Who are we?
Insight Healthcare is a not-for-profit organisation providing free NHS talking therapy services across the UK. We are registered as a data controller with the Information Commissioners Office. Our registration number is Z7824778.
Our Data Protection Officer’s contact details are:
36 Brenkley Way
Newcastle upon Tyne
Tel: 0191 217 0377
Personal data and special categories of personal data
Personal data is defined by the General Data Protection Regulation (Regulation 2016/679) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified.
In order for us to provide you with a service we need to collect personal data including health information which is a special category of personal data. We are committed to ensuring that the information we collect, and use, is appropriate for this purpose and does not constitute an invasion of your privacy. We will process (collect, store and use) the information you provide in a manner compatible with the UK’s General Data Protection Regulation (GDPR).
We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary.
What personal data do we collect?
In accordance with the Health and Social Care Act 2012 and Health and Social Care (Quality & Safety) Act 2015, personal and sensitive information we will collect from you will include:
- Reasons for referral and information supplied by your GP, medical advisor, NHS referrer or other referrer. This will include your name, date of birth, address, contact telephone numbers, email address and certain health information.
- The information supplied by you at first contact and in your assessment session; with additional information from professionals where applicable.
- Clinical assessments and plans relating to your treatment.
- Summaries of the content of therapy sessions.
- Copies of any letters or emails sent to you or received from you.
- Details of any contacts you have with us, such as sessions, Skype, or telephone conversations.
We collect this personal information in order to provide treatment services to you (including communicating with you, your GP, your NHS referrer, other medical advisors as appropriate).
We securely store your information on our electronic care records system.
Why do we collect information about you?
At Insight Healthcare, we collect and process personal data in order to provide you with the best and most appropriate care. This is essential in helping us to:
- Confirm who you are and when we can contact you.
- Make decisions about your ongoing care and treatment.
- Ensure that we have accurate and up to date information in order to assess your needs and improve your care.
- Allow us to investigate complaints, claims and incidents.
The legal basis for the processing of your personal and special category data is covered under the provisions of Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller’.
Who do we share your information with?
Insight Healthcare has a data protection policy which means that relevant information is only shared with people involved in your health care. This will include:
- Practitioners engaged by us to carry out our services to you
- Your GP
- Your local NHS service if this is appropriate
- The Department of Health and other statutory bodies to whom Insight Healthcare is required to submit anonymised data.
- Local audits within Insight IAPT, including the management of untoward or adverse incidents, person satisfaction, including measurement of outcomes.
We will only consider sharing your personal information with other organisations or professionals where we consider that it is an important part of delivering effective care. We do share your information with consent; however, we can also share your information when there is another legal basis to do so. This includes sharing information for the prevention of harm to yourself or others, child protection, the prevention, investigation and detection of a serious crime, including terrorism, or a Court Order. In these circumstances, Insight Healthcare will always do its best to notify you of the sharing of information and only share the minimum information required for the purpose.
We only share information with your family, friends or advocates with your explicit consent. You have the right to refuse/withdraw your consent to this sharing at any time.
Some of our services work with partner organisations who we share information with. For details of which partners we work with, within specific teams, please contact your service.
We share anonymised information for the Improving Access to Psychological Therapies (IAPT) data set, to help achieve better outcomes and experiences of care. The data set collects information about demographics (such as postcode, date of birth, ethnicity), referral, treatment and outcomes details.
The data is securely sent to NHS Digital, the central organisation that receives the same data from all NHS-funded IAPT services across England.
The data set is used to produce anonymised national reports that show a summary of, for example, the numbers of patients referred to different IAPT services across the country and the average waiting times and outcomes.
These reports help the NHS to improve the care it provides. No information that could reveal your identity is used in these reports.
The data may be linked with other sources of data to support a broader range of information within these national reports, such as investigating the relationship between IAPT services and other care services.
More information about how NHS Digital uses IAPT data, including their lawful basis for processing, how long they hold it and your rights, can be found here. Alternatively, you can call 0300 303 5678.
The National Data Opt-Out
The national data opt-out was introduced on 25 May 2018, enabling service users to opt out of the use of their data for search or planning purposes. This is in line with the recommendations of the National Data Guardian’s Review of Data Security, Consent and Opt-Outs.
You can view or change your national data opt-out choice at any time by using the following link: www.nhs.uk/your-nhs-data-matters.
If you require more information about the national opt-out, please visit: https://digital.nhs.uk/national-data-opt-out.
We are always looking to demonstrate which interventions positively impact our patients. Consequently, we actively participate in service evaluation work.
When conducting evaluations, we gather information about the impact of the interventions we deliver. In some instances, we will use data to support external research and evaluation. In all instances, any data used in research and evaluation is completely anonymised before it is shared or published outside of the organisation.
How long we keep your information
The information we collect will form your health record which we will retain for the duration specified by national guidance from the Department of Health, NHS Records Management Code of Practice. All confidential information is destroyed in line with the NHS Records Management Code of Practice.
Your rights as a data subject
At any point while we are in possession of or processing your personal information, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you. You will need to provide a form of ID to access this. Click here for more details about how to request access to your records, or speak with the service manager.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records; however, there are exceptions to the right to erasure and Insight Healthcare are legally required to maintain your records in accordance with the retention guide referenced in the link above.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
You can find out more about your rights under the UK’s data protection laws at www.ico.org.uk
In the event that you wish to make a complaint about how your personal information is being processed by Insight Healthcare (or third parties as described), you can contact the Data Protection Officer using the contact details above.
If you are not satisfied with how your complaint has been, or is being, handled, you have the right to lodge a complaint directly with the Information Commissioners Office who is the identified supervisory body:
Information Commissioner’s Office
Tel: 0330 8303 0338
Changes to this privacy notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available on our website www.insighthealthcare.org
How to contact us
To contact us about anything to do with your personal data and data protection, including to make a request for access to your records (subject access request), please contact our Data Protection Officer:
36 Brenkley Way
Privacy notice / Insight Healthcare 6
Newcastle upon Tyne
Tel: 0191 217 0377
Data Protection Impact Assessments
For more information relating to our Data Protection Impact Assessments, please contact the Data Protection Officer at firstname.lastname@example.org.
Information Governance Policies and Procedures
If you would like a copy of, or have any queries regarding, our IG Policies and Procedures, please contact our Governance and Quality Department at email@example.com.