Your data's journey through Nuffield Health Pathology Direct
Discover how your data may be processed through our Pathology Direct Services (PDS)
Information you may be asked to provide
BOOKING YOUR APPOINTMENT
The data taken will vary depending your method of being booked for your PDS Blood Test. This can be via:
- The Nuffield Health website
- The Nuffield Health PDS booking agents over the phone
- Provided by your referring clinician or clinic
Standard information taken regardless of method of booking will include:
- Telephone Number
- Email (assistance for confirmation of bookings)
- Date of Birth
Some methods of booking may also include the following data being taken:
- Card details for payment of your required blood tests.
- The name and contact details of your GP or clinician if you wish for your results to be sent to them following testing.
Depending on your customer/patient journey, it may be your initial contact is via telephone or via the Nuffield Health PDS Direct booking website.
- Phone Call – when the call begins you will be asked a set of questions to protect your data to ensure we are talking to the right person. This may include information such as: address; date of birth; GP details if applicable & the blood tests you would like us to undertake for you.
- On Line Website PDS Booking – you will be asked to select the tests you require and complete details such as your GP details if relevant. In addition, if your card payment details are not already on the system then you will be asked for these. Also, as part of the PDS Online process you will be asked to review and accept our Terms and Conditions which includes information on how Nuffield Health manages your personal data in compliance with GDPR.
Clinical History – The discussion may include a brief clinical history from you that will help inform the suitability of certain blood test results and interpretation. Be assured this will be the minimum information we need to collect to ensure we provide you with the correct tests and subsequent any interpretation of your results has the fullest information available to us.
Where we may collect your information
As discussed above there are a number of routes to access your PDS Blood Test through Nuffield Health.
Depending on which method this is and how your appointment is being booked will vary with how we initially receive information about you, the information could be coming from:
- Yourself directly either through the website or a direct booking via the telephone
- From information you have supplied to your referring clinician
Why we need this information and how we might use it
We are required to collect the information that we have detailed above for a number of different purposes:
Data protection – personal data is required so that we can complete appropriate checks, such as call verification, to ensure we are speaking to the right person and to provide unique patient identifiers.
To provide a smooth patient journey – email addresses and telephone numbers allow us to provide booking confirmation and to contact you to book and confirm future appointments.
Payment – To enable payment for the tests required.
Testing – A number of tests offered are carried out by third party providers, with samples and test request forms referred to them.
Who your Personal Data may be shared with
Depending on your particular circumstances, we may share your data with other individuals.
Information to other health professionals – it may be necessary to share information with regards to you with another health professional who is involved in your care, analysing samples or interpreting your test results, e.g. your GP or other clinical practitioner.
Payment – payment details are shared with financial colleagues as part of normal accounting requirements.
Third Party Testing Organisations – we aim to process as many tests in house as possible. For unusual or infrequently requested tests we may share your data with Third Party providers. We have confidentiality agreements with these providers so they will handle and retain your information with the same diligence as we do.
Specimen Transport – we may send your test samples via couriers to our network of laboratories, all samples will be sent in a secure way so your data will not be visible to the courier companies.
Fair and Lawful Processing
Each organisation is required to demonstrate that they are processing personal data fairly and lawfully, to do this we must have a ‘lawful basis for processing’ personal data. Consent is probably the condition that has gained the most attention but we only rely on consent in limited circumstances e.g. to share information with a third party or your GP.
PDS will mainly be processing data based on the following lawful basis for processing:
Article 6 (1)(b) Processing is necessary for the performance of a contract to which the individual is party or in order to take steps at the request of the individual prior to entering into a contract.
Article 6 (1)(f) Legitimate interests: the processing is necessary because of a legitimate interest or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Article 9 (2)(h) Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of English Law or pursuant to contract with a health professional.
What does this actually mean?
In order to provide you with the level of support agreed to in our contracts in a safe and effective way we need to process the data discussed, and as such, we are doing so lawfully. This means we may not always ask your consent each time we use your data if what we are doing is linked to your treatment or doing something we must do by law.
Your rights in respect of your Personal Data
The law gives you certain rights in respect of the information that we hold about you. Below is a short overview of the key rights available to you.
Data Subject Access Request - with some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. Where the data is data that you have given to us, you have the right to receive your copy of it in a common electronic format, and to provide copies of it to other people if you wish (Right to Data Portability).
Right to Rectification - you have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion, such as assessments of performance or fitness to work.
Right to Erasure - in some limited circumstances, you have the right to have personal data that we hold about you erased (the “right to be forgotten”). This right is not generally available where we still have a valid legal reason to keep the data (for example, because we are obliged to do so by law).
Right to Restrict Processing - you also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, for example if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights.
The above is not a complete and exhaustive statement of the law When things go wrong - Nuffield Health pride ourselves with the quality of our services and consistent positive customer satisfaction, however, we understand that in a small number of cases you may have cause to raise a concern regarding an element of your patient journey.
It is important that Nuffield Health learn from these episodes to continually enhance services and as such we carry out thorough investigations.
In order to fully investigate your concern we may need to share information with our compliance team, senior leaders or other parties not directly involved with your care. For example, if you were referred to PDS via your insurer, GP or hospital we might need to discuss your concern with your insurer, GP or hospital staff in order to fully investigate it.
In any case, we will only share a limited amount of information, as little as is necessary to investigate the concern.
We may also need to share details of your concern with health professionals involved in your care for the purposes of the investigation. If the concern has come via a third party e.g. a regulator, body or solicitor, we may need to disclose your data with them in order to resolve, defend or investigate a concern.
How long we will keep your Personal Data for
The length of time that Personal Data is stored is set by national legislation and is outlined in Nuffield Health Policy.
Pathology test results are kept for a varying amount of time depending upon the particular type of test involved. PDS test results are held in compliance with guidance on data retention set out by the Royal College of Pathologists.
For further information about how your data may be processed or to ask any questions please email either Nick Bills: Nick.Bills@nuffieldhealth.com or Tony Harvey: Tony.Harvey@nuffieldhealth.com.
If you are not satisfied with how we handle your personal data or a request to exercise one of your rights in relation to your data, you can contact the Data Protection Officer on firstname.lastname@example.org
Should you remain dissatisfied you have a right to complain to the Information Commissioner’s Office on 0303 123 1113 or through their website https://ico.org.uk/