Young Person's Privacy Notice

YOUNG PERSON’S PRIVACY NOTICE

Who are we?

Care in Mind is an independent health and social care provider offering mental health supported residential packages of care for young people aged between 16 and 25 years.

What is a Privacy Notice?

A privacy notice is a statement from us to you, that describes how we collect, use, keep and share the information we hold about you. It is sometimes called a privacy statement. We have privacy notices for everyone whose information we hold, for example, staff, people applying for jobs with us and of course for you. The privacy notice is part of our commitment to making sure that we process your personal information (sometimes called data) fairly and lawfully.

Why do I need to understand what a privacy notice is?

We believe that it is important to protect personal and confidential information and to make sure that we both take care to meet all legal and regulatory responsibilities and that you also understand the legal framework protecting your data and the choices that you have about how your data is used. This notice explains the choices that you can make about the way in which we use your information and how you have the right to change your mind at any time.

Information we collect and hold about you?

Care in Mind processes several different types of information:

Identifiable – containing details that identify an individual. This may include but is not limited to such information as name, address, CiM number, NHS number, full postcode, date of birth.
Pseudonymised – information where individuals can be identified by using a coded reference which does not show their ‘real world’
Anonymised – information about individuals with identifying details
Aggregated – statistical information about a group of individuals that has been combined to show general trends or used for benchmarking

We need to use information about you in various forms and we will only use the minimum amount of information necessary and never share any confidential information unless we have first gained your consent or if it is required in order to keep you or someone else safe. Sometimes we use information that does not identify you, for example, we might include the length of time of your placement with us, along with the data from all other young people, to work out how long on average young people stay with us in placement. This information helps us to understand our service and young people’s experiences of our services better.

Our Commitment to Data Privacy and Confidentiality

We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the General Data Protection Regulation (2018), the Common Law Duty of Confidentiality and the Human Rights Act 1998. The various laws and rules about using and sharing confidential information with which Care in Mind will comply are available in “A guide to confidentiality in health and social care” which is published on the NHS Digital website. Care in Mind also has a range of policies relating to data protection and confidentiality which you can request if you would like to read them.

Care in Mind is a Data Controller and under the terms of the Data Protection Act 1998 and the General Data Protection Regulation (2018) we are legally responsible for ensuring that all personal confidential data that we have i.e. hold, obtain, record, use or share about you, is done in compliance with this legislation.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is Z2225703 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website.

Everyone working for Care in Mind has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

All identifiable information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-‐to-‐know basis.

All health and social care organisations are required to provide annual evidence of compliance with applicable laws, regulation and standards through the Information Governance Toolkit, which show our current level of compliance as ‘satisfactory’ providing assurance to you of how we protect your information.

All of our staff and Senior Management Team receive appropriate and on-‐going training to make sure they are aware of their personal responsibilities and have requirements within their employment contracts to uphold confidentiality. All staff are trained to ensure they understand how to recognise and report an incident making sure that the organisation’s procedure for investigating, managing and learning lessons from incidents happens as it should.

We will only keep information in accordance with the schedules set out in the Records Management Code of Practice for Health and Social Care 2016. Care in Minds Records Management Policy include guidance around the secure destruction of information in line with the Code of Practice. This policy is available if you would like to read a copy.

We will never sell any information about you.

Legal Obligations

In the circumstances where we are required to use personal identifiable information, we will only do this if:

The information is necessary for your direct healthcare.
We have written consent from you to use your information for a specific purpose.
In order to keep you or someone else safe.
There is a legal requirement for us to use or provide information e.g. a formal court order or subpoena.
We have permission to do so from the Secretary of State for Health to use certain types of confidential identifiable information when it is necessary for our work.
Emergency planning reasons such as protecting the health and safety of others. For example, the outbreak of an infectious disease.

Your Rights

You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any identifiable information we hold about you.

You have the right to privacy and to expect Care in Mind to keep your information confidential and secure.

You also have a right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered.

If we do hold identifiable information about you and you have any queries about the information we hold, please contact the Information Governance Officer using the details below:

IG Officer, Care in Mind, Hope House, Unit B2, Hercules Office Park, Bird Hall Lane, Stockport SK3 0UX.

You have the right to refuse/withdraw consent to information sharing at any time by using the contact details above. If there are any consequences to withdrawing consent these will be fully explained and discussed with you first.

What to do if you have questions about how your data is being used/shared?

Care in Mind has a Caldicott Guardian, who is a senior person responsible for protecting the confidentiality of service user information and ensuring that only appropriate and lawful information sharing take places. At Care in Mind, Julie Burton, HR manager, is our Caldicott Guardian.

You can contact our Caldicott Guardian Julie Burton on jburton@careinmind.com

If you have any concerns as to how your data is processed you can contact: Dr Rachel Scullion, Senior Information Risk Owner at rscullion@careinmind.com or you can write to these individuals using the address of:

Care in Mind

Hope House

Unit B2

Hercules Office Park

Bird Hall lane

Stockport

SK3 0UX