|
Document Reference: |
PLCY07 |
|
Document Status: |
Published |
|
Version: |
1.1 |
Bristol Ambulance EMS Jacwyn House
1 Kings Park Avenue St Phillips
Bristol BS2 0TZ
Contact Details t: 0117 9729020
e: info@bristolambulance.co.uk w: www.bristolambulance.co.uk
|
DOCUMENT CHANGE HISTORY |
|||
|
Initiated by |
Version |
Date |
Comments |
|
Chris Clements |
0.1 |
12/07/23 |
Initial DraV |
|
Rob Johnson |
0.2 |
31/07/23 |
Amended to include ICO feedback on anonymised data |
|
Chris Clements |
1.0 |
01/08/23 |
Published |
|
Chris Clements |
1.1 |
24/05/24 |
Annual review |
|
|
|
|
|
|
This document may be reviewed at any time at the request of either staff or management. It will be automatically reviewed every 12 months from the date of initial approval and thereafter on an annual basis, unless organisational changes, legislation, guidance or non-compliance prompt an earlier review. |
|||
1: OVERVIEW 4
2: REGULATION 4
3: PERSONAL INFORMATION WE PROCESS 4
4: SPECIAL CATEGORY DATA WE PROCESS 4
5 HOW WILL THE INFORMATION BE USED? 4
6: WILL MY INFORMATION BE SHARED WITH ANYONE ELSE? 5
7: PROCEDURES 5
8: ADDITIONAL REFERENCES 6
The Company (BAEMS Ltd t/a Bristol Ambulance EMS.) is committed to protecting the rights and privacy of individuals (this includes patients, staff and others) in accordance with the General Data Protection Regulations (GDPR) 2016 and the Data Protection Act 2018 to which it is subject to as a data controller and processor of personal data and special categories of data.
This policy details how The Company processes (collects, uses, retains, protects & discloses) a patient's personal information. We recognise the rights a patient has over their data and acknowledge the control they exercise over how it should be used. We respect these rights and are committed to safeguarding your privacy.
Personal Data means data held either on a computer or in a paper-based filing system, which relates to a living individual who can be identified by the data.
The Data Protection Act 2018 prescribes the way the Company may collect retain and handle personal data. The Company will comply with the requirements of the Data Protection Act 2018. All employees and contractors who handle patient personal data in the course of their work must also comply with it.
Personal data relating to patients that may be collected by the Company for the purposes of treatment include:
Name
Address
Date of birth
Gender
Next of kin
Visual images for example CCTV or body camera footage
Special category data includes that may be collected by the Company includes information relating to the following matters:
Ethnicity
Religious beliefs
Any relevant medical history
Details of your physical and mental health
Disability or support needs
The information is processed by Bristol Ambulance EMS staff (these can include ambulance crews, dispatchers and control room call handlers) to determine the most appropriate response to the patient's care. Information is also processed to promote or support the provision of healthcare services to patients.
All personal information is processed on the lawful basis that:
We have a legal duty to perform our tasks in the public interest
It is necessary to protect someone's life
The patient has given their consent
The patient has given their explicit consent
It may be appropriate to share your information with other services and third parties. These can include:
Hospitals for example where a pre-alert is necessary for an acutely ill patient on route to hospital
Social Services where there is a concern for the welfare of the patient or others involved
Mental Health services where the patient has a mental illness and specific treatment is required
Dental Service providers may be contacted where the emergency relates to dental complaints
Next of kin, where the patient has requested us to make the person aware of any ongoing incident
Other ambulance services where we are acting as a contractor
Other third parties if there is a statutory basis for disclosure or a requirement to comply with a court order
Every proposed use or transfer of personal data within or from the company, is clearly defined and scrutinised to ensure that personal confidential data is only shared when absolutely necessary for your direct patient care. Where sharing personal confidential data is considered essential, the amount of identifiable information provided is limited to data necessary for the given function and in the interest of the patient's welfare.
Any data we use for research and planning is anonymised so that a patient's personal information cannot be identified.
The Company will review personal data regularly to ensure that it is accurate, relevant and up to date. This will be in accordance with The Data Protection Act 2018 & the Company's General Data Protection Regulation Policy 2023.
The Company will ensure that personal data is not processed unlawfully, lost or damaged. This will be in accordance with The Data Protection Act 2018 & the Company's General Data Protection Regulation Policy 2023.
The Company will ensure that personal data is retained safely & securely. This will be in accordance with The Data Protection Act 2018 & the Company's General Data Protection Regulation Policy 2023 & the Company's Data Retention Policy 2023.
The Data Protection Act 2018 gives you the right to access the personal data held about you by the Company.
The company will arrange for you to see all personal data held about you within 28 days of receipt of a written request. The Company will not charge a fee to comply with a standard subject access request. However, it may charge a 'reasonable fee' for the administrative costs, if a request is unfounded or excessive, or if an individual requests further copies of their data.
General Data Protection Regulations (GDPR) Act 2016
Data Protection Act 2018
BAEMS Data Retention Policy
BAEMS Anonymised & Pseudonymised Data Policy
