It is important that you understand that we may share your information with others. We may share your personal information within our group of companies and with third parties.
Sharing within the GenesisCare group
We may share your personal information within the GenesisCare group of companies.
Sharing with your medical consultant
As a GenesisCare UK patient, your treatment may be provided by a medical consultant. Medical consultants who provide you with care are required by law to maintain records about your health and any treatment or care you have received. They also make decisions about what information is collected about you, and may maintain their own set of medical records in relation to the treatment that they provide as well as sharing the records relating to your care and treatment that GenesisCare UK maintains. Consultants control this information which means they must individually comply with the data protection legislation and relevant guidance when handling your personal information and should therefore also make available to you their own privacy notice. In respect of your direct health care and treatment received through GenesisCare UK, GenesisCare UK jointly controls your information with your consultant. This means that as joint controllers, together we determine the means and purpose of processing your information for your care and treatment.
Consultants who work with GenesisCare UK (including their medical secretaries) are expected to handle your personal data in accordance with the principles set out within this Privacy Notice. This means that whenever they use your personal data, they will do so as set out in this Privacy Notice. In addition, GenesisCare and Consultants are required to adhere to the Joint Patient Data Sharing and Management Policy which we can provide to you upon request.
Consultants working with GenesisCare UK (including their medical secretaries) may process your personal information at a non-GenesisCare UK site.
If you want to find out more about the arrangements between GenesisCare UK and consultants for handling your information please let us know by contacting our Data Protection Officer (DPO), details at the foot of this Privacy Notice.
Sharing with the NHS
We may share data with an NHS Trust which has commissioned our services so that we can jointly support your care and treatment.
This means that we may collect, transfer, share and manage your data jointly in our healthcare systems for the purposes of healthcare services and related administration under a formal joint controller arrangement. Such a joint controller arrangement will set out our respective responsibilities to you with respect to:
- Our compliance with the data protection law generally;
- Our responsibilities for dealing with your rights as data subjects; and
- Our respective duties for provision of information to you.
Where joint controller relationships exist both parties must comply with data protection standards and both are responsible for addressing your rights and freedoms.
If you want to find out more about the arrangements between GenesisCare UK and NHS Trusts for handling your information please contact our DPO.
Sharing with your private medical insurer
Where the cost of your treatment and care is covered by insurance, we share your information with your insurer or the administrator of the applicable scheme of insurance. Both GenesisCare UK and your insurer are controllers of this personal information. This means that each of us individually may determine the means and the purpose of any processing of the information we hold.
Generally, we share information in order to allow each other to exercise its rights or comply with its obligations under the healthcare services arrangement we have in place, and in the case of the insurer, to manage claims and administer the schemes for insured members.
Specifically, your information may be used in the following shared activities:
- The provision of clinical quality information
- The pre-authorisation of treatment on your behalf
- Invoicing for services provided
- The notification of any serious incidents
- Assisting and cooperating in the investigation of any member complaints
- Allowing your insurer to inspect and audit our facilities
You may exercise your rights against either GenesisCare UK or your insurer where we are both controllers of the same information for the same processing purpose. Where we independently hold further information, or process information for purposes in addition to the shared purposes stated above, you should direct any communication concerning your rights to the applicable holder/processor.
Sharing with Public Health England
The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population. We will report the relevant information to local health protection team or Public Health England.
We make notifications to Public Health England and other statutory bodies in compliance with our legal obligations and where necessary to protect the vital interests of individuals.
This processing is necessary for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care on the basis of UK law.
Sharing with third parties
- We may share your personal information with the third parties listed below for the purposes identified within this privacy notice:
- A doctor, nurse, carer, pharmacist, and pathology and radiology staff involved in the analysis and reporting of diagnostic tests or any other healthcare professional involved in your treatment
- Other members of support staff involved in the delivery of your care, like receptionists and medical secretaries
- Anyone that you ask us to communicate with or provide as an emergency contact
- NHS organisations
- Other private sector healthcare providers
- Your GP
- Voluntary organisations providing on-going support
- Ancillary service and support providers where you opt to accept those services, such as the GenesisCare Exercise Clinic, counsellors and therapists
- Taxi providers where transport assistance for treatment is provided for insured patients
- National and other professional research/education/audit programmes and registries, as identified under Purpose 3 above
- Government bodies and local authority departments
- Our regulators, like the Care Quality Commission
- The police and other third parties where reasonably necessary for the prevention or detection of crime
- Our insurers
- Debt collection agencies
- Third parties to the extent required by law, regulation or court orders and statutory requests for information
- Service providers we use to support our business. These processors are trusted partners that work with us and are authorised to use your personal information only as necessary to provide these services to us. We require these third parties to comply strictly with our instructions and data protection law and we ensure appropriate controls are in place. We enter into written contracts with all our processors
- Our third party service providers such as auditors, lawyers, marketing agencies and tax advisers
- Selected third parties in connection with any sale, transfer or disposal of our business. We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.
Sharing data with the Private Healthcare Information Network (PHIN)
Genesis Care participate in initiatives to monitor safety and quality, to help ensure that patients are getting the best possible outcomes from their treatment and care. The Competition and Markets Authority Private Healthcare Market Investigation Order 2014 (“the Order”) established the Private Healthcare Information Network (“PHIN”), as an organisation who will monitor outcomes of patients who receive private treatment.
Healthcare providers providing private care are required by law to send PHIN details of each treatment episode. This will include personal data. By Article 21 of the Order, we are required to provide PHIN with information related to your treatment, including your:
- National Health Service (NHS) number, or in the case of patients from outside the UK, a suitable equivalent identifier e.g. passport number
- Your diagnosis (what you are receiving treatment for)
- Other data about your state of health
- The procedure you have undergone
- The date you came into hospital, and the date you left
PHIN also collect NHS patient data to enable it to consider all the treatment carried out by a particular consultant or provider, and to monitor outcomes, with a view to forming a complete and fair picture of the nature and quality of their services. For NHS patients, PHIN collect the same information as for private patients listed above, save that NHS numbers are not collected.
PHIN, like us, will apply the highest standards of confidentiality. Any information that is published by PHIN will always be in anonymised (unidentifiable) statistical form and will not be shared or analysed for any purpose other than those stated.
Further information about how PHIN uses information, including its Privacy Notice is available at www.phin.org.uk. We will be happy to print a copy for you if you prefer.