Following the introduction of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018, we are required to explain how we collect and use your information, how it is stored and for how long.
What information do we collect about you?
Whenever you see one of our care professionals they will make a record of their visit. They will also make a note about what happened at the visit and the support you were given.
We make every effort to ensure that the information we collect is up to date and accurate. If you have any concerns about the accuracy of the information that we hold, then please speak to your care professional(s) in the first instance.
Why do we keep this information?
We need to keep this information in order for the care professionals to see what advice, support or treatment you have had and to ensure that it is appropriate. We are also legally required to keep certain information about you. This information may also be used, in an anonymised form, for the purposes of service delivery and audits.
Why we collect information and how your information helps us is explained in our leaflet What happens to the information you collect about me.
Lawful basis for using your personal data
Where Bromley Healthcare is contracted either by Clinical Commissioning Groups (CCG) or local authority to provide Healthcare services, we will process your information under the Public Interest basis. However, in certain circumstances, e.g. Adult safeguarding, then we will be processing information as a Legal obligation.
How long do you keep my information for?
Bromley Healthcare keeps records in accordance with the Records Management Code of Practice for Health and Social Care 2016 retention schedules.
Do you share my information?
As a Data Controller, Bromley Healthcare has a number of sharing agreements with other organisations to share information for the legitimate interest of providing direct care, or to protect the vital interests of individuals; in order to prevent serious harm either to them or others. Where we do share information with other organisations, we only share the minimum amount of information necessary.
We have teamed up with Guy’s and St Thomas’ NHS Foundation Trust, South London and Maudsley NHS Foundation Trust and Kings College Hospital NHS Foundation Trust to share information through the Local Care Record. This allows the clinicians who are treating you, to be able to view clinical information from the other organisations. If you do not want your information to be shared in this way, then please contact Guy’s Patient Advice and Liaison Service (PALS), who will be able to assist you.
We also have a sharing agreement with a number of GP practices within Bromley. This allows Bromley Healthcare and the GP practice, to be able to see what treatment is being carried out, or due to be carried out, by the other organisation.
We may also share information with professionals from other organisations, e.g. Local Council, where we are working with them to provide a service to you.
There may also be times when we have to share information with other organisations when there is a statutory duty to do so, e.g. a court order.
Who can see my information?
Only staff who are involved in your treatment can view your information. This may include staff who, in the course of their duties, provide administrative support to clinicians, e.g. writing letters or arranging appointments.
In addition to legal requirements, such as the Data Protection Act, all staff are subject to the Common Law Duty of Confidentiality and the NHS Confidentiality Code of Conduct.
You can request to see this information
To request a copy of your records, you will need to approach the organisation who made the notes in the first place. They are not all held in one place. So, for example, to see notes made by your Bromley Healthcare district nurse, please contact us. To see notes made by your GP, please contact your surgery, and to see notes made by your hospital consultant, please contact the hospital.
To protect your confidentiality there are a few steps to go through so that we know we are providing information to the right person and we don’t compromise your right to privacy.
If you would like to see your health care records from Bromley Healthcare services, please email: bromh.
Access to Records
Bromley Healthcare CIC Ltd
Central Court
1 Knoll Rise
Orpington BR6 0JA
Is my information held securely?
Under Data Protection legislation, information relating to an individuals’ health is classed as a ‘Special Category of personal data’ and as such require us to ensure that appropriate security is in place to protect your information. Where we provide information to other organisations, we will also ensure that they hold your information to the same standard of security. We do not hold or process service user's information outside the UK.
Data Privacy Impact Assessments
In order to meet our requirements under the General Data Protection Regulations, Bromley Healthcare has, under certain circumstances to complete a Data Privacy Impact Assessments (DPIA). This is a process which helps assess privacy risks to individuals and identifies the legal basis for the collection, use and disclosure of information, known as processing. This helps us to ensure that the information we hold, or plan to hold, will be secure and lawful.
All new projects, initiatives and processes that involve using or sharing personal information require a Data Protection Impact Assessment to be completed at the initial stages and prior to any procurement decision being made. Once completed, all DPIA’s when are submitted to the Data Protection Officer and the Information Governance Steering Group for approval.
Objections and complaints
If you have a complaint about the way your personal data has been handled; believe it is inaccurate, held for too long or it is not secure you can contact our Data Protection Officer (DPO) who will investigate the matter. They can be contacted by e-mail at: bromh.
If you are not satisfied with the response or believe your data is not being processed in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
The ICO is the regulator for data protection and upholds information rights. More information is available on the ICO website ico.org.uk.
How we use cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies are used minimally on this website for site usage analytics. You may delete and block all cookies from this site, but some parts of the site may not work as expected.
In order to help us to improve the content, format and structure of this website we record and analyse how visitors use the website. For this purpose, we use Google Analytics.
"This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above."
We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this and we will make it clear when we collect personal information and will explain what we intend to do with it.
For more information on enabling and disabling cookies please visit About Cookies.
| Cookie | Name | Purpose | More information |
|---|---|---|---|
| Google Analytics | _utma _utmb _utmc _utmz |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
Click here for an overview of privacy at Google Click here for information on downloading a browser add-on to opt-out of Google Analytics |
| concrete5 | CONCRETE5 | This cookie is used by the website's CMS (Content Management System) to track if the user is a public guest or is logged in to an account on the website. This cookie is not used for any other purpose. | |
| Cookie notice | cookieconsent_status | Keep track of whether or not you have clicked "Got it!" on the notice about cookies on this website, so that it doesn't keep appearing when you load a page. | |
| Google Translate | googtrans | Keep track of which language has been selected from the Google Translate tool. | |
| Colour contrast | contrast-mode | Keep track of which colour contrast mode has been selected from the Accessibility Tools. | |
| Text size | saveFontSize | Keep track of the text size that has been set from the Accessibility Tools. | |
| Accessibility bar | accessibility-controls | Keep track of whether the accessibility bar is opened or closed. |