Privacy Policy

Background

This privacy notice lets you know what happens to any personal information that you give to us, or any that we may collect from or about you.

This privacy notice applies to any personal information processed by Prescribing Support Services.

Changes to this privacy notice
We may change this privacy notice from time to time by updating it in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website.

PSS Ltd and our Data Protection Officer
We are Prescribing Support Services (PSS Ltd), Pegasus House, 90 Otley Road, Bradford, BD18 3SA. We are a data controller of any personal information or data that we hold about you. We are registered with the Information Commissioner’s Office, our registration number is ZA136847.

We have a dedicated Data Protection Officer (DPO). You can contact the DPO using the details below, by writing to the address below (under ‘contact us’) or by emailing to info@prescribingsupportservices.co.uk and marking your e mail for the attention of the Data Protection Officer.

What kinds of personal information about you do we process?

Patients
Personal information that we hold will be to support the delivery of our services, if relevant, includes:

  • Personal and contact details, such as title, full name, contact details and contact details history.
  • Your date of birth, gender and/or age.
  • Records of your contact with us such as via our help line phone numbers for anticoagulant services and the MESH service, for example.
  • For patients in our anticoagulant services we hold details of the medical condition for which you are being anticoagulated and details of your dosing history. We also hold personal details such as title, full name, contact details and contact details history.
  • For patients receiving medicines support at home (MESH service) we make temporary written records including your name, personal contact details, your age and your medicines and the clinical information for monitoring these medicines; these are needed for our home visits. We collect data about the medication reviews on an electronic collection system; at first this is linked to your personal NHS number, but it is made anonymous for analysis.
  • From time to time PSS runs other medicine review services where we will need to hold paper records which are the same as for the MESH service.

PSS Staff
Personal information that we process for our staff members, if relevant, includes:

  • Personal and contact details, such as title, full name, contact details, contact details history.
  • Your date of birth, gender and/or age.
  • DBS and proof of identity documentation.
  • Professional registration membership number where applicable.
  • Financial details – bank details for paying salaries and for paying contractors, NI number.
  • Mandatory training evidence of completion.
  • Performance records such as contract review documentation or any compliments or complaints made about you.
  • Emergency ‘Next Of Kin’ contact details.

Stakeholders/customers
Personal information that we process about our stakeholders or customers, if relevant for e.g. contracts, includes:

  • Name
  • Email address
  • Contact details
  • Job title

Public sector post holders We will process your data on a Legitimate Interest basis. In order to inform you about our business and its services that may be of interest to you. We fully respect your rights and you may opt-out at any stage.

What is the source of your personal information?

Patients
We’ will collect personal information from the following sources:

  • From you directly
  • Information gathered from your general practice medical record
  • Information passed onto us from other NHS and social care providers who are asking us to contact you for a medicine review.

PSS staff

  • From you directly

Stakeholders/customers

  • From you directly
  • Information gathered from your general practice medical record
  • Information passed onto us from other NHS and social care providers

Public sector post holders

  • Information available in the public domain.
  • Information purchased from third party marketing data suppliers.

What do we use your personal data for?

We use your personal data for the following purposes:

Patients

  • For providing health care to you to make sure your medicines are prescribed and monitored safely and cost effectively and to improve the quality of prescribing.
  • To comply with legal and regulatory obligations, requirements and guidance.
  • To record our interventions so that the service can be evaluated by the CCG. No personal data is given directly to the CCGs.

Staff

  • To contact you on work/ contract related issues.
  • To update you on work processes, training etc. relevant to your work, and work related social events.
  • To record that you have a right to work in the UK, do not have a criminal record, are registered with a professional regulatory authority (if applicable), have insurance, and have completed mandatory checks and training, to allow you to work, and to assure practices/ CCGs of these matters and satisfy CQC requirements.
  • To pay you.
  • As part of the PSS WhatsApp group if you opt in (you can chose to opt out at any time).

Stakeholders/customers

  • To inform you about PSS activity and contract requirements
  • To update you on performance of commissioned services

Public Sector Postholders

  • To inform you about PSS services
  • To inform you about employment or training opportunities within PSS

What are the legal grounds for our processing of your personal information (including when we share it with others)?

