Copyright Disclaimer and Privacy Statement
Supplementary privacy note on COIVD-19 for patients/service users
This notice describes how we may use your information to protect you and others during the COVID-19 outbreak. It supplements our main Privacy Notic, above.
The health and social care system is facing significant pressures due to the COVID-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations including North East Ambulance Service and GPs to share confidential patient information to respond to the COVID-19 outbreak. Any information used or shared during the COVID-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the COVID-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and other health care providers. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the COVID-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the COVID-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing COVID-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
Data Controller and Data Protection Officer
NEAS is a registered Data Controller with the Information Commissioner’s Office.
Our address is:
Newcastle upon Tyne
Telephone number: 0191 430 2000
Registration number: Z4877768
The Data Protection Officer is the person to contact if you would like to know more about how we use your information and they can be contacted at: email@example.com
Your right to complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us on firstname.lastname@example.org and we will respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s Office, the contact details are as below:
Information Commissioner’s Office
Helpline number: 0303 123 1113
Retention of Records
Our Records Management Policy sets out rules for records management and retention. This Policy is based on Records Management Code of Practice for Health and Social Care 2016, which sets out what people working with or in NHS organisations in England need to do to manage records correctly. It's based on current legal requirements and professional best practice.
When you use this website
Visitors to our website including those who complete web forms
When someone visits www.neas.nhs.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
People who contact us via social media
We use a number of social media platforms to manage our social media interactions. If you send us a private or direct message via social media the message will be stored on the platform or system which you used to contact us. It will not be shared with any other organisations.
People who email us
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.
People who communicate to us for complaints, compliments and comments
We receive your name and contact details when you complete our online form here.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We may compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We will keep personal information contained in complaint files for 10 years.
People who contact us for commercial training
You can read more about what to expect when NEAS collects personal information for paramedic-led first aid, health and safety and trauma training here.
Journalists who contact us
Whenever we are called by a journalist, we record your name, email address, phone number and media organisation. This is so that we can contact you with answers to your questions, but also so that we have a record of your inquiry.
NEAS takes the view that, as a category 1 emergency responder under the Civil Contingencies Act 2004, we have an obligation to keep you informed and updated on developments.
We also believe that, as an emergency service, we have a public interest duty to keep you informed. This means that we will not be asking for your consent to keep your details. The information held is controlled by NEAS communications staff and will be used to contact you with information relating to journalistic inquiries about the public services we provide. We will also use this information to contact you to events, photo-opportunities, interviews and briefings about other health-related issues, products and services that we feel may be of interest to you.
You can change your preferences by emailing email@example.com
People who contact us for NHS care and treatment
NEAS provides NHS care and treatment for people living in North East of England, and as a Trust we:
- Receive and respond to 999 calls from members of the public
- Respond to urgent calls from healthcare professionals e.g. GPs
- Receive and respond to 111 calls from members of the public
- Provide patient transport and urgent care services
Please click here to read more about how we handle patient information.
Information we collect for recruitment and employment
You can read more about how we handle information for recruitment and employment here.
Information we share with external service providers
We use some external providers to help us provide you with the service you require. We share some of your information with them to enable them to provide these services. They cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We have contracts in place with certain providers who will provide us with certain services. This includes provision of voice recording services, facility for video interview etc. NEAS retains the role of data controller for each of these services , which means that the processors work within the NEAS contractual terms. These contractors may hold and process data including patient information on our behalf. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure. We are responsible for making sure that staff in those organisations are appropriately trained and that procedures are in place to keep information secure and protect privacy. These conditions are written into legally binding contracts, which we will enforce if our standards of information security are not met and confidentiality is breached.
Data Protection Impact Assessments
A Data Protection Impact Assessment (DPIA) helps the Trust to identify, assess and mitigate any potential privacy risks that may arise when processing personal data. DPIAs are now a mandatory requirement for any changes to current data processing practices, the launch of a new project or the adoption of a new practice or system which involves personal data. All completed DPIAs are submitted to the Information Governance Working Group for review and approval. The membership includes the Senior Information Risk Owner (SIRO) and the Data Protection Officer (DPO).
If you would like a copy of any DPIAs, please contact firstname.lastname@example.org.