Service users and the public
Whilst NAViGO is continuing to provide services in the current coronavirus pandemic, some requests for personal data or requests under Freedom of Information may be delayed. Your personal data remains protected as usual.
NAViGO already holds data regarding service users, employees and stakeholders. You may have provided this information for a specific reason and normally we would seek to inform you that the data provided would be used for a different purpose. Due to the changing situation this will not always be possible. If we already hold information regarding vulnerability, as defined in the current guidance from the Government and Public Health England, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside NAViGO, this may be with other public authorities, emergency services, and other stakeholders as necessary and proportionate to do.
We may, in this current crisis need to ask you for personal information including sensitive personal information for example your age or if you have any underlying illnesses or are vulnerable, that you have not already supplied. This is so NAViGO can assist and prioritise its services.
During this time, NAViGO will be adapting the way it communicates and offers services to you. This will be in order to protect persons coming into contact with the COVID-19 virus and to limit personal contact, unless absolutely necessary. We may offer you telephone or video contact instead of face to face in the current circumstances. This will be in line with NHS guidance and we will ensure relevant security is in place, to continue to protect your personal data. Our staff will be advised on the best way to contact you and you will be given information as necessary. We do not need you to consent to these alternative methods of communication, other than to accept the invitation to communicate by telephone or video conference. As a Healthcare Provider, we are allowed to send you necessary updates on health information, as these are not considered to be marketing.
NAViGO Health and Social Care Community Interest Company take your confidentiality and privacy rights very seriously. NAViGO is a data controller and this notice explains how we use your personal information and is part of your right to be informed about your personal data under the General Data Protection Regulation (GDPR).
Health data is what is called ‘special category data’ and as it is very personal it requires special protection. NAViGO processes your data under Article 6(1)(e) as part of our Public Task and also under Article 9(2)(h) for medical diagnosis and treatment. All this means is that we have lawful reasons to process your data and only use it for these purposes and other purposes allowed by law.
NAViGO have received direction from Dame Fiona Caldicott (National Data Guardian) that our clinicians have been given permission to look at mental health records of service user’s, even if they are not part of the care team. This has only be granted for a period of 3 months, commencing on 30 March 2020 and will only be done in absolute emergency during the COVID-19 outbreak and clinicians will have to document why they have accessed the notes. Monthly audits will be conducted to ensure that staff have followed appropriate guidelines.
Mental health and social care professionals working with you – such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care – keep records about your health and any care and treatment you receive.
This may include:
- Basic details such as name, address, date of birth, phone number, and email address – where you have provided it to enable us to communicate with you by email
- Your next of kin and contact details
- Notes and reports about your physical or mental health and any treatment, care or support you need and receive
- Results of your tests and diagnosis
- Relevant information from other professionals, relatives or those who care for you or know you well
- Any contacts you have with us such as home visits or outpatient appointments
- Information on medicines, side effects and allergies
- Patient experience feedback and treatment outcome information you provide
Most of your records are electronic and are held on a computer system and secure IT network. We may receive information about you from other people e.g. from your GP practice, a friend or relative or another health or care professional.
Your information is used to provide you with health and care services and is necessary for us to:
- have all the information necessary for assessing your needs and for making decisions with you about your care
- have details of our contact with you, such as referrals and appointments and can see the services you have received
- can assess the quality of care we give you
- can properly investigate if you and your family have a concern or a complaint about your healthcare
Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:
- Move to another area
- Need to use another service
- See a different healthcare professional
Mental Health and Social Care Professionals: Your information will be shared with the team who are caring for you and are providing treatment to you. As part of health & safety, our staff may carry a works mobile phone or a lone working device which may store location data when activated.
However, the NHS and other agencies, including social services and private healthcare organisations work together, so we may need to share information about you, with other professionals and services involved in your care.
We do this in order to provide the most appropriate treatment and support for you, and your carers, or when the welfare of other people is involved. We will only share your information outside of NAViGO if we have your consent and it is considered necessary.
We may also use your personal information if you make a complaint or are involved in an incident whilst receiving care or treatment from us. This will be in order for us to investigate your complaint or the incident.
Our Doctors use an app called S.12 solutions in order to arrange appointments with patients at various locations, which may include a hospital setting if you are an inpatient. Your name, address, NHS Number, GP Practice name and location (e.g. Hospital name and address) will be held on the app in order for the Doctor or other professional to be allocated to you for your care or assessment at a particular date and time. No medical data about you is held by S.12 solutions or on the app. S. 12 Solutions Privacy Notice can be found on their website.
