NHS Patients

0333 202 0300

Medico Legal

0333 202 3188

Self Pay & PMI

0333 200 2064

Privacy

Privacy Notices

Please select the appropriate privacy notice.

INHEALTH PRIVACY NOTICE

Introduction and General Terms

We are committed to protecting and respecting your privacy and ask that you read this notice carefully. It explains when and why we collect personal data about you, how we use it, the conditions under which we may disclose it and how we keep it secure.

Who are we?

We are InHealth Group Limited, registered in England & Wales under company number 04620480 with our registered office at Beechwood Hall, Kingsmead Road, High Wycombe, Bucks HP11 1JL. The principal subsidiary of InHealth Group Limited is InHealth Limited.

What type of personal data do we collect and process?

Personal data is any information that relates to you and can be used to identify you.

We may collect and process personal data when you engage with our services. The typical places that personal data are collected include:

When you use our website, including filling in forms;
When you communicate with us about our services;
In the course of receiving services, such as providing information to our staff or responding to requests from staff during a scan;
If you respond to a request from us to a survey.

We describe below the types of personal data that we may collect from you:

Name and contact information such as email, address and phone number.
Information related to your job if it is relevant to your care and treatment.
Details of the services you have accessed.
Treatment notes and reports about your health and any treatment you have received.
Your feedback and treatment outcome information.
Information surrounding complaints and incidents which may have arisen.
Recordings of calls, inbound and outbound.
Any other personal information we collect in the ordinary course of providing our services or in operating our business or in connection with your enquiry or healthcare pathway.

Information about your health, racial or ethnic origin, genetic and biometric data and sexual orientation is classified as ‘special category data’. We will only process this information on the basis that it is necessary for medical diagnosis, the provision of health care services and research purposes, and/or with your consent.

How do we collect personal data?

Most of the personal data we process is provided to us directly by you. However, sometimes we will receive personal data and special category personal data from third parties, such as:

your GP
a primary healthcare provider such as a hospital where you have been referred for other healthcare services
a family member

In these cases, you will typically have consented to the sharing of your personal data by such persons for the purpose of your healthcare treatment. We will use your personal data for the purpose of your healthcare treatment.

If you give us personal data on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can:

give consent on their behalf to the processing of their personal data
receive on their behalf any data protection notices

Who may we share your personal data with?

We may share data with such persons or third parties as are necessary in our view to enable your healthcare to be delivered. This may include:

the NHS
your GP
any hospital in which you are or will receive treatment
NHS Integrated Care Boards
Local authorities
Healthcare providers generally
Data controllers and processors involved in your healthcare pathway
Suppliers who we appoint to help us provide our services to you

We will only share your personal data with the above if it is necessary for the purpose of your healthcare treatment. Suppliers must meet our strict requirements about the security and privacy of your personal data.

What we do with the information we have

Under data protection legislation (including Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR), we may only process your personal data if one of the following lawful bases apply, which will be considered on an individual basis.

(a) We have your consent. You are able to withdraw your consent at any time. You can do this by contacting us. (Please refer to “How do you contact us?” below)
(b) We have a contractual obligation with you that requires us to process your personal data
(c) We have a legal obligation to process your personal data
(d) We have to protect your vital interests
(e) We need it to perform a public task
(f) We have a legitimate interest to process your personal data

The lawful basis we will usually apply for processing your personal data is our legitimate interest to do so.

The legitimate interest is for the purpose of patient healthcare. Processing is necessary to achieve this where we are acting as a data controller of health data and we need to book patients for clinical appointments and perform, and report, clinical practice.

The purpose we need to process your data is for some or all the following reasons:

for the purpose of your treatment
compliance with legal, regulatory and corporate governance obligations and good practice
gathering information as part of inspections by regulatory bodies or legal proceedings or requests
operational reasons, such as recording services, training and quality control
staff administration and assessments, monitoring staff conduct, disciplinary matters
improving our services by conducting statistical analysis and research (in this case your data will be anonymised meaning your data will not be identifiable to you)
enabling us to meet your healthcare pathway generally

Monitoring and recording communications

We may monitor and record communications with you (such as telephone conversations and emails) for quality assurance, training, fraud prevention and compliance purposes.

How is your personal data stored?

Your personal data is securely stored on locations which are strictly governed by our data security framework. This provides appropriate organisational and technical security measures to prevent unauthorised access or unlawful processing of your personal data and to prevent personal data being lost, destroyed or damaged. We continually strive to ensure our data security framework offers a robust defence against breaches of data security including through audits. We are accredited with ISO 9001 Quality Management System and ISO 27001 Information Security Management Standard.

