The General Data Protection Regulation (GDPR) includes rules on giving privacy information to data subjects (Articles 12, 13 and 14). These are more detailed and specific than in the DPA and place an emphasis on making privacy notices understandable and accessible. Data controllers are expected to take ‘appropriate measures’ (see Privacy Notice).
SPDNS Nurse Care CIC is a registered homecare provider, our fully trained staff provide health and social care. This Policy explains how we use any personal information we collect about employees and service users.
The information we collect
Service users - prior to commencing care individual assessment is undertaken. During assessment personal information is given by the service user/their representative which will include name, date of birth, address, next of kin, NHS number, medication & allergies. This information enables us to identify the individual and meet their individual needs. We may also seek information from the GP and other people involved in their care, with their permission.
Employees - staff are required when completing an application form to give personal information which includes name, date of birth, address, nationality, right to work in UK, next of kin, telephone contact numbers, qualifications, work history, contact details for referees, health declaration and DBS check. This information enables us to confirm the applicant's identity, their skills, experience and suitability for the role they have applied for.
How the information is stored
Personal information is securely stored in locked cupboards and filing cabinets with restricted access, on our secure drive and within our staff and service user system, which can only be accessed via an individual login and has restricted access, as required under Data Protection Regulations. Individual care records for service users and employee files for employees. Personal data is also archived and securely stored on the computer in individual files.
How the information is used
The information is required to identify and record who the individual is, relevant medical information e.g. diagnosis and medical history, prescribed medication, allergies, to ensure that our staff are fully informed and able to care for the individual safely and effectively. It will also record the individual's personal choices and wishes e.g. DNAR
Personal information about employees enables us to undertake the necessary checks during recruitment and ensure that we offer employment to the most appropriate applicants.
How and with whom the information may be shared
We may share the information we have about service users with other professionals involved in the care and support of the individual to ensure that they receive the best possible/most appropriate and timely care. Information is shared when transferring between services to ensure good continuity of care.
Information about our employees may be shared with the Care Quality Commission as part of their inspection process, with NMDS to monitor staff recruitment and retention on behalf of the Government
In all processing of personal data, we use the least amount of identifiable data necessary to complete the work it is required for and where possible, we will use pseudonymised data to protect the privacy and confidentiality of our staff and those we support.
Access to personal information, correction and removal
Each individual whose personal information we have, has the right to request a copy of the information that we hold. This can be done on written request to the Registered Manager of SPDNS, information is usually provided at no cost to the individual. SPDNS wants to ensure that the personal information that we hold is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate and request that the information is removed e.g. if an employee leaves the company or an individual is no longer being cared for by SPDNS. Such requests are to be made to the Registered Manager. NB the company is required to retain service user information for 8 years and employee information for 7 years.