Electronic Palliative Care Co-ordination System (EPaCCS): The health and care providers, who are involved in the care of a service user at the end of their life, will be able to share / access information, as part of the Humber Coast and Vale wider project. More details on their privacy notice can be found here.
Suicide Prevention Real-Time Surveillance- QES System: Real Time Surveillance (RTS) allows us to be alert to suicide clusters, monitor new and emerging trends in suicide and plan suicide prevention activity accordingly. In addition it allows us to ensure people affected by suicide are supported through the local suicide bereavement service.
RTS requires Public Health partners providing details about deceased persons to inform Suicide Learning Panels to ensure we can prevent suicide and support people appropriately.
The QES system will automatically request information and collate reports to allow us to do this across Humber. Navigo will consult with family members, prior to the disclosure of any personal details of relatives to the QES system. Family members will be consulted to be interviewed regarding the death of a loved one, and have the right to refuse for this information to be shared. Information regarding criminal convictions and offences will be gathered from the Probation Service.
Humber Long Covid Triage and Assessment Service: In November 2020, NHSEI requested that all areas set up Long Covid assessment provision for individuals who have had Covid for 12+ weeks. Across the Humber, commissioners and clinicians have taken a joint approach to developing the Humber Long Covid Triage & Assessment Service which will be hosted by City Health Care Partnership (CHCP). Patient-level data is used to improve the direct care of patients.
The Health and Social Care (Quality and Safety Act) 2015 actively puts a duty on organisations to share information for direct care. Sharing for direct care can take place across departmental and organisational boundaries. CHCP CIC will ensure that patients are made aware that their information is shared for the purpose of any future direct care. More information can be found here
HOOPS (Holistic Opt out Programme Support): Humberside Police will refer individuals to Navigo who wish to utilise the HOOPS service and consent will be obtained by police officers, prior to commencement of the holistic support activity. All parties subject to this agreement may share some or all of the following personal information:
- Conviction history
- Needs assessment
- National Insurance Number
- NHS Number
This data will be retained for the duration of programme and then closed, but not deleted, until the normal retention periods have expired, as per the Records Management Code of Practice for Health and Social Care Act 2016. Navigo will record information, document the work done with the service user and provide the Police with an outcome. Humberside Police Privacy Notice can be found here
Special Perinatal Mental Health Service
To make sure you receive the best possible care, records are kept about your health and social care needs and any treatment or services we provide. These can be kept both electronically and on paper. This information will be used to manage the care you receive within the Specialist Perinatal Mental Health Service and may include information from other health organisations such as your GP. Others in the NHS may also need to use information about you to:
- review the care we provide to ensure it is of the highest standard and quality
- protect the health of the general public
- manage the health service and ensure services can meet future patient needs
- investigate patient queries, complaints and legal claims
- ensure the Trust receives payment for the care you receive
- prepare statistics on NHS performance
- audit NHS accounts and services
- undertake health research and development
- helping to train and educate healthcare professionals
For these purposes we use anonymous data wherever possible.
Everyone working within the health and social care service has a legal duty to keep information about you confidential. We will not share information unless:
- you give us specific permission
- we have to share by law
- we have good reason to believe that failing to share the information will put your or someone else at risk of serious harm or abuse
- we hold information that is essential to prevent, detect, investigate or punish a serious crime.
The Trust shares information with National Records Locator Service (NRLS) and the Yorkshire and Humber Care Record. Both initiatives help to provide staff involved in your care access to the most up to date information about you. Please visit the Humber Teaching NHS Foundation Trust for more information.
If you would like to know more about how we use your information or if you do not wish to have your information used in any of the ways described, please raise with a member of staff involved in your care. Your care will not be affected if you wish to do this.
IESO Digital Health (UK) Limited
We are working with the above company to provide an online Cognitive Behaviour Therapy (CBT) service. Your personal data will be shared with your therapist during the provision of this service. Further information can be found in IESO's privacy notice here
Confidentiality: A person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record with other agencies. In these rare circumstances we are not required to have your consent. Examples of this are:
- If there is a concern that you are putting yourself or another person at risk of serious harm
- If we have been instructed to do so by a Court
- If the information is essential for the investigation of a serious crime
- If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
- If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases
We will not share your data for Insurance or Marketing purposes.
