The Herts SARC is managed and staffed by Mountain Healthcare Limited, we are a private company commissioned by NHS England and Hertfordshire Police to provide services, including the employment of the staff who work at Herts SARC. Mountain Healthcare is committed to maintaining the confidentiality and rights to privacy of all our service users, staff and contractors across the services we provide. We take our responsibilities for data protection seriously and maintain robust processes to safeguard the personal information we hold in order to carry out our business. This Privacy Notice explains how we collect, process, transfer and store the personal information of our service users, staff and contractors which forms part of our accountability and transparency under the General Data Protection Regulation (GDPR) 2018.
How we will meet the principles of GDPR
In order to meet the principles of GDPR, we will ensure that we seek a lawful basis for collecting, processing and sharing personal information. We prefer to do this through ensuring we obtain consent from the individual. However, in some cases we may be required to process and share information by law and/or to keep individuals safe from harm. This document outlines what information we may collect and who it will be shared with. We will always make sure that individuals are made aware of the reasons for which their data is being collected. Mountain Healthcare will only collect and process information which is necessary for carrying out their services, and we will make every reasonable effort to keep information accurate and up-to-date. We will only keep records for as long as necessary and will take guidance on this from NHS England and the Police. All information held by Mountain Healthcare will be stored securely, with appropriate security measures in place.
What information will we collect from you?
Professionals working with you during the course of your care – such as Forensic Nurse Examiners, Crisis / Support Workers, Sexual Offence Examiners and Psychologists keep records about the care and treatment you receive and any forensics interventions that have been undertaken. This may include:
Basic details such as name, address, date of birth, phone number, and email address – where you have provided this to us, to help us to contact you
Details of people attending the SARC with you for your appointment
Details of your next of kin, and their contact details to help us to contact you
The reason you have attended the SARC, including details of what has happened to you
Notes and reports about your physical or mental health and any forensic interventions which we may undertake during your time at the SARC
Results of any tests we refer you to, where this service is provided
Information about the onward referrals we make to other support and healthcare services, including your GP, sexual health and ongoing support services
Any feedback you provide to us about your experience of your service.
Why do we collect this information about you?
Your information is used to guide and record the care you receive, and to support the Police in their investigation if you have reported to them. It is vital in helping us to;
Have all the necessary information to assess your needs and make decisions about your care
Have details of our contact with you, such as referrals and appointments so we can see the services you have received
Assess the quality of the care we give you, and all our services users
Properly investigate if you and your family have a concern or a complaint about your care
Assist the Police in their investigation, if you have reported to them
Follow up with you 6 weeks after your appointment at the SARC
Who might we share your information with?
Information to assist in the provision of your care and support Your information will be shared with the team who are caring for you within the SARC and following up on your care once you have attended.
Because the SARC and other agencies work together, we may need to share information about you with other professionals and services involved in your care. This may include:
Sexual Health services provided by the NHS or private healthcare organisations
ISVA (Independent Sexual Violence Advisor) Services
We share information to ensure that you receive the appropriate healthcare and support services following your visit to the SARC. We will only share your information if you give us your consent and it is considered necessary. You have the right to refuse or withdraw your consent to information sharing at any time. Please discuss this with a member of the SARC team at the time or once you have left our service, as this may impact on the care you receive from other services. It is important to note that a person’s right to confidentiality is not absolute and there may be circumstances when we must share your personal information from the records we hold with other agencies. In these circumstances we are not required to have your consent, examples of this are:
If there is a concern that you are putting yourself at risk of serious harm
If there is a concern that you are putting another person at risk of serious harm
If there is a concern that you are putting a child at the risk of harm
Information to assist in a criminal investigation If you have reported to the Police, we will share information with them to assist in their investigation. This may include us writing and sharing a statement with the Police at a later date. We may be required to share the information we hold about you with the courts without your consent, if we receive a court order from a judge.
Monitoring and Improvement of Services
Mountain Healthcare Ltd. are required to provide reports to our Commissioners and the Police about the services we provide, this monitors our performance and enables them to assure that the SARC continues to provide the highest possible level of care to our service users and their families. The information we provide in these reports is anonymous, so you cannot be identified and all access to and use of this information is strictly controlled. Our commitment to the highest possible standard of care also means that we undertake yearly audits of our client records, these are carried out by a small internal team of clinical staff in a strictly controlled manner. Any information provided in reports about our audits is made anonymous and only shared internally within Mountain Healthcare.
Research, Training and Education
Mountain Healthcare is actively engaged in research to help us provide the best possible care, inform how we run services in the future, shape policies and improve the experience of clients and their families. If we use your information as part of our research we remove any personal data such as your name, which would identify you. As part of the training and development of our clinical staff, we will sometimes look at medical records for the purpose of training and education. This will only take place with other professionals within Mountain Healthcare, and your personal information will not be shared. We will ask you for your consent to do this whilst at the SARC, but if you change your mind and do not want your records to be used for research, training or education then you can contact us to withdraw your consent.
Mountain Healthcare Ltd takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place. Mountain Healthcare Ltd. are registered to the Information Commissioners Office registration number: Z9725343 All the information systems used by Mountain Healthcare are implemented with robust information security safeguards to protect the confidentiality integrity and availability of your personal information. All employees are legally bound to respect your confidentiality and receive yearly training to ensure they are aware of and up to date with their responsibilities surrounding information governance standards. Any breach of patient confidentiality is treated very seriously and could result in disciplinary action for the member of staff involved, including dismissal. Our Data Protection Officer (DPO) is responsible for overseeing all activities relating to Mountain Healthcare’s compliance with data protection and GDPR, you can contact them by email via firstname.lastname@example.org if you want more information about how we keep your data safe.
How do we keep your information safe?
We are guided by our commissioners and the police about how long records about your care should be kept. The Records Management Code of Practice for Health and Social Care Act 2016 sets out best practice guidance on how long we should keep your information before we are able to review and securely dispose of it.
How can I access the information you hold about me?
Under the Data Protection Act you have the right to access the information we hold about you both on paper and electronically. There are some exceptions to this however, which include:
If information has been provided about you by someone else and they have not given their permission for this to be shared with you.
The information is considered to have the potential to cause mental or physical harm to you or someone else
All requests must be made in writing to the SARC, and we will require you to share proof of identity with us before we can disclose your personal information.
If you would like to make a complaint about how your personal information has been used, you can contact our Data Protection Officer, who will investigate your concerns and contact you with a response.
If you would like further advice or to report a concern directly to the UK’s independent authority you can do this by contacting the Information Commissioners Office: Information Commissioners Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF