Respecting your privacy

Website privacy statement

Healthcare Improvement Scotland fully respects your right to privacy. In strict accordance with the Data Protection Act (1998), we treat any personal information you supply to us with the highest standards of security and confidentiality.

Healthcare Improvement Scotland fully respects your right to privacy. In strict accordance with the Data Protection Act (1998), we treat any personal information you supply to us with the highest standards of security and confidentiality. To ensure that we process your personal data fairly and lawfully we are required to inform you:

  • why we need your data
  • how it will be used and
  • who it will be shared with

This information also explains what rights you have to control how we use your information.

Healthcare Improvement Scotland is registered as a data controller with the Information Commissioner (registration is Z2608541). This registration describes the kind of information we may hold about you, how it may be processed and with whom it may be shared.

The Healthcare Improvement Scotland Data Protection Policy explains how we process your personal data to ensure compliance with Data Protection principles. It relates to information we collect about:

  • visitors to our websites
  • complainants and other individuals in relation to a data protection or freedom of information complaint or enquiry
  • people who use our services – for example, who subscribe to our newsletters or request publication from us
  • job applicants and our current and former employees
  • people who volunteer their time to work with us; and
  • patient data we process as part of our core work programmes

Use of personal information collected through our websites

To access some of the services available via our websites you will need to register with us. During the registration process you will be asked to submit personal information about yourself (e.g. name and email address). By entering your details in the fields requested, you enable Healthcare Improvement Scotland and our subsidiaries to provide you with certain services or to contact you as agreed during the registration process.

When you provide such personal information, you accept that we may retain your personal information and that it may be held by us or any third party that processes it on our behalf for the purposes of providing the information, goods or services which you have requested.

Any third parties who process personal information on our behalf are required to maintain the confidentiality and privacy of the personal information that they process for us.

In addition, we may also collect personal information from you when you correspond with us (for example, when you send us e-mail communications or send letters to us). We also collect certain information automatically about visitors to our websites, as described in the section below.

This site uses cookies and Google Analytics

Cookie Type Website Purpose
Style Session cookie All Healthcare Improvement Scotland websites Remembers your low or high graphic preference and delivers the website in that format next time you visit.
utma
utmb
utmc
utmz
Google Analytics All Healthcare Improvement Scotland websites Set by Google Inc. (a third party cookie) it tracks your interaction with each website. Information is collected anonymously and is used by Healthcare Improvement Scotland to make improvements to our websites and their usability.

Google provides more information on privacy and how this applies to Google Analytics.

uid
uvc
Add This Healthcare Improvement Scotland corporate website Set by Add This (a third party cookie) it allows you to share our web content with your social network via Facebook, Twitter, You Tube or Linked In.
Add This provide more information on how they collect and use this data.
GAPS
SNID
khcookie
NID
PREF
NID
PP_TIS_ACK
Google Maps Healthcare Improvement Scotland corporate website Set by Google Inc. (a third party cookie) it allows Google to track the number of our visitors using their maps (via our contact us pages).
These cookies will remain on your website up to 2 years after your visit. Google provides more information on privacy and how this applies to Google maps.
ASP.NET_SessionID Microsoft.NET All Healthcare Improvement Scotland websites Set by Microsoft ASP.NET (a third party cookie) it allows our websites to know when your visit (or session) has ended and when another one begins.
These cookies expire immediately when you close your internet browser. For more information visit Microsoft Support.
ASPSESSIONID {randomstring} Classic ASP session cookie All Healthcare Improvement Scotland websites Allows our websites to know when a session has ended in classic ASP function.

Information you provide through this website will only used by Healthcare Improvement Scotland, its subsidiaries, and data processors, for the purpose for which you gave it.

It should be noted that from time to time we may provide links to independent online providers of event booking, survey or other services. We check that their privacy notices assure personal data is processed in ways meeting Data Protection Act requirements. However, you may wish to read the provider’s privacy notice before consenting to give them your personal information. Please see:

Eventbrite: www.eventbrite.co.uk/privacypolicy

Survey Monkey: www.surveymonkey.com/mp/policy/privacy-policy

What laws are relevant to the handling of personal information?

The law determines how organisations can use personal information. The key laws are: the Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), relevant health service legislation, and the common law duty of confidentiality.

Within these pages we describe instances where Healthcare Improvement Scotland is the “Data Controller”, for the purposes of the Data Protection Act 1998, and where we direct or commission the processing of personal data to help deliver better healthcare, or to assist the management of healthcare services.

What types of personal information do we collect about you?

What types of personal data do we handle?

We process personal information to enable us to support the improvement of healthcare services to patients, maintain our own accounts and records, promote our services, and to support and manage our employees. We also process personal information about health care professionals who deliver services throughout NHS Scotland.

When you provide personal information, you accept that we may retain your personal information and that it may be held by us or any third party that processes it on our behalf for the purposes of providing the information, goods or services which you have requested.

Any third parties who process personal information on our behalf are required to maintain the confidentiality and privacy of the personal information that they process for us.

In addition, we may also collect personal information from you when you correspond with us. For example, when you send us e-mail communications or send letters to us. We also collect certain information automatically about visitors to our websites, as described below.

