacy of service users will be respected at all times by all staff and all information received about or from service users will be regarded as confidential.
-
Staff will always seek to ask permission before any information about service users is shared or given to anyone else.
-
Staff will not provide information to relatives, spouses, friends or advocates without the consent of the individual service user concerned.
-
All enquiries for information, even if they are from close relatives, should be referred back to the service user or the service user’s permission sought before disclosure.
-
If being asked for information over the telephone staff should obtain the caller’s details and ring them back before handing over any service user information – staff should always check the identity of callers.
-
Staff should only disclose information:
-
With the permission of the individual.
-
In compliance with any statutory or legal obligations.
-
For the legitimate interests of a third party who has a legal right to such information.
-
Where the courts have ordered such a disclosure.
-
-
Before responding to requests for confidential information from insurance companies, solicitors, employers and so on, staff should seek written consent from the service user concerned – they should never divulge information without consent unless obliged to by law.
-
Staff will be expected to comply fully with the requirements of the General Data Protection GDPR Regulations (EU) 2016/679; only relevant personal information about service users will be kept, and this will only be kept for as long as is necessary to ensure the highest standard of care for service users.
-
All files or written information of a confidential nature will be stored in a secure manner – paper files will be kept in a locked filing cabinet and electronic information will be stored on password protected secure networks.
-
Confidential information will only be accessed by staff who have a need and a right to access it – staff should never share passwords.
-
Wherever practical or reasonable staff should fill in all care records and service users’ notes in the presence of and with the co-operation of the service user concerned.
-
Staff should ensure that all care records and service users’ notes are signed and dated.
-
Staff should never:
-
discuss service users’ personal business in public areas where conversations might be overheard
-
discuss service users’ personal business on the phone where their call might be overheard
-
discuss service users with other staff, volunteers or healthcare professionals who are not directly involved in the care of the service user
-
send unsecured emails, faxes or documents containing personal information pertaining to service users – any personal information must be sent via secure email, mail or fax and should be marked ‘confidential’
-
save confidential information on an unsecured or unencrypted laptop or data storage device
-
save confidential information into unsecured parts of the IT network
-
dispose of documents containing personal information in standard waste streams – any confidential documents that are to be disposed of should be shredded.
-
-
In exceptional circumstances a member of staff may be required to breach confidentiality in order to safeguard a service user, or another person, or protect their best interests – all such cases should be immediately reported to a manager and will be thoroughly investigated.
-
Breaches of confidentiality will be regarded as serious matters – disregard of this policy may be regarded as a disciplinary offence and investigated according to the organisation’s disciplinary policy.
-
New service users and prospective service users will be shown a copy of this policy at their initial assessment and staff will do everything they can to ensure that they understand the contents of the policy.
Management Duties
Managers and supervisors have a duty to:
-
ensure that appropriate confidentiality policies, procedures and protocols are in place, are effectively implemented, are clearly understood by all members of staff, including temporary and agency staff, and are regularly reviewed and revised in light of the most recent best practice guidelines and reported incidents
-
ensure that the organisation has clear procedures about what to do when staff think there is a confidentiality breach, what to do during and after an incident, and what follow-up there should be
-
monitor complaints and compliments relating to confidentiality, consent and data protection issues, taking action as required and fully investigating any complaints
-
ensure that service users, and their relatives and representatives, have adequate processes in place to be able to register queries or complaints about confidentiality or consent issues and to have their thoughts listened to and acted upon
-
ensure that an effective incident reporting process is in place and that any data protection incidents or near misses or breaches of confidentiality are accurately reported and investigated
-
monitor carefully any incident reports, including those regarding near misses, relating to data protection and confidentiality issues in order to identify and address any trends or patterns and to identify if risks are being effectively controlled, that is, if reported incidents are reducing in number
-
ensure that adequate and suitable training programmes are carried out which includes induction training on data protection and confidentiality for new staff
-
regularly audit the use of this policy and the effectiveness of procedures to maintain confidentiality
Staff Duties
Staff have a duty to:
-
always respect the privacy of service users and their rights to have their confidentiality protected
-
always act in full compliance with the Data Protection Act 1998 and with associated guidelines and best practice
-
understand the importance of obtaining consent before they divulge any confidential information and acquaint themselves with the procedures for obtaining consent operated in this organisation
-
comply fully with organisational policies on confidentiality and data protection
-
attend appropriate training
-
Training
-
all new staff will be required to read and understand the policies on data protection, record keeping and confidentiality as part of their induction process.
-
existing staff will be offered ongoing update training on confidentiality, data protection, information governance and access to records.
-
all staff who record, store or use personal data will be thoroughly trained in the use of manual and computerised records systems.
Our Website
When you make a contact request through this webite we may collect certain information from you related to your name, address, telephone contact details and email address. We refer to this information as “Enquiries Information” and we use this to fulfil your request. All such data is processed, held securely and kept for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights as required under the GDPR at all times.
Applicability and Scope
This policy applies to all staff and volunteers working in or for the organisation without exception. All staff have responsibility for ensuring that they work within the remit of this policy and in the manner in which they have been trained.
Your Rights
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. Saffronland Homes recognises that your information is personally sensitive, commercially valuable and we take all reasonable measures to protect your data while it is in our care. You have the following rights when it comes to your data:
-
You have the right to request a copy of all of the data we keep about you.
-
You have the right to ask us to correct any data we have which you believe to be inaccurate. You can also request that we restrict all processing of your data while we consider your rectification request;
-
You have the right to request that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with Saffronland Homes' Information Governance Policy.
-
You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
-
You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us in writing to do so.
-
If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible.
To contact us for anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Saffronland Homes
Maple House
121B Winchester Rd
Chandler's Ford
Eastleigh
SO53 2DR
Tel: 02380 270310
Disclaimer
The information contained in this website is for general information purposes only. The information is provided by Saffronland Homes and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Every effort is made to keep the website up and running smoothly. However, Saffronland Homes takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.