NHS Patient Survey Programme (NPSP) is part of the government’s commitment to ensure patient feedback is used to inform the improvement and development of NHS services. We may share your contact information with an NHS approved contractor to be used for the purpose of the NPSP.
Further information: If you need further information, you can email our Data Protection Officer on NAViGO.DPO@nhs.net
To help us monitor our performance, evaluate and develop the services we provide, it is necessary to review and share minimal information, for example with the NHS Clinical Commissioning Groups.
The information we share would be anonymous so you cannot be identified and all access to and use of this information is strictly controlled.
In order to ensure that we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports that are shared internally within NAViGO.
NHS Digital, on behalf of NHS England assess the effectiveness of the care provided by publicly• funded services – we have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires, on a regular basis to meet our NHS contract obligations.
Most of the time, NHS digital use anonymised data for planning. So your confidential patient information isn’t always needed.
However, you do have a choice about whether you want your confidential patient information to be used.
To read further details about the wider use of your confidential patient information and to register your choice to opt out of it being used for the planning and improvement of health and care services in England, please click here. If you are happy with the use of your information for planning and research purposes you do not need to do anything. However, you can change your choice at any time.
For more information about how NHS Digital use your data please visit:
Care Quality Commission (CQC) and Accessing Data
As part of their role as the Regulator of Health and Social Care Services in England, the CQC may access care records and other personal data we hold on you. For further details, please see CQC privacy notice.
NAViGO actively promotes research to provide better health and care for you, your family and future generations. Researchers can improve how physical and mental health can be treated and prevented.
As a data controller NAViGO rely upon
- Article 6(1)(e) ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller’
- Article 9(2)(j) ‘…scientific or historical research purposes’
as our lawful basis for processing your information under the General Data Protection Regulation. This means we do not rely upon your consent for our Researchers to access information we have collected about you.
However, we do rely upon your consent for you to actively take part in a research study.
We would never publish the outcome of our research studies in a way that would personally identify you.
Whilst actively taking part in a research study you would have the right to withdraw your consent at any point but you would not have the right to the information already collected as part of the research study to be erased.
If you are happy for your personal confidential information to be used for your individual care and treatment and also be used for research and planning you do not need to do anything.
However, if you do not want your personal confidential information used in this way you have the right to object/Opt out to your information being used for research and planning by registering your choice via Your NHS Data Matters.
If you do choose to opt out you can still consent to your data being used for specific individual research and or planning purposes.
For further details on how your information is used in research please visit the NAViGO Website or you can contact our Research and Development (R&D) Department.
Professor Zaffer Iqbal – Head of Psychology
Telephone: (01472) 808503
Information about our current research studies and sponsor details can be found on our Research web page.
As a healthcare provider we use and store large volumes of personal information every day and have appropriate technical and organisational measures in place to protect your information whether it is in paper or electronic format.
NAViGO is registered to the Information Commissioner’s Office; registration number ICO:04800000737
All of the Information Systems used by NAViGO, including CCTV and call recording at our inpatient units, which are hosted by F4 IT, are implemented with robust information security safeguards to protect the confidentiality, integrity and availability of your personal information. The security controls adopted by NAViGO are influenced by a number of sources including the 10 National Data Guardian Standards and guidelines produced by NHS Digital and other Government standards.
F4 IT is accredited to Industry Standard IS027001 which is an internationally recognised information security framework; registration number IMS UK/01/0715403363
All employees and our partner organisations are legally bound to respect your confidentiality and all staff must comply with our security operating procedures. Any breach of these is treated seriously, and could result in disciplinary action, including dismissal.
If any of your personal information is to be processed overseas (i.e. outside the EU) a full risk assessment would be undertaken to ensure the security of the information.
If you need further information, you can email our Data Protection Officer NAViGO.DPO@nhs.net
We are legally required to keep your health records for certain periods and all records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code).
The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.
You have a right to see the information we hold about you, both on paper or electronic, except for information that:
- Has been provided about you by someone else if they haven’t given permission for you to see it
- Relates to criminal offences
- Is being used to detect or prevent crime
- Could cause physical or mental harm to you or someone else
Your request must be made either in writing, through email or via phone call and we will request proof of identity before we can disclose personal information.