Transferring data outside the UK

In some cases, we (or our data processors) may need to transfer data outside of the UK, for example to provide triage or reporting services, and to enable us to deliver services effectively for our patients. We only transfer data overseas:

to countries within the EEA (European Economic Area that are subject to data protection rules equivalent to UK legislation
to countries that have been assessed by the UK Government to provide an adequate level of protection for processing of personal data; or
otherwise, if we have ensured that appropriate safeguards are in place to ensure that personal data is transferred securely and with equivalent protections to UK data protection standards.

For how long do we hold your personal data?

We will hold your personal data on our systems only for as long as is necessary to respond to and manage your enquiry.

We will hold your personal data only for as long as it is necessary in accordance with our Data Retention Policy which is available on request. (Please refer to “How do you contact us?” below.)
Where you have provided consent for us to process your personal data, please note that you have the right to withdraw this consent at any time.

Who has access to your personal data from the website?

We may disclose your personal data to other companies within our group. We will not pass on your personal data obtained through our websites to any third party except as required by law.

Use of Cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. We use cookies on our website.

Google Analytics uses cookies to collect visitor information, including your IP address from our website. We can then access this information to help us understand how visitors use our site and to improve the website.

If you would like to find out more about cookies, or how you can stop their use in your browser (although please be aware that this may mean that some functions of the site are no longer available to you), please visit www.allaboutcookies.org , or if you would like to view information from Google please visit www.google.com/intl/en/analytics/privacyoverview.html

Do Not Track (DNT)

Please note that this website does not monitor or respond to Do Not Track browser requests.

What rights do you have?

Under data protection legislation, you have rights including:

Right of access: you have the right to ask us for copies of your personal data. This is called a “Subject Access Request”. Please send your request to dataprotection@inhealthgroup.com.
Right to rectification: you have the right to ask us to rectify personal data you think is inaccurate or to complete information you think is incomplete.
Right to erasure: you have the right to ask us to erase your personal data in certain circumstances.
Right to restriction of processing: you have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to object to processing: you have the right to object to the processing of your personal data in certain circumstances.
Right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Right not to be subject to solely automated decisions: you have the right including related to profiling not to be subject to processes that do not involve human intervention.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

We will need to verify your identity by reference to your driving licence, passport, and utility bill or similar showing your name and address. To exercise any of these rights you need to contact us, please refer to “How do you contact us?” below.
Lodging a complaint

If you have reason to complain about how your personal data has been controlled or processed by us, please contact us by email at complaints@inhealthgroup.com.

We shall try to resolve your queries promptly and, if you remain unsatisfied, you have the right to contact the Information Commissioner’s Office at:

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

How to exercise your data protection rights and contact us

If you wish to exercise any of your data protection rights, please send your request to dataprotection@inhealthgroup.com.

Please contact/email the Data Protection Officer (details below) to request a Subject Access Request Form. If you have any questions about this Privacy Notice or the personal data we hold about you or you wish to exercise any of your rights, please contact us on:

Name: Data Protection Officer
Address: Beechwood Hall, Kingsmead Road, High Wycombe, Buckinghamshire HP11 1JL
Phone Number: 01494 560036
E-mail: dataprotection@inhealthgroup.com

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this notice occasionally to ensure you are aware of the most recent version that will apply each time you access this website.

This Privacy Notice was most recently updated in September 2023.

LUNG CANCER SCREENING PRIVACY NOTICE

Introduction

Lung Cancer Screening (LCS) aims to invite people identified as being at increased risk
of lung cancer due to their age and smoking history, for a lung health check. Depending on the results, people may then be offered a CT scan in a convenient place, close to home.

The programme builds on several landmark studies, including the 2018 NELSON study, which has reported a 26% reduction in lung cancer deaths when high-risk patients had a lung health check and CT scan. It also follows successful trials in Manchester, Liverpool, and Nottingham. During the
Manchester trial, 65% of lung cancers were diagnosed at stage 1 and 13% at stage 4, compared to 18% at stage 1 and 48% at stage 4 before the trial.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data
will be kept and when, why and with whom your data may be shared.

The Notice sets out the legal basis we have for processing your personal data and explains the effects of refusing to provide the personal data requested. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us

What personal data do we collect about a child and where from?

Information from your telephone triage appointment, nurse appointment and possible CT scan and your GP Practice will be kept on a register of people who meet the eligibility criteria to provide this
service and monitor your needs and the quality of care provided. The register holds your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence addresses, and details of your GP Practice, as well as details of your medical record related to your lung health.

Who do we share your personal data with?

The Lung Health Check Service will keep information about you and your lung care to ensure we deliver a safe and quality service. The register is maintained by InHealth, an NHS Business Partner contracted by the NHS to deliver
this service.