The types of personal information we use include:

  • personal details such as names, addresses, telephone numbers
  • family details for example next of kin details
  • education, training, re-validation
  • employment details, for example for those that work for us either directly or are commissioned by us to provide a service
  • financial details, where we provide payment for services
  • services, for example details of the services offered by providers
  • lifestyle and social circumstances
  • visual images, personal appearance and behaviour, for example if we are provided with CCTV images used as part of building security
  • details held in a patient’s record, where we hold the record
  • responses to some surveys

We also process sensitive classes of personal information, some of which is held only about staff.

Types of sensitive personal information we process may include:

  • racial and ethnic origin
  • offences (including alleged offences), criminal proceedings, outcomes and sentences
  • trade union membership
  • religious or similar beliefs
  • employment tribunal applications, complaints, accidents, and incident details
  • physical or mental health details
  • sexual life

Patient records we hold, i.e. with physical and mental health, or sexual life details, have direct identifiers removed before we receive them, to render them less identifying. Where a deceased individual is identifiable in or from the information we hold, the data about that individual is not covered by the Data Protection Act 1998. It is though held in confidence and covered by privacy legislation and the Access to Health Records Act 1990.

What is the purpose of processing data?

We only collect and use your information for the lawful purposes of administering the business of Healthcare Improvement Scotland. These purposes include:

  • accounting and auditing
  • accounts and records
  • advertising, marketing & public relations
  • consultancy and advisory services
  • crime prevention and prosecution of offenders
  • education
  • healthcare improvement
  • information and databank administration
  • research
  • sharing and matching of personal information for national fraud initiative
  • staff administration

How will we use information about you?

Your information is used to run Healthcare Improvement Scotland and improve healthcare. For example, it may be used to:

  • review the care given to make sure it is of the highest possible standard
  • investigate complaints or important incidents

We may keep your information in written form or on a computer. Whenever possible all information that identifies you will be removed.

Sharing your information

There are a number of reasons why we share information. This can be due to:

  • our obligations to comply with current legislation
  • our duty to comply with a court order
  • you having consented to disclosure

Healthcare Improvement Scotland is responsible for protecting the public funds it manages. To do this we may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

Retaining information

We will only retain information for as long as necessary. Records are maintained in line with the NHS Scotland retention schedule. This says the length of time records should be kept.

Security of your information

We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality.

All staff are required to undertake annual information governance training and are provided with information governance policies and procedures that they are required to read, understand and agree to adhere to. These resources plus support available from the information governance team ensure that staff members are aware of their responsibilities. Staff follow best practice on the necessary safeguards and appropriate use of person-identifiable and confidential information.

Under the NHSScotland Code of Practice on Protecting Patient Confidentiality all staff are also required to protect patient information. The code is available online here.

Everyone working for the NHS is subject to the common law duty of confidentiality.  Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.

How can you get access your personal information?

The Data Protection Act 1998 gives you the right to access the information which Healthcare Improvement Scotland holds about you, and why, subject to any exemptions. For example, requests must be made in writing and you will need to provide:

  • adequate information [for example full name, address, date of birth, staff number, etc.] so that your identity can be verified and your personal data located.
  • an indication of what information you are requesting to enable us to locate this in an efficient manner.

All requests for personal information held by Healthcare Improvement Scotland should be sent to the information Governance Team.

Where a fee is applicable under the terms of the Data Protection Act and subsequent legislation, we will inform you in writing.

We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 40 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act.

We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through the Information Governance Team.

Freedom of Information

The Freedom of Information (Scotland) Act 2002 provides any person with the right to obtain information held by NHS Healthcare Improvement Scotland, subject to a number of exemptions. If you would like to request some information from us, please send your request to the Information Governance Team. Personal and confidential information is often exempt from disclosure.

Complaints about how we process your personal information

In the first instance, you should contact the Information Governance Team. Information about the rights of individuals under the Data Protection Act can be found online at:

https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/

Changes to our privacy notice

We keep our privacy notice under regular review and we will place any updates on this webpage. This notice was last updated on 20 August 2015

Data protection notification

Healthcare Improvement Scotland is a data controller under the Data Protection Act. We have notified the Information Commissioner that we process personal data, and our registration number is: Z2608541.

The details are publicly available from the:-

Information Commissioner’s Office
Wycliffe House
Water Lane,
Wilmslow SK9 5AF

www.ico.gov.uk

Phone: 0131 623 4300 available Monday to Friday 8am to 6pm, excluding Bank Holidays in England.

You can also contact the Information Commissioner’s Office for further information on data protection.

Information for job applicants

Healthcare Improvement Scotland will process information provided by applicants for the management of their application and the subsequent selection process. This involves providing details to the short-listing and selection panels. Other details are kept to help fulfil our obligations to monitor equality and diversity within the organisation and in the application process. You can find more information about the use of personal data throughout the application process.

Information will be retained on interview performance and the application in line with the retention periods of NHS Scotland.

For more information about your application and personal data contact the Information Governance Team, details are included in this notice.

How to contact us

Please contact us if you have any questions about our privacy notice or information we hold about you:

Information Governance Team
E-mail:
hcis.informationgovernance@nhs.net
Phone: 0141 225 6999 (main) available Monday to Friday 9am to 4pm, excluding Public Holidays in Scotland.

Post:  
Information Governance Team
Healthcare Improvement Scotland
5th Floor
Delta House
West Nile Street
Glasgow G1 2NP