Privacy Notice

Partnering Health Limited (PHL) – Information Sharing Protocol

Fair Processing Notice (Also known as Privacy Notice)

Your information; what you need to know

Partnering Health Limited wants all service users to feel confident about the security and privacy of any personal information that we may hold or process.

A core principle of the Data Protection Act 1998 and the EU General Data Protection Regulation 2018 (GDPR) is to be transparent and provide accessible information to individuals (patients, clients and other parties) about how personal data held by PHL is used and provide assurance that all data is processed fairly.

To meet this requirement PHL has a duty to produce a Fair Processing Notice.

What PHL do

PHL provides a range of primary care and outpatient based acute healthcare services to both NHS patients and patients wishing to pay for their own treatment.

The majority of patients that we offer services are accessing Out of Hours primary care services as residents of Hampshire and the Isle of Wight.


What sort of information is collected and held by PHL?

PHL will keep a record of basic details for all patients that access our services, this includes address, date of birth, NHS number and records of any treatment you have received from us.

PHL records all calls that are received or made by the Out of Hours service, and some calls received into Best Practice South and Guildhall Walk Health Centre.

A lawful basis for processing data?

The first key principle in the GDPR is that data controllers need to process personal data lawfully, fairly and transparently.

Article 9 (2)(h) processing is necessary for the purpose of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care systems and services or treatment or the management of health or social care systems.

Data Protection Officer

PHL have appointed Helen Ireton Head of Nursing as the Data Protection Officer(DPO). The DPO has overall responsibility for managing and reviewing protocols to ensure compliance with GDPR.

Categories of personal data

GDPR applies to personal data, meaning any information relating to identifiable person who can be directly or indirectly identified in particular by reference to an identifier including name or NHS number.

PHL also controls and processes special category of personal data regarding health.

Who in PHL collects data and information and has access to information?

Any member of staff who is directly involved in offering a healthcare service may collect data from patients, this includes receptionists, administration staff, nurses, doctors, urgent care practitioners and members of our Quality and Governance team who undertake audits and handle complaints.

All staff members sign a confidentiality agreement as part of their terms of employment and undertake annual information governance (data protection) training to refresh their skills and understanding.

It is imperative that the information that is supplied to PHL is accurate as failure to provide correct information will restrict our clinician’s ability to deliver safe and effective care.

How is information collected and stored by PHL?

PHL takes our obligation to protect the privacy and confidentiality of all our patients and customers seriously.

We collect data largely through our interactions with patients in providing primary healthcare services and this is securely recorded into one of our patient administration systems.

PHL has an IT infrastructure which meets all national and legislative guidelines to ensure that information is collected and stored securely.

Patients accessing services in Best Practice South will have a paper based clinical record and this is stored securely on site at Best Practice.  Primary care centres will also keep paper based clinical records which will be kept under secure conditions at the primary care centres.

Any online enquiry forms which are completed by a patient or enquiry are transmitted securely from the website to the appropriate member of staff.  The enquiry is then completed and all records are deleted.

What is the source of this data?

For the out of hours service the personal data comes from the information that is given to NHS 111.

For the private clinic and primary care services the data is given at the point of registration with the centres. In addition, the primary care centres receive data from other primary care centres where patients were previously registered.

Why we will collect information about patients and customers

PHL keeps records about the health care treatment and advice we have given to all patients that access one of our services.  It is important that we keep a record to ensure that PHL is providing the best possible care, and to share where appropriate, with other healthcare agencies to equip them with relevant and important information to provide ongoing care.

How will any information collected or stored be used by PHL?

PHL will only collect or store information to effectively provide and deliver healthcare services.  For example, it is important that we record what advice has been given to any patient that attends the Out of Hours service for an appointment.Â

How and why are PHL records shared with the NHS?

The Out of Hours Services and Best Practice South will always pass on information relating to any treatment or advice received to a patient’s registered GP.  This allows the registered GP to hold a full and detailed record of a patient’s clinical history and pathway to better inform future healthcare advice and treatment.

As well as being passed to your registered GP, your information may be used to help assess the needs of the general population and make informed decisions about the provision of future services.  Information can also be used to conduct health research and development and monitor NHS performance.  Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified.  Where it is not sufficient to use anonymised information, personal identifiable data may be used, but only for essential NHS purposes.  In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.

We share your information for health purposes with your GP Practice and with NHS Digital. We will also share your information with NHS Trusts for example your local Hospital, NHS 111 or Ambulance service.  For patients registered at primary care centres it is often necessary to share information to facilitate a referral for further specialist care.  Your NHS number allows NHS Digital to link records to the clinical outcome data collected when 111 or 999 patients attend other healthcare services, for example an A&E department or GP.

