Privacy Notice
This privacy notice entails all the information you, as a service user or data subject needs to know about what we do with the patient data we collect and process in order to run our service.
How We Process Your Data
When a “patient” (service user) uses our service, we are required to process and store data in order to provide the necessary amount of care.
The data we process falls within your vital interest within article six of the GDPR and the data we retain fall within the lawful obligation as stated in article 6 of the GDPR.
​
EBPCOOH (East Berkshire Primary Care Out of Hours Service) is a data processor on behalf of NHS England and the local NHS authorities, who are our data controllers.
​
In order to provide medical health care as provisioned by NHS England and local authorities, we request patient’s data in order for us to process each patient to ensure they receive the care they need. The Data EBPCOOH collects on each patient is necessary as without it EBPCOOH would not:
​
-
Be aware that the correct patient is receiving care
-
Be able to contact or visit a patient that is in need of care
-
Be able to refer patients if necessary
-
Be able to view patients’ previous medical history and notes
-
Be unable to update patients’ medical history and notes
-
All of the above come under our necessary right to process due to vital interest of our service users.
​
Adastra
NHS England 111 Service
For details on which systems the NHS 111 services use, please refer to your local 111 service’s website. Note: SCAS (South Central Ambulance Service) covers the 111 Service for the east Berkshire region: https://www.scas.nhs.uk/
Vocare cover the 111 service for Richmond: http://vocare.org.uk
For details on which systems other local healthcare services use to process and store data, please refer to that particular service’s website.
Data Retention
EBPCOOH are governed by NHS England guidelines – and currently store patient data indefinitely. We have a legal obligation to store patient data for at least 30 years. Currently, EBPCOOH find it necessary to store patient data indefinitely to serve the legal and vital interests and obligations that are connected with healthcare.
Consent to Contact Forms and Patient Surveys
Patients who attend our services may be asked whether they want to give consent for us to contact them on their preferred method of contact to fill out a patient satisfaction survey.
​
The survey itself is anonymised and does not ask for any personal identifiable data.
​
The surveys are only sent if necessary explicit consent has been given by a service user for us to contact them.
EBPCOOH uses a third party company named Text Local (www.textlocal.com) to send out survey links. Text local stores service user’s mobile telephone numbers in their secure UK based database centre. EBPCOOH controls the deletion of this data and all numbers are deleted monthly. EBPCOOH holds these numbers as records for a month to avoid any needless duplicated texts to service users.
​
You can view Text Local’s privacy policy here: https://www.textlocal.com/legal/terms-and-conditions/
Call Recordings
When service users ring our services directly, or when our service users receive a telephone call from one of our clinicians, these calls are recorded.
​
EBPCOOH uses a telephony company named Content Guru (http://www.contentguru.com.).
​
Content Guru stores our call recordings on their system for 30 days. Content Guru’s data storage uses a cloud based system that never leaves the UK.
​
Within these 30 days, one dedicated EBPCOOH employee has administrative rights to listen and download records, should it be necessary. The system tracks all user’s activity. Access is securely restricted and requires a username, pass code, password and RSA token secure log on number to access.
​
Once the 30 days expires, all EBPCOOH’s telephone records are downloaded onto EBPCOOH’s internal hard drive, securely locked in our IT room. This room is only accessible to senior management and the IT manager. The PC to gain access to the hard drive is securely locked and requires password authentication to access which is restricted to one dedicated user within the organisation.
​
EBPCOOH retains call recordings for a minimum of 25 years as per NHS Guidelines, but no more than 30 years.
A signed copy of Content Guru’s addendum to contract with EBPCOOH that explains in detail their compliance is available upon request. Please email ebpc.ig@nhs.net for a copy.
​
When service users ring our services directly, or when our service users receive a telephone call from one of our clinicians, these calls are recorded.
​
EBPCOOH uses a telephony company named Content Guru http://www.contentguru.com
​
Content Guru stores our call recordings on their system for 30 days. Content Guru’s data storage uses a cloud based system that never leaves the UK.
​
Within these 30 days, one dedicated EBPCOOH employee has administrative rights to listen and download records, should it be necessary. The system tracks all user’s activity. Access is securely restricted and requires a username, pass code, password and RSA token secure log on number to access.
​
Once the 30 days expires, all EBPCOOH’s telephone records are downloaded onto EBPCOOH’s internal hard drive, securely locked in our IT room. This room is only accessible to senior management and the IT manager. The PC to gain access to the hard drive is securely locked and requires password authentication to access which is restricted to one dedicated user within the organisation.
​
EBPCOOH retains call recordings for a minimum of 25 years as per NHS Guidelines, but no more than 30 years.
This Website
We are committed to protecting your privacy. You can access our website without giving us any information about yourself.
​
When you visit our website we collect standard information to distinguish you from other users of our website. This information does not identify you as an individual and is used for statistical purposes to help us tailor our website to deliver the best possible user experience.
​
We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data.
​
Where we do collect personal information through online forms or for recruitment purposes, you consent to our use of the information as set out in this privacy policy.
​
What is a cookie?
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.
For more information about cookies, including how to view the cookies that have been set and how to manage or delete them, please visit www.allaboutcookies.org.
What is an IP Address?
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number used by computers on the network to identify your computer. IP addresses are automatically collected by our web servers so that data (such as the web pages you request) can be sent to you.
Web server log files are used to record information about our site, such as system errors. Log files do not contain any personal information or information about other sites which you have visited, and we do not view, track or store this information.
Links to other websites
Please be aware that our site may link to other websites which may be accessed through our site. If you follow a link to any of these websites, please note that they will have their own cookies and privacy policies.
We do not accept any responsibility or liability for the privacy and security practices of such third party websites and your use of such website is entirely at your own risk.
Kent and Medway Care Record (KMCR)
EBPC are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data.
For further information about the Kent and Medway Care Record and the ways in which your data is used for this system please click here.
EBPCOOH uses Adastra software to process and store patient data, as well as receive data from the 111 service and transfer data to patient’s medical practices or other healthcare services where necessary.
​
For details on Adastra’s privacy notice and how they store and process data, please refer to: www.oneadvanced.com