Plain English explanation
Care and Health Information Exchange (CHIE) formerly known as the Hampshire Health Record or HHR, is an electronic summary record for people living in Hampshire, Portsmouth and Southampton. As we explain in our Privacy Notice for Direct Care SPCL keeps a range of data on you in order for us to provide you with the services you would expect from a GP practice. GP practices, hospitals, social care and community care teams collect information about you and store it electronically on separate computer systems. In order for different parts of the health and care system to work together to provide you with the support you need the Care and Health Information Exchange (CHIE) stores summary information from these organisations in one place so that – with your consent – professionals can view it to deliver better care to you. This record contains more information than the Summary Care Record, but is only available to organisations in Hampshire. Records on CHIE are held with clear NHS numbers and other identifiers required to locate information to deliver to professionals in support of treatment and care. The primary purpose of the CHIE is to provide clinical and care professionals with complete, accurate and up-to-date information when caring for patients like you. In addition to ensuring that people who care for you have access to the right level of summary information CHIE also analyses trends in population health through a database called CHIA. This is called ‘secondary processing’. CHIA is a physically separate database, which receives some data from CHIE but all of the data used in this way has been ‘pseudonymised’ – this means names, initials, addresses, dates of birth and postcodes have all been removed. It is not possible to identify any patient by looking at the ‘pseudonymised’ data on the CHIA database. People who have access to CHIA do not have access to CHIE. CHIE does not rely on the consent of the data subject to process data for direct care, although as good practice users are asked to seek the consent of the patient at the point where the data is accessed for clinical use. If you do object to your information being processed or stored on CHIE it can retain just enough information about you to ensure that the restriction is respected in future. You can ask to restrict processing to direct care (data not transferred to CHIA) only or completely (data not visible in CHIE or CHIA). If you do not want your information shared with CHIE, please discuss this with your healthcare professional. Further details about CHIE are available here: http://www.careandhealthinformationexchange.org.uk/wp-content/uploads/2018/04/CHIE-Review-of-Procedures-Compliance-with-GDPR_V5-1.pdf We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections. |
|
1) Data Controller contact details
|
Southampton Primary Care Limited
49 Portsmouth Road, Woolston, Southampton, SO19 9RL |
2) Data Protection Officer contact details
|
Dr Ali Robins |
3) Purpose of the processing | To enable healthcare professionals across Hampshire, as authorised, to view information extracted from the GP record when providing direct medical care to the data subject |
4) Lawful basis for processing | This is a Direct Care purpose. There is a specific legal justification;
Article 6(1)(d) “processing is necessary to protect the vital interests of the data subject or of another natural person” Article 6(1)(c) – “Processing is necessary for compliance with a legal obligation” And Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” And in some cases; Article 9(2)(c) ‘processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent’ There is also a secondary purpose for CHIA for which the following also applies; Article 6(1)(e) – “Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”* |
5) Recipient or categories of recipients of the shared data | The data will be shared with Healthcare professionals providing direct medical care to the data subject, with a legitimate relationship to the patients, and with contemporaneous explicit consent to view. |
6) Rights to object | You have the right to object to some or all of the information being shared with the recipients. Contact the Data Controller or SPCL.
You also have the right to have an “Advance Directive” placed in your records and brought to the attention of relevant healthcare workers or staff. |
7) Right to access and correct | You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law. If we share or process your data in an emergency when you have not been able to consent, we will notify you at the earliest opportunity. |
8) Retention period | The data will be retained in line with the law and national guidance |
9) Right to Complain. | You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate) There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website) |
* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of
Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to
as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also
said to be based on precedent.
The general position is that if information is given in circumstances where it is expected that a duty of
confidence applies, that information cannot normally be disclosed without the information provider’s
consent.
In practice, this means that all patient information, whether held on paper, computer, visually or audio
recorded, or held in the memory of the professional, must not normally be disclosed without the consent of
the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still
applies.
Three circumstances making disclosure of confidential information lawful are:
where the individual to whom the information relates has consented;
where disclosure is in the public interest; and
where there is a legal duty to do so, for example a court order.
© Southampton Primary Care 2024 | Registration number: 09332040
Website by Eldo™