If you are eligible for a CT scan, your images will be securely transferred directly to a sub-contracted automated lung nodule detection tool, then onto the local Trust or a a sub-contracted Radiologist reporting service and then communicated to InHealth and the local hospital trust Radiology departments. InHealth will issue the results to you directly via letter.

Dispatch of Invitation and Result Letters
To send appointment and result letters, InHealth use a letter dispatch service provided by iMail/Synertec who securely print and dispatch our letters via Royal Mail business class. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

Gov.uk Notify Service/Voodoo
Gov.uk Notify/Voodoo provides a text messaging service which is used by InHealth to send text messages to patients in relation to their appointments. To support this, your mobile telephone number and time/venue of your appointments is shared with Gov.uk Notify/Voodoo. This data is used only for this purpose and is retained for a short period to allow for monitoring of service
performance.

How long do we keep your personal data for?

We will keep your information for the length of the contract of the Lung Cancer Screening service. After this time, we will securely transfer your data and images to the new provider under instruction from the NHS Commissioner, then delete all personal data in a secure manner.

Who has access to your personal data?

The security arrangements that protect your privacy ensure that your data is only accessed by staff involved in the delivery of the Lung Health Check Service, and healthcare professionals involved in your care working for InHealth or the NHS and only for the purposes of direct care.

How will we communicate with you?

We will communicate with you via letter and text (SMS) message regarding your Lung Health Check. If you wish to talk to us about your communication preferences, please call the Bookings Office.

What legal basis do we have for using your information?

InHealth is commissioned by the local Trust/ICB to deliver this service in support of your direct patient care. Patients are referred to the service via your GP Practice. You can opt-out of the service by letting the Bookings Office know. If you are eligible for a CT scan the images will be provided to
your local hospital trust and we will provide results back to your GP Practice and yourself. If you do not qualify for a CT scan, we will provide the results to your GP Practice and in writing to yourself.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:
• Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
• Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
• Controlling access for different user roles, so only certain data required for a specific role is accessible
• Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
• Regular testing of our technology including keeping up-to-date on the latest security updates.

No personal data will be transferred outside the UK.

Can you access the information we hold?

Please contact/email the Data Protection Officer (details below) to request a Subject Access Request Form.

Name: Data Protection Officer
Address: Beechwood Hall, Kingsmead Road, High Wycombe, Buckinghamshire, HP11 1JL
Phone number: 01494 560036
Email: dataprotection@inhealthgroup.com

DIABETIC EYE SCREENING PRIVACY NOTICE

Introduction

The NHS in England operates a national Diabetic Eye Screening Programme (DESP) to prevent sight loss. InHealth Intelligence is pleased to have been commissioned by NHS England & NHS Improvement to support the delivery of diabetic eye screening for over 1 million people with diabetes across several local programmes.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data will be kept and when, why and with whom your data may be shared.

The Notice sets out the legal basis we have for processing your personal data and explains the effects of refusing to provide the personal data requested. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about you and where from?

Information from your eye screening appointment (including your results and images), your GP Practice and the Hospital Eye Service will be kept on a register of people with diabetes to provide this service and monitor your needs and the quality of care provided. The register holds your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence addresses and details of your GP Practice, as well as details of your medical record related to diabetes and eye health.

Who do we share your personal data with?

The DESP will keep information about you and your diabetes care to ensure we deliver a safe and quality service. The register is maintained by InHealth, an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Diabetic Eye Screening Invitation and Result Letters InHealth currently send invitation, reminder, and result letters for over 1 million people with diabetes. We therefore use a letter dispatch service provided by Synertec Ltd and UK Mail who securely print and dispatch our letters via Royal Mail business class. Details of your name, address and appointment are provided to support this service. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

Voice Messaging Service InHealth engages Yakara Ltd to generate appointment reminder telephone voice messages. Details of your name, telephone number and appointment are provided to support this service. The information is only retained for a short period which allows the reminder telephone calls to be made. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

Gov.uk Notify Service Gov.uk Notify provides a text messaging service which is used by InHealth to send text messages to patients in relation to their screening appointments. To support this, your mobile telephone number and time/venue of screening appointments is shared with Gov.uk Notify. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

Training and Research for Ourselves and Other Third Parties If you have consented for such sharing, your data may be used for training and research purposes internally or shared with other third parties involved in the improvement of retinal screening. This will only occur with your explicit consent.

How can I opt-out of my images being used for research and training?

This is very easy to do, just email our Data Protection Officer at dataprotection@inhealthgroup.com. Simply title your email ‘Opt-out’ and provide your name, address and contact number in the body of the email.