The NHS Number is classified as a personal data, which means individual details could be identified, however, it is also the most secure form of identifiable data, and the only one we will use when matching the records for linking. We also share your information with our Commissioners (the professional NHS staff who oversee our NHS contracts) to plan future healthcare services. If your personal details are needed to cross-check information that is going to be used in this way, this will be done under secure conditions by organisations that are part of the NHS or linked to it. They use the same confidentiality systems as PHL.

We are required by law to report certain information to the appropriate local and national authorities. This is only provided after formal permission has been given by a qualified health professional. Occasions when we must pass on information include:

  • where we encounter infectious diseases, which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
  • where a formal court order has been issued

Our guiding principle is that we are holding your records in strictest confidence and only share information when we know it will be used under the same restrictions that we apply to ourselves. Information Sharing with Non-NHS Organisations Information may also be required to be shared for your benefit with other non-NHS organisations from which you are also receiving care, such as social services. Where information sharing is requested by non-NHS organisations, we will not disclose any health information without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it. We may be asked to share basic information about you, such as your name and address which does not include sensitive information. This would normally be to assist them to carry out their statutory duties.


What is the impact of sharing information on patients and customers?

The intended impact of data sharing is to equip partner healthcare organisations with update to date information regarding a patient’s medical history and current care pathway to allow the right decisions to be made regarding any ongoing treatment required.  Information shared with agencies such as social services is intended to enable up to date records and inform decisions around further involvement required to safeguard or protect vulnerable or at-risk children and adults.

Withdrawing consent to share personal information

At any time, patients and customers have the right to advise PHL that they do not wish for their information to be shared.  The possible consequences will be fully explained to you and could include details in receiving care.

How long do we keep personal data records?

PHL keep data records as recommended by NHS England Corporate Records Retention and Disposal Schedule and Guidance 2016.

Information collected or stored for marketing purposes

PHL does not collect or store information for marketing purposes.  However, we do operate a Facebook page for Guildhall Walk Healthcare Centre and Best Practice South to enable the services to update followers regarding service access, opening times and specialist services such as travel vaccine clinics and ole removal clinics etc.   Followers of this page have chosen to opt in to access ongoing updates and we do not store their information anywhere else.

Accessing your health record

Under the Data Protection Act 1998 you have the right to request a copy of any information we hold on you (for which a reasonable fee may be charged).  If you want to access your health records you should make a written request to Head of Quality and Governance, PHL, First Floor Cowplain Centre, 26 – 30 London Road, Cowplain, Waterlooville, PO8 8DL.


Consider whether you want a digital log of your visit to any of PHL’s websites to be recorded in your browser. If you don’t want a record to be kept, you can choose to delete your browser history afterwards or view our pages in incognito mode / private browsing, which won’t store your browser history, cookies, or search history after you’ve closed your browsers. However, you are not invisible. Using incognito mode / private browsing does not hide your browser history from your internet service provider, us or your employer (if you are using a company device).

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of various PHL websites may become inaccessible or not function properly.

Your Rights

GDPR includes a number of rights and these include the following;

Right to be informed- Your right to be informed is met by the provision of this privacy notice and similar information when we communicate with you directly.

Right of access– You have the right to obtain a copy personal data that we hold about you and other information specified in the GDPR, although there are exceptions to what we are obliged to disclose.

A situation in which we may not provide all the information is where in the opinion of appropriate health professional disclosure would be likely to cause serious harm to your, or somebody else’s physical or mental health.

Right to rectification– You have the right to ask us to rectify any inaccurate data that we hold on you.

Right to erasure (right to be forgotten) –You have the right to request that we erase personal data about you that we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding legitimate grounds to continue to process the data.

Right to restriction of processing– You have the right to request that we restrict processing of personal data about you that we hold. You can ask us to do this for example where you contest the accuracy of the data.

Right to data portability- This right is only available where the legal basis for processing under GDPR is consent, or for the purpose of a contract between you and PHL. For this to apply the data must be held electronically.

Right to object- You have the right to object to processing of personal data about you on grounds relating to your particular situation. The right is not absolute and PHL may continue to use the data if we can demonstrate compelling legitimate grounds.

Right in relation to automated individual decision-making including profiling– You have the right to object to being subject to a decision based solely on automated processing, including profiling. Should PHL perform any automated decision-making, we will record this in our privacy notice, and ensure that you have an opportunity to request that the decision involves personal consideration.

Right to complain the Information Commissioner- if you have any concerns or comments about how we use data, we would like to hear from you. Alternatively, you may contact the Information Commissioners Office (ICO) for guidance and advice, or to lodge a complaint. The ICO can be contacted at: on line by post: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone 0303 123 1113 (local rate) or 01625 545745 (national rate).

Last Updated: June 20th 2018

  • Latest Tweets