We rely on the following legal basis to use your personal data:

GDPR Article 6 (e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller. As some of the information we hold is of a sensitive nature we also need to refer to GDPR Article 9 which gives special categories of personal (SCPD) that can be lawfully processed. The most appropriate Article 9 condition for processing SCPD in the delivery direct care or administrative purpose is Article 9(2)(h) which states processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Data subject State law or pursuant to contract with a health professional.

  1. Where it is needed to provide you with our services, such as:
    a) Monitoring and prescribing of a medicine e.g. warfarin.
    b) Performing a medication review e.g. MESH service.
  2. Where it is in our legitimate interests to do so, such as:
    a) Where we need to share your personal and medical information with health care professionals or organisations in improve the quality, safety and cost effectiveness of your prescribed medicines e.g. to your General Practitioner or to a hospital consultant and his/her team.
    b) In order to inform you about our business and its services that may be of interest to you.
  3. To comply with our legal obligations.
  4. To protect vital interest of yourself or another person such as: if you are a vulnerable patient and we have a safeguarding concern.

When do we share your personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

Patients

  1. With your GP or other members of the general practice team
  2. With your nominated community pharmacy
  3. With other health and social care providers
  4. With a hospital consultant and their team
  5. Anonymised information to the CCG for example to demonstrate activity and receive funding
  6. With a Safeguarding lead if we have concerns about you or a member of your family.

Staff

  1. With your work place to assure them that you are legitimately allowed to work in the UK, have the appropriate professional registration and have undergone mandatory training to satisfy CQC requirements.
  2. With our HR provider (Peninsula).
  3. With our accountants for payroll.

Stakeholders/ customers
We do not share your personal information with other organisations.

Consent

Consent does not need to be obtained from in order to carry out our work. This is because the lawful basis for Prescribing Support Services to process data is Article 6 1(e) 8 i.e. ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.

If we should ever need your consent to process your personal data, you can withdraw this at any time by using the contact details below.

Is your personal information transferred outside the UK or the EEA?

No

What should you do if your personal information changes?

If you are on our mailing list and your contact details change you should tell us so that we can update our records.

Do you have to provide your personal information to us?

We are unable to provide you with clinical care if we do not process certain information about you. In cases where providing some personal information is optional, we will make this clear.

Do we do any monitoring involving processing of your personal information?

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

We normally only monitor and process anonymised data (i.e. with no personally identifiable data in it). We do this for audit and quality improvement purposes.

For how long is your personal information retained by us?

We will hold your personal information for as long as we are required to by the current NHS records management code of practice; for example medical records for monitoring warfarin, and paper records made from the PSS help-lines are kept in line with NHS code of practice

Unless we explain otherwise to you, we will only keep paper records we make in the process of your care. These paper records are stored securely or kept on the professional’s person for the duration of the visit, for example:

  • Paper records e.g. your name and address for a home visit is only held until the visit has been performed. These details are then destroyed confidentially.
  • Paper notes in order to do a medicine review are held until a record of the review and actions have been entered in your patient record at your GP practice, and then destroyed confidentially.
  • Paper notes in order to update your medicines at your GP practice are held for that day and destroyed confidentially.
  • Electronic records with your NHS number are stored electronically on encrypted software for as long as necessary to securely submit this data to the NHS data analysis centre where they are anonymised and deleted confidentially.
  • What are your rights under data protection laws?

    Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we will explain at that time if they are allowed or not. The right to move, copy or transfer your personal information (‘data portability’) is only relevant from May 2018.

    • The right to be informed about the processing of your personal information
    • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
    • The right to object to processing of your personal information when the lawful basis for doing so is your consent.
    • The right to restrict processing of your personal information when the lawful basis for doing so is your consent.
    • The right to have your personal information erased (the “right to be forgotten”) when the lawful basis for doing so is your consent.
    • The right to request access to your personal information and to obtain information about how we process it
    • The right to move, copy or transfer your personal information (“data portability”)
    • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
    • You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/ . You can contact us using the details below.

      Your right to object

      You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the contact details below to exercise these rights.

      If you have concerns about an organisation's information rights practices, you have a right to complain to the Information Commissioner’s Office (ICO):

      Helpline 0303 123 1113

      https://ico.org.uk/make-a-complaint/

      Contact Us

      If you have any questions about this privacy notice, or if you wish to exercise your rights, or contact the DPO, you can contact us by:

      Prescribing Support Services,
      Pegasus House,
      90 Otley Road,
      Shipley,
      BD18 3SA.