How long do we keep your personal data for?

We will keep your information for the length of the contract we have with NHS England to supply the diabetic eye screening service. After this time, we will securely transfer your data and images to the new provider under instruction from NHS England, then delete all personal data in a secure manner.

Who has access to your personal data?

The security arrangements that protect your privacy ensure that your data is only accessed by staff involved in the delivery of the Diabetic Eye Screening Programme, and healthcare professionals involved in your care working for InHealth Intelligence or the NHS and only for the purposes of direct care.

How will we communicate with you?

We will communicate with you via letter, text (SMS) message and voice message regarding your diabetic eye screening. If you wish to talk to us about your communication preferences, please call the Bookings Office.

What legal basis do we have for using your information?

The Secretary of State delegates several public health functions to NHS England. The public health functions agreement 2017 – 2018 enables NHS England to commission certain public health services which will drive improvements in population health, and this agreement sets out the service specifications which are to be commissioned to satisfy those public health functions. One such service is the National Diabetic Eye Screening Programme, and so it is commissioned by NHS England to discharge part of its public health duties.

NHS England has responsibility to ensure that the Diabetic Eye Screening service is seamless from entry in primary care through to integration with NHS management, treatment and care including working with NHS Hospital Trusts/Hospital Eye Services.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:

Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
Controlling access for different user roles, so only certain data required for a specific role is accessible
Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
Regular testing of our technology including keeping up-to-date on the latest security updates
We do not transfer personal data out the UK unless you explicitly consent to your data being used for research purposes with other third parties involved in the improvement of retinal screening but only within the European Economic Area (EEA).

Can you access the information we hold?

Please contact us to request a Subject Access Request Form.

Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

CHILD HEALTH INFORMATION SERVICE PRIVACY NOTICE

Introduction

Child Health Information Services (CHIS) are commissioned by NHS England to support the monitoring of the care delivered to children.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about children and will explain how and why their personal data is used. We will also explain how long the data will be kept and when, why and with whom the data may be shared.

The Notice sets out the legal basis we have for processing children’s personal data. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about a child and where from?

Screening, physical examination and vaccination services are monitored to ensure that every child has access to all relevant health promoting initiatives. In support of this the CHIS maintains a record of all children from birth up to the age of 19 and receives data from General Practice, maternity departments, health visitor providers, screening providers and school age vaccination providers.

Who do we share your personal data with?

The CHIS will keep information about all children to ensure we deliver a safe and quality service. The service is maintained by InHealth, an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Newborn Baby Blood Spot Result Letters InHealth currently send newborn blood spot result letters via Synertec Ltd and UK Mail who securely print and dispatch our letters via Royal Mail business class. Details of your name and address are provided to support this service. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

How long do we keep your personal data for?

We will keep a child’s information for the length of the contract we have with NHS England to supply the CHIS. After this time, we will securely transfer the data to the new provider under instruction from NHS England, then delete all personal data in a secure manner.

Who has access to your personal data?

In support of child services this data is shared with healthcare professionals involved in delivering NHS services to children:

GP Practices
Newborn (Neonatal) Hearing Screening
Newborn Blood Spot
Independent Midwives
Safeguarding Team
Local Education Authority
School Immunisation Providers (SIPs)
0-19 Services (Health Visitor Providers)
Maternity Departments
Other CHISs located outside the region (supporting children as they move around)

How will we communicate with you?

We will communicate with you via letter regarding newborn baby blood spot results.

What legal basis do we have for using your information?

The Secretary of State delegates several public health functions to NHS England. The public health functions agreement 2017 – 2018 enables NHS England to commission certain public health services which will drive improvements in population health, and this agreement sets out the service specifications which are to be commissioned to satisfy those public health functions. One such service is the CHIS, and so it is commissioned by NHS England to discharge part of their public health duties.

How do we protect a child’s information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:

Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
Controlling access for different user roles, so only certain data required for a specific role is accessible
Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
Regular testing of our technology including keeping up-to-date on the latest security updates
We do not transfer personal data out the UK unless you explicitly consent to your data being used for research purposes with other third parties involved in the improvement of retinal screening but only within the European Economic Area (EEA).

Can you access the information we hold?

Your GP Practice has access to all the information we hold about you or contact us to request a Subject Access Request Form.

Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

HYDROXYCHLOROQUINE (HCQ) MONITORING SERVICE PRIVACY NOTICE

Introduction

In 2017/18, the Royal College of Ophthalmologists (RCO) published guidance recommending that all patients on Hydroxychloroquine (HCQ) be monitored for retinal deterioration. It states that a baseline examination should be carried out initially and then annual monitoring after 5 years on treatment. Patients on HCQ with additional risk factors identified should be monitored annually after 1 year of treatment.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data will be kept and when, why and with whom your data may be shared.
The Notice sets out the legal basis we have for processing your personal data and explains the effects of refusing to provide the personal data requested. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about a child and where from?