Access To Records Lead
Telephone: (01472) 583040
You also have the right to have inaccurate information corrected but this usually only applies to factual information about you and not to the medical opinions or diagnoses of professionals, even if you disagree with them.
To get further advice or report a concern directly to the UK’s independent authority you can do this by making contacting with: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 0303 123 1113. Website: https://ico.org.uk/concerns/handling/
NAViGO is a Data Controller and can be contacted at: NAViGO Health & Social Care CIC, NAViGO House, 3-7 Brighowgate, Grimsby, DN32 0SW or on telephone number 01472 583000. The Data Protection Officer can be emailed on NAViGO.DPO@nhs.net
We are collecting your personal data in order to process your membership of our group. Our lawful basis for collecting your personal information and contact details is legitimate interests for both NAViGO in providing a wider service to you and for yourself in engaging in the group. This means that we can use your data for running the group and contacting you about it.
Your data will not be shared with anyone outside of NAViGO but we may be permitted to use your data for some other purposes, such as to prevent or detect crime, to protect public funds or where we are required or permitted to share data under other legislation. If we do this, we will not need your consent, as we will rely on an exemption in the data protection legislation. We will not sell your data to any third parties.
We will keep your data for as long as you are a member of the group or whilst you are on the waiting list. If you wish to be taken off the waiting list please let us know and we will delete your information.
You have the right to access your data and to rectify mistakes, erase, restrict, object or move your data in certain circumstances. Please contact the Data Protection Officer for further information or go to our website where your rights are explained in more detail. If you would like to receive an explanation of your rights in paper format please contact the Data Protection Officer.
Any complaints regarding your data should be addressed to the Data Protection Officer in the first instance. If the matter is not resolved, you can contact the Information Commissioner’s Office at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF on tel: 0303 123 1113.
Using our website
NAViGO is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
NAViGO’s telephone calls may be recorded for training and monitoring purposes. NAViGO may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01/01/2019.
We may collect the following information:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Our website may contain links to other websites of interest.
However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.
You should exercise caution and look at the privacy statement applicable to the website in question.
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 2018.
If you would like a copy of the information held on you please write to NAViGO.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
The Data Controller
NAViGO Health and Social Care CIC
Telephone: (01472) 583000
Dr Aamer Sajjad – Medical Director/Consultant Psychiatrist
Telephone: (01472) 252366 ext. 14319
Data Protection Officer
Senior Information Risk Officer
Simon Beeton – Director of Finance
Telephone: (01472) 583063
Staff privacy notice
We collect, store and process information about prospective, current and former staff. This notice explains how we use your information, and your right to control how we use it.
NAViGO Health and Social Care CIC is registered as a data controller with the Information Commissioner’s Office (ICO) as part of the Data Protection Act 2018. We’re committed to collecting, storing and processing personal information in line with UK Data Protection Law and the UK General Data Protection Regulation (GDPR).
For the purposes of this privacy notice, the term ‘staff’ includes:
- workers, including agency, casual and contracted staff
- work experience placements
We reserve the right to update this privacy notice at any time, and we’ll notify you with a new privacy notice if we make any substantial updates. From time to time, we may also let you know about the processing of your personal information in other ways.
This is information that identifies you, like your name or contact details.
It’s important that the personal information we hold about you is accurate and up to date. Please let us know if your personal information changes during your working relationship with us.
If any changes are required please let us know by contacting your line manager in the first instance or emailing the Workforce Team.
Special category personal information
Some of the information we collect is special category data, or sensitive data, which can include:
- your race or ethnicity
- religious beliefs
- trade union membership
- health, including physical and mental health and general immunisation history
- sexual orientation
- gender identity
- criminal convictions
Extra safeguards are applied to special category information, and we must be able to demonstrate a legitimate reason to hold and use it.
In addition to information relating to your health, NAViGO may also collect and process information relating to coronavirus (COVID-19) self-isolation status, COVID vaccination status and Flu vaccination status, to help with workforce planning and ensure continuity of services.
The lawful basis will be GDPR Article 6(1)(e), that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (the provision of statutory health care services).
The exemptions in GDPR Article 9(1)(g) and 9(2)(h) will be applied, that processing is necessary for matters of substantial public interest or for the management of health care systems. The conditions in paragraphs 2 (management of health care systems) and 3 (public health) are engaged.
Laws on information processing
NAViGO will only process your personal information where we are able to do so by law, under the legal basis available through the Data Protection Act 2018 and General Data Protection Regulation 2016 (GDPR).
