Privacy Notice

Partnering Health Limited (PHL) – Information Sharing Protocol

Fair Processing Notice (Also known as Privacy Notice)

Your information; what you need to know

Partnering Health Limited wants all service users to feel confident about the security and privacy of any personal information that we may hold or process.

A core principle of the Data Protection Act 1998 and the EU General Data Protection Regulation (GDPR) is to be transparent and provide accessible information to individuals (patients, clients and other parties) about how personal data held by PHL is used and provide assurance that all data is processed fairly.

To meet this requirement PHL has a duty to produce a Fair Processing Notice.

What PHL do

PHL provides a range of 24 hour primary care, integrated urgent care, and outpatient based acute healthcare services to both NHS patients, detained persons within Hampshire Constabulary and patients wishing to pay for their own treatment.
The majority of patients that we offer services are residents of Hampshire and the Isle of Wight.

What sort of information is collected and held by PHL?

PHL will keep a record of basic details for all patients that access our services, this includes address, date of birth, NHS number and records of any treatment you have received from us.
PHL records all calls that are received or made by our call centre, and some calls received into Best Practice South and primary care centres.

A lawful basis for processing data?

The first key principle of GDPR is that data controllers need to process personal data lawfully, fairly and transparently.

Article 9 (2)(h) processing is necessary for the purpose of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care systems and services or treatment of health or social care systems.

Data Protection Officer

PHL has appointed Julie Worth, Head of Quality and Governance, as the Data Protection Officer (DPO). The DPO has overall responsibility for managing and reviewing protocols to ensure compliance with GDPR.

Categories of personal data

GDPR applies to personal data, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier including name or NHS number.

PHL also controls and processes special category of personal data regarding health.

Who in PHL collects data and information and has access to information?

Any member of staff who is directly involved in offering a healthcare service may collect data from patients, this includes receptionists, administration staff, healthcare professionals, doctors, and members of our Quality and Governance team who undertake audits and handle complaints.

All staff members sign a confidentiality agreement as part of their terms of employment and undertake annual information governance (data protection) training to refresh their skills and understanding.
How is information collected and stored by PHL?

PHL takes our obligation to protect the privacy and confidentiality of all our patients and customers seriously.

We collect data largely through our interactions with patients in providing primary healthcare services and this is securely recorded into one of our patient administration systems.

PHL has an IT infrastructure which meets all national and legislative guidelines to ensure that information is collected and stored securely.

Patients accessing services in Best Practice South will have a paper based clinical record and this is stored securely on site at Best Practice. Primary care and custody healthcare centres will also keep paper based clinical records which will kept under secure conditions at these centres.

Any online enquiry forms which are completed by a patient or enquiry are transmitted securely from the website to the appropriate member of staff. The enquiry is then completed and all records are deleted.

What is the source of this data?

Data flows into PHL via various sources including:
• Directly from NHS 111
• Directly from the patient
• Directly from Hampshire Constabulary Custody staff requesting an intervention
• Directly from a health or social care professional
• Directly from a carer or relative

Why we will collect information about patients and customers

PHL keeps records about the health care treatment and advice we have given to all patients that access one of our services. We also collect information to support forensic examination on behalf of Hampshire Constabulary for detained persons referred to the custody healthcare service.

It is important that we keep a record in order to ensure that PHL is providing the best possible care, and to share where appropriate, with other healthcare agencies in order to equip them with relevant and important information to provide ongoing care.

How will any information collected or stored be used by PHL?

PHL will only collect or store information to effectively provide and deliver healthcare services. For example, it is important that we record what advice has been given to any patient that attends a PHL service for any healthcare intervention.

How and why are PHL records shared with the NHS?

Integrated urgent care services and Best Practice South will always pass on information relating to any treatment or advice received to a patient’s registered GP. This allows the registered GP to hold a full and detailed record of a patient’s clinical history and pathway to better inform future healthcare advice and treatment.

As well as being passed to your registered GP, your anonymised information may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development and monitor NHS performance. Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. Where it is not sufficient to use anonymised information, personal identifiable data may be used, but only for essential NHS purposes. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.

We share your information for health purposes with your GP Practice and with NHS Digital. We will also share your information with NHS Trusts for example your local Hospital, NHS 111 or Ambulance service. For patients registered at Guildhall Walk Healthcare Centre it is often necessary to share information to facilitate a referral for further specialist care. Your NHS number allows NHS Digital to link records to the clinical outcome data collected when 111 or 999 patients attend other healthcare services, for example an A&E department or GP.

The custody healthcare service will at times refer detained persons onto partner support services and a record of these referrals will be kept and referral rates anonymously reviewed and monitored.