Information from your eye monitoring appointment (including your results and image files), your GP Practice and the Hospital Eye Service will be kept on a register of people prescribed HCQ to provide this service and monitor your needs and the quality of care provided. The register holds your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence addresses, and details of your Hospital Consultant and GP Practice, as well as details of your medical record related to your eye health.

Who do we share your personal data with?

The HCQ Monitoring Service will keep information about you and your HCQ eye care to ensure we deliver a safe and quality service. The register is maintained by InHealth, an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Invitation and Result Letters To send appointment and result letters, InHealth use letter dispatch services provided by Synertec Ltd and UK Mail who securely print and dispatch our letters via Royal Mail business class. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

Gov.uk Notify Service Gov.uk Notify provides a text messaging service which is used by InHealth to send text messages to patients in relation to their appointments. To support this, your mobile telephone number and time/venue of HCQ monitoring appointments is shared with Gov.uk Notify. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

How long do we keep your personal data for?

We will keep your information for the length of the contract we have with Southampton City CCG to supply the HCQ monitoring service. After this time, we will securely transfer your data and images to the new provider under instruction from Southampton City CCG, then delete all personal data in a secure manner.

Who has access to your personal data?

The security arrangements that protect your privacy ensure that your data is only accessed by staff involved in the delivery of the HCQ Monitoring Service, and healthcare professionals involved in your care working for InHealth Intelligence or the NHS and only for the purposes of direct care.

How will we communicate with you?

We will communicate with you via letter and text (SMS) message regarding your HCQ monitoring. If you wish to talk to us about your communication preferences, please call the Bookings Office.

What legal basis do we have for using your information?

InHealth has been commissioned by Southampton City CCG to deliver this service in support of your direct patient care. Patients are referred to the service via University Hospitals Southampton (UHS) and we will provide results back to UHS, your GP Practice and yourself.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:

Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
Controlling access for different user roles, so only certain data required for a specific role is accessible
Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
Regular testing of our technology including keeping up-to-date on the latest security updates.
No personal data will be transferred outside the UK.

Can you access the information we hold?

Please contact/email the Data Protection Officer (details below) to request a Subject Access Request Form.

Name: Data Protection Officer
Address: Beechwood Hall, Kingsmead Road, High Wycombe, Buckinghamshire, HP11 1JL
Phone number: 01494 560036
Email: dataprotection@inhealthgroup.com

Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

ANALYTICS PRIVACY NOTICE

Introduction

InHealth provides several analytic products to General Practice, including:

Long term condition clinical dashboards produce reports on all aspects of the various diseases from a Primary Care perspective to help improve outcomes for patients and Practices alike
NHS Health Check Reporting tool will help support General Practice and Local Authorities to meet the targets set by Public Health England
Childhood Vaccination and Immunisation Reporting tool improves General Practices data management of vaccinations and immunisations helping to achieving targets set by the Department of Health, NHS England and Public Health England
Risk Stratification and Case-Finding tool identifies high risk patients who will benefit immediate and early intervention
Our Medicines Optimisation tool aims to help GPs have more time available for medication reviews, ultimately leading to improved patient outcomes
Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data will be kept and when, why and with whom your data may be shared.

The Notice sets out the legal basis we have for processing your personal data. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about a child and where from?

We host and display the product-related information exported to your GP Practice in a meaning format (reports) to enable them to monitor your needs and the quality of care provided more efficiently. The dashboard holds your full name, NHS number, gender, date of birth, ethnic group, phone number(s), correspondence address and medical data such as condition-related medical history.

Who do we share your personal data with?

Our analytic products host information about you and your care to ensure your GP can deliver a safe and effective service. InHealth, an NHS Business Partner contracted by the NHS England & NHS Improvement or your CCG to deliver this service. The security arrangements that protect your privacy ensure that your data is only accessed by your GP Practice and if required (with your GP Practice’s permission) for software investigation by those working for InHealth.

How long do we keep your personal data for?

We will keep your information for the length of the contract. After this time, we will securely delete all personal data.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:

Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
Controlling access for different user roles, so only certain data required for a specific role is accessible
Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
Regular testing of our technology including keeping up-to-date on the latest security updates.
We do not transfer personal data out of the UK or European Economic Area (EEA).

Can you access the information we hold?

Your GP has access to all the information we hold about you, please contact them if you wish to review your information.

Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.