The legal bases we use most often to collect information are:
- entering into and managing our employment contract
- legal obligations where processing is necessary for compliance, for example, informing HMRC of your tax and National Insurance contributions
- when considering employees’ rights as potential members
- on the legitimate interests of NAVIGO as a company, where a formal assessment has been made and recorded
Where we process sensitive personal or special categories of data about you, we will ensure this is done only where one of the following conditions applies:
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller, or the data subject, in the field of employment and social security and social protection law
- processing is necessary for the purposes of preventive or occupational medicine, assessment of the working capacity of the employee, or the provision of health or social care
If you require further information about the legal basis for any specific aspect of processing please email the Data Protection Officer.
If you apply for a job
When you apply for a position with NAViGO, you will give us relevant information about you which includes:
- personal contact details
- details of your skills, qualifications, employment history, experience, and professional membership (if relevant), and training history
- referee details
If you are invited to interview
During recruitment and selection, we will collect additional information such as:
- correspondence, interview notes, and results of any tests you’re asked to complete as part of the selection process
- copies of qualifications and certificates
- pre-employment checks, including referees
- your nationality and immigration status, to confirm your eligibility to work in the UK
- your national insurance number, tax and bank details
- details of your pension
- remuneration, including salary and entitlement to benefits
- trade union membership
- criminal record
- ethnicity, gender/ gender reassignment, health, religion or sexual orientation
- medical history relevant to your employment, including physical health, mental health
- publicly available information, like your social media presence
If you become an employee
If you are employed by us, we may collect additional information like:
- your image, for security and ID badges
- education and training history
- appraisal and performance reviews
- security and audit data when you use NAViGO IT equipment and systems, including the use of NHS smart cards
- your performance, sickness absence and other work related matters
- CCTV recordings when you’re on NAViGO premises
- personal data recorded as a normal part of your work activity
- data relating to employee relations, like disciplinary proceedings or complaints
Why we collect your information
We will use your information to administer your employment and associated functions. Your information may be shared between relevant colleagues who need the information to carry out their duties, like your line manager or Workforce teams.
We use staff data to meet our legal obligations as an employer, which include:
- recruitment and selection
- compliance with visa requirements
- maintaining staff records, including payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, conduct, management progress, disciplinary and grievance process and complaints, pensions administration, and other general admin and human resource and membership related processes
- monitoring equal opportunities
- payment of trade union membership fees
- providing facilities, like IT systems access, library services and car parking
- preventing and detecting crime, like using CCTV and photo ID badges
- communicating about the Trust, including news and events
- maintaining patient health records, in line with records keeping standards
- managing safe environments and fitness to work
- managing human resources process, like sick pay, managing absence, parental leave, and workforce planning
- occupational health and wellbeing services
- service quality monitoring
- maintaining contact with former employees
We maintain electronic and paper records that relate to your recruitment and employment. This information is held by the workforce team and locally, with your line manager. All paper files are securely stored and only relevant staff will be able to access this information.
Electronic information is accessed on a need to know basis, using NAViGO’s ESR and other systems such as the NAViGO data warehouse. Some information may be held on NAViGO’s secure electronic drives, where access is only granted to appropriate individuals.
When you call the helpline they may record your contact details, and information about the issues you have raised and about any advice or support you have been given, or referred to.
They record this information in order to provide advice and to manage the service, including any future contact with you.
The information will be kept confidential and access will only be available to authorised staff within the care service. The information provided to NAViGO is a summary of the number of calls.
The legal basis for processing is our legitimate interest in providing a confidential advice and support service for the welfare of our staff.
Physical Health Checks in conjunction with Primary Care
NAViGO is working closely with GP Practices to undertake physical health checks for people who are on the GP Severe Mental Illness (SMI) register.
If you are on this register and also a NAViGO employee you may be contacted by NAViGO to offer you a physical health check each year. NAViGO has information sharing agreements in place with all GP Practices. In North East Lincolnshire we have a shared electronic patient record (SystmOne) which also includes links to GP Practices who use EMIS as their electronic patient record.
The legal basis for sharing this information has been defined as:
The processing is necessary for health or social care purposes and is for the provision of health care or treatment Articles 6(1)(e) and 9(2)(h) UK GDPR
Section 10 and Schedule 1 Part 1 para 2 Special categories of personal data.
