Everything we do with information about living people – such as how we collect it and who we share it with – has to comply with the Data Protection Act. A key part of this is being open about how we use information and what rights you have in respect of it.
This notice tells you what information we collect and process about you when you ask for or get help from our Adult Social Care services.
What information do we hold
We collect and process information about people who have agreed to have support from our Adult Social Care services or who have been referred to our adult safeguarding services by others concerned for their welfare. The information we hold about you varies according to the service you are having but might include the following -
- Name,
- Address,
- Date of Birth,
- Ethnicity,
- Contact details,
- Next of Kin,
- Relationships and details of people who are Next of Kin, including those you have asked to act on your behalf,
- Information recorded as part of your referral to our services,
- Information recorded in an assessment of your support needs,
- Health Information,
- Relevant Case Information including records of visits or contacts with you made as part of your care,
- Information about your Mental Capacity,
- Details about other agencies involved in supporting you,
- Financial Information and National Insurance Number,
- Risks,
- NHS Number.
If you are receiving support from Adult Social Care then the NHS may share your NHS number with Adult Social Care. This is so that the NHS and adult social care are using the same number to identify you whilst providing your care. By using the same number the NHS and adult social care can work together more closely to improve your care and support. We will use this Number in an integrated care record system across a number of support services including GPs, hospitals, community matrons, district nurses and social care practitioners. If you wish to opt-out from the use of your NHS Number for social care purposes, please talk with your practitioner
In some cases we will have access to other sources of information that allow us to confirm your eligibility for a service. This means that we can refer to information you’ve already provided to another organisation so that you do not need to provide it to us as well. For example, we access information held by the Department for Work and Pensions (DWP) to check eligibility in some cases when completing a Financial Assessment.
The information we collect is recorded in paper files, in databases and in electronic folders on Cambridgeshire County Council’s secure network where it is accessible only to staff who need to see it to do their jobs. Staff who visit you might keep paper notes about their conversation with you but these will usually be destroyed once relevant information is transcribed to our electronic systems. Some of the information in our databases can be accessed remotely on mobile devices, by staff who visit you in your home.
Why do we have it and what do we use it for
If you approach the Council for help we will need to process your information to meet our statutory duties to you as outlined in the Care Act 2014 and the Mental Capacity Act 2005. For Data Protection purposes, this means we collect and use your personal information under the 'public task' lawful basis.
The Care Act 2014 places a duty on us to work closely with Health colleagues to ensure the best level of care is delivered to our citizens. It also requires us to consider whether any universal preventative services or other services available locally could help adults and older people stay well for longer and to safeguard people from harm. The Mental Capacity Act requires us to ensure that people make their own decisions about care and support wherever possible and to ensure that where they cannot, decisions are made for them in their best interests.
We use the information we have about you or your representative to assess your care needs, to draw up a plan of support with you, manage and monitor the quality of our services and to make our statutory statistical returns to government.
We collect only the information that we need to carry out these functions and we ensure that it is used and stored safely and securely.
All staff who have access to information about you will have received training on data protection and information security and they work to a code of conduct which requires them to respect the confidentiality of the information about you that they have access to in order to do their jobs.
Who we share information with and why
We will share information about you with other organisations and people as part of providing care and support to you. The types of organisations and people we may share information with includes:
- Hospitals and community health services,
- Your GP,
- Care home , home care and other social care providers,
- Family members and other people who might be helping care for you,
- Members of community or voluntary services,
- Housing providers,
- Courts,
- The Police,
- Our finance and legal departments,
- National Government Departments,
- Independent regulators or investigators.
We are able to share this information without your specific consent when it is reasonable and necessary to do so to fulfil our public tasks, or in respect of special category data it is in the substantial public interest to do so. The law imposes safeguards to protect your privacy in these circumstances.
We will also share your information, subject to contractual and other legal safeguards, with organisations contracted by us to provide a service to us or directly to you. These service providers are known as data processors and have a legal obligation under GDPR and to us to look after your personal information and only use it for providing that service.
Some of the services we provide are regulated by The Care Quality Commission or Ofsted. This means that when we are Inspected, the Inspectors have the right to request access to the records held by Adult Social Care as part of their regulatory responsibilities.
Working with Health organisations
Many of the services we deliver are fully integrated with health organisations and this means information about you might be accessible by both health and social care professionals. We enable access to shared records in order to prevent you from having to tell your story more than once to different people, and to make sure that the people supporting you know everything they need to in order to support you well.
Details about you may also be included in information shared with organisations, such as the Department of Health and Social Care, as part of understanding the health and care needs of the population and how these can be met. This will often be done in a way that means you cannot be identified, although in some cases it will involve sharing personally identifiable, personal level data.
NHS National Data Opt-out
The NHS National Data Opt-out Programme gives you the right to opt out of your confidential patient information being used for reasons other than your individual care and treatment (such as for research and planning purposes). More details can be found on the national website: National data opt-out - NHS Digital.
How we look after your information
All information sharing is done with reference to the principles set out in the Cambridgeshire and Peterborough Information Sharing Framework : https://www.cambridgeshire.gov.uk/council/data-protection-and-foi/information-and-data-sharing/information-sharing-framework. This requires anyone we share information with, or who uses it on our behalf, to adhere to Data Protection law and to handle information securely.
The sharing of information in health and social care is guided by the Caldicott principles. These are:
Principle 1 - Justify the purpose(s) for using confidential information.
Principle 2 - Don't use personal confidential data unless it is absolutely necessary.
Principle 3 - Use the minimum necessary personal confidential data.
Principle 4 - Access to personal confidential data should be on a strict need-to-know basis.
Principle 5 - Everyone with access to personal confidential data should be aware of their responsibilities.
Principle 6 - Comply with the law.
Principle 7 - The duty to share information can be as important as the duty to protect patient confidentiality.
We receive information about adults who might be at risk of harm via our Multi-Agency Safeguarding Hub (MASH). Our safeguarding duties mean that we will share information with a range of partners including the police, housing, drug and alcohol services in order to assess risk and to make sure that where necessary actions to safeguard are taken promptly. We are required to do this by law (Care Act).
How long we keep hold of information for
We only keep information for as long as it is needed. This will be based on either a legal requirement (where a law says we have to keep information for a specific period of time) or accepted business practice. For most records we make about your support from Adult Services this will be for 7 years after we have ceased to work with you. More detail can be found in our retention schedule.
Your Rights
Under Data Protection Legislation you have the following rights:
- Right of access (to receive a copy of your personal data),
- Right to rectification (to request data is corrected inaccurate),
- Right to erasure (to request that data is deleted),
- Right to restrict processing (to request we don’t use your data in a certain way),
- Right to data portability (in some cases, you can ask to receive a copy of your data in a commonly-used electronic format so that it can be given to someone else),
- Right to object (generally to make a complaint about any aspect of our use of your data),
- Right to have explained if there will be any automated decision-making, including profiling, based on your data and for the logic behind this to be explained to you.
Any such request can be submitted to the Data Protection Officer. Whether we can agree to your request will depend on the specific circumstances and if we cannot then we will explain the reasons why.
If you are unhappy with any aspect of how your information has been collected and/or used, you can make a complaint to the Data Protection Officer.
You can also report your concerns to the Information Commissioner’s Office at https://ico.org.uk/.
To contact our Data Protection Officer
Email: Data.protection@cambridgeshire.gov.uk
Phone: 01223 699137
Write to:
Data Protection Officer
Cambridgeshire County Council, Box No. SCO2306, Scott House, 5 George Street, Huntingdon, PE29 3AD.