The NHS Number is classified as a personal data, which means individual details could be identified, however, it is also the most secure form of identifiable data, and the only one we will use when matching the records for linking. We also share your information with our Commissioners (the professional NHS staff who oversee our NHS contracts) to plan future healthcare services. If your personal details are needed to cross-check information that is going to be used in this way, this will be done under secure conditions by organisations that are part of the NHS or linked to it. They use the same confidentiality systems as us.

We are required by law to report certain information to the appropriate local and national authorities. This is only provided after formal permission has been given by a qualified health professional. Occasions when we must pass on information include:
• where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
• where a formal court order has been issued
Our guiding principle is that we are holding your records in strictest confidence and only share information when we know it will be used under the same restrictions that we apply to ourselves. Information Sharing with Non-NHS Organisations Information may also be required to be shared for your benefit with other non-NHS organisations from which you are also receiving care, such as social services. Where information sharing is requested by non-NHS organisations, we will not disclose any health information without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it. We may be asked to share basic information about you, such as your name and address which does not include sensitive information. This would normally be to assist them to carry out their statutory duties.

What is the impact of sharing information on patients and customers?

The intended impact of data sharing is to equip partner healthcare organisations with update to date information regarding a patient’s medical history and current care pathway to allow the right decisions to be made regarding any ongoing treatment required. Information shared with agencies such as social services is intended to enable up to date records and inform decisions around further involvement required to safeguard or protect vulnerable or at-risk children and adults.

Withdrawing consent to share personal information

At any time, patients and customers have the right to advise PHL that they do not wish for their information to be shared. The possible consequences will be fully explained to you and could include details in receiving care.

Information collected or stored for marketing purposes

PHL does not collect or store information for marketing purposes. However, we do operate a Facebook page for Guildhall Walk Healthcare Centre and Best Practice South to enable the services to update followers regarding service access, opening times and specialist services such as travel vaccine clinics and ole removal clinics etc. Followers of this page have chosen to opt in to access ongoing updates and we do not store their information anywhere else.

Accessing your health record

Under the Data Protection Act 1998 you have the right to request a copy of any information we hold on you. If you want to access your health records you should make a written request to Head of Quality and Governance, PHL, First Floor Cowplain Centre, 26 – 30 London Road, Cowplain, Waterlooville, PO8 8DL or PHL’s Whiteley office – Ailsa House, 3 Turnberry House, The Links, Plot 4400 Parkway, Solent Business Park, PO15 7FJ.


Consider whether you want a digital log of your visit to any of PHL’s websites to be recorded in your browser. If you don’t want a record to be kept, you can choose to delete your browser history afterwards or view our pages in incognito mode / private browsing, which won’t store your browser history, cookies, or search history after you’ve closed your browsers. However, you are not invisible. Using incognito mode / private browsing does not hide your browser history from your internet service provider, us or your employer (if you are using a company device).
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of various PHL websites may become inaccessible or not function properly.

Your Rights

GDPR includes a number of rights and these include the following;
Right to be informed – Your right to be informed is met by the provision of this privacy notice and similar information when we communicate with you directly.
Right of access – You have the right to obtain a copy personal data that we hold about you and other information specified in the GDPR, although there are exceptions to what we are obliged to disclose.
A situation in which we may not provide all the information is where in the opinion of an appropriate healthcare professional disclosure would be likely to cause serious harm to you, or somebody else’s physical or mental health.
Right to rectification – You have the right to ask us to rectify any inaccurate data we hold on you.
Right to erasure (‘right to be forgotten’) – You have the right to request that we erase personal data about you that we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding legitimate grounds to continue to process the data.
Right to restriction of processing – You have the right to request that we restrict processing of personal data about you that we hold. You can ask us to do this for example, where you can test the accuracy of the data.
Right to data portability – this is right is only available where the legal basis for processing under GDPR is consent or for the purpose of a contract between you and PHL. For this to apply the data must be held electronically.
Right to object – You have the right to object to processing of personal data about you on grounds relating to your particular situation. The right is not absolute and OHL may continue to use the data if we can demonstrate compelling, legitimate grounds.
Right in relation to automated, individual decision making including profiling – you have the right to object to being subject to a decision based solely on automated processing, including profiling. Should PHL perform automated decision making we will record this in our privacy notice and ensure that you have an opportunity to request that the decision involves personal consideration.
Right to complain to the information commissioner – if you have any concerns or comments about how we use your data, we would like to hear from you. Alternatively, you may contact the information commissioners office (ICO) for guidance and advice or to lodge a complaint. The ICO can be contacted at by post Wycliffe House, Water Lane,, Wimslow, Cheshire, SK9 5AF. Telephone 0303 123 1113 (local rate 01625 545 745 (national rate)



Last Updated: January 4th 2019

  • Latest Tweets