Consent to share health care records with other health and social care organisations within North East Lincolnshire is set by the GP based around their information sharing protocols. Should NAViGO employees that are registered with an NEL Practice not want their GP to share their record with NAViGO or any other organisation for the purposes of healthcare (including the NAViGO Physical Health Service (WHISe) they can contact their GP and ask for their consent to share their record with NAViGO to be withdrawn. This will ensure that they are not contacted by NAViGO as their employer to offer a physical health check if this is something they do not feel comfortable with.
Data sharing with third parties
We may disclose personal and sensitive information to a variety of recipients when:
- there’s a legal obligation to share
- it’s necessary for the performance of your employment contract
- you have consented to the sharing
Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances, and with the appropriate security controls in place. Information is only disclosed to those agencies and bodies who have a need to know, when there is a lawful basis to do so.
Your contact details may be shared where there is a legitimate reason to do so and this is appropriate to your role and responsibilities, and recipients may include:
- our employees, agents and contractors where there is a valid reason for them receiving the information
- professional and regulatory bodies in relation to the confirmation of conduct, including complaints, job description and information provided as part of the recruitment process
- government departments and agencies where we have a statutory obligation to provide information, like HMRC and the Department of Health
- third parties who work with us to provide staff support services, like counselling
- crime prevention or detection agencies, like the police and security organisations
- the Parliamentary and Health Service Ombudsman
- internal and external auditors
- courts and tribunals
- trade union and staff associations
- relatives or guardians of an employee
- NHS Business Services Authority
NHS Business Service Authority
NAViGO also shares employee records information with the NHS Business Services Authority, which acts as a data processor.
The information you provide during the course of your employment (including the recruitment process) will be shared with the NHS Business Services Authority for maintaining your employment records. It’s stored on the national NHS Electronic Staff Record (ESR) system.
Electronic staff record (ESR)
When you start your employment with NAViGO , your personal data will be uploaded into the ESR system. IBM, who provide ESR, and its partners as service providers will be responsible for maintaining the system. This means that they may occasionally need to access your staff record, but only to ensure that the ESR works correctly.
Where this happens, access will be limited and is only to allow any problems with the computer system to be investigated and fixed as necessary. IBM and its partners will not have the right to use this data for their own purposes, and contracts are in place with the Department of Health to ensure that the data is protected and that they only act on appropriate instructions.
IBM and the ESR Central Team may access anonymised data about transactions on the ESR system in order to support the development and optimal use of the system.
Some of your personal information from ESR will be transferred to a separate database, known as the Data Warehouse. This will be used by NAViGO to report on compliance on statutory/mandatory training, sickness, PDR compliance rates, turnover and occupational health vaccination programme compliance.
The NAViGO workforce, performance teams and your line manager and operational workforce secretary will be given the appropriate access to this information which is stored confidentially and accessible via security groups using individuals’ windows authentication.
NHS flu and COVID -19 vaccination programmes
NAViGO will provide data on all staff to NHS Digital as required by the Secretary of State for Health exercising the public health functions under section 2 of The National Health Services Act 2006.
This will include:
- employee number
- date of birth
- NHS Number
The purpose is to administer and implement a National Immunisation Vaccination Service (NIVS) (flu and COVID-19) immunisation programmes for NHS staff.
The implementation of this service will deliver a centralised data capture tool for clinical teams delivering the seasonal flu and COVID-19 immunisation and is an essential component of NHS England’s response to the COVID-19 pandemic.
Particulars of staff receiving immunisation will also be provided to NIVS as part of the program. For further information see the NHS England and NHS Digital Privacy Notices.
NAViGO use specialist processors for tasks like:
- workforce planning and analytics
- expenses claims
Information may also be processed on behalf of NAViGO by Northumberland Payroll services.
This will always be carried out using a contractor compliant with Article 28 of the GDPR, and with appropriate guarantees of confidentiality.
When it comes to personal data held about you, you have the right to:
- request access
- request the correction of inaccurate or incomplete information, subject to certain safeguards
- request that your information is deleted or removed where there is no need for us to continue processing it, and when the retention time has passed
- to ask that we restrict the use of your information, based on personal circumstances
- to withdraw your consent for the collection, processing and transfer of personal information for a specific purpose
- to object to how your information is used
- to challenge automated decision making
Further information about these rights can be obtained from the Information Commissioner's Office.
If you require copies of personal information, speak to your line manager.