Privacy Statement
BaNES Enhanced Medical Services Limited (BEMS+) provide NHS services free to patients in the B&NES area. We also provide support services to your GP practice.
This privacy notice explains how we use any personal information we collect about you as a patient of health care services provided by BEMS+ Enhanced Medical Services Limited (BEMS+) is a company registered in England and Wales under company number IP29848R with its registered office at Unit 13a, Church Farm Business Park, Corston, Bath, BA2 9AP. We are registered as a Data controller: Registration Number Z6014909. For further up to date information please see here
Why do we collect your personal information?
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare and help us to protect your safety.
We collect and hold data for the purpose of providing healthcare services to patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form. The records will include both personal and special categories of data about your health and wellbeing.
How do we collect your personal information?
We collect your personal information:
- During a consultation with one of our clinicians
- When we receive your details (such as a referral) from your current health care provider
- When you contact us or we contact you regarding a service we are providing to you
- If you contact us regarding a service we have provided to you in the past
What types of personal information do we collect about you?
Personal information about you is collected in a number of ways. This can be from referral details from your GP, other hospital or community services and directly from you.
We may collect the following types of personal information:
- Your name, address, email address, telephone number and other contact information
- Gender, NHS Number and date of birth and sexual orientation
- Details of family members and next of kin details
- Health (Medical) information, including information relating to your sex life
- Biometric data
- Genetic information
How will we use the personal information we collect about you?
We may use your personal information in the following ways:
- To help us assess your needs and identify and provide you with the health and social care that you require
- To determine the best location to provide the care you require
- To comply with our legal and regulatory obligations
- To enable us to investigate any incidents, complaints or compliments we may receive
- To help us monitor and manage our services
Text (SMS) messages
If you have provided your mobile telephone number, we may use this to send automatic appointment reminders, requests to complete surveys or to make you aware of services provided by BEMS+ that we feel will be to your benefit.
If you do not wish to receive these text messages, please let BEMS+ know.
Call recording
Recordings of calls made and received by BEMS+ may be used to support the learning and development of our staff and to improve the service we provide to our patients.
They may also be used when reviewing incidents, compliments or complaints.
Call recordings will be managed in the same way as all other personal information processed by us and in line with all current legislation.
Data processors
We may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how the data processor will handle patient information and ensure they treat any information in line with the requirements of UK General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.
How will we share your personal information?
We may share your personal information with other health and social care professionals and members of their care teams to support ongoing health and or social care and achieve the best possible outcome for you.
Any medical or health related personal information will be treated with confidence in line with the common law duty of confidentiality and the Confidentiality NHS Code of Practice.
We may be required to share information with people other than health and social care professionals and members of their care teams in order to comply with our legal and regulatory obligations. This may include:
- Care Quality Commission (CQC)
The CQC regulates health and care services to ensure that safe care is provided. The law requires that we must report certain serious events to the CQC, for example, when patient safety has been put at risk. Further information about the CQC can be found here:
- Public Health England
The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population. We will report the relevant information to local health protection team or Public Health England. Further information about Public Health England can be found here:
https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report
- Other NHS Organisations
Sometimes the practice will share information with other NHS organisations that do not directly care for you, such as the Integrated Care Board (ICB). However, this information will be anonymous and does not include anything written as notes by the GP and cannot be linked to you.
We will not share your information with people other than health and social care professionals and members of their care teams without your consent unless the law allows or requires us to.
NHS National Data Opt-out
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected in a patient record for that service. Collecting this confidential patient information helps to ensure you get the best possible care and treatment.
The confidential patient information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care where allowed by law.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information, you do not need to do anything. If you choose to opt out your confidential patient information will still be used to support your individual care.
We do not share your confidential patient information for purposes beyond your individual care without your permission. When sharing data for planning and reporting purposes, we use anonymised data so that you cannot be identified in which case your confidential patient information isn’t required.
Information being used or shared for purposes beyond individual care does not include your confidential patient information being shared with insurance companies or used for marketing purposes and information would only be used in this way with your specific agreement.
Health and care organisations that process confidential patient information have to put systems and processes in place so they can be compliant with the national data opt-out. They must respect and apply your opt-out preference if they want to use or share your confidential patient information for purposes beyond your individual care.
BEMS+ are currently compliant with the national data-out policy as we do not share your confidential patient information for purposes beyond your individual care without your permission.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters
You can change your choice at any time.
How long do we keep your personal information?
We follow the NHS Records Management Code of Practice for Health and Social Care 2021 which states that patient records should be retained for 10 years from the date of death. At that point, all personal data we hold on you will be securely deleted.
How do we keep your personal information safe and secure?
We are committed to protecting your privacy and will only use information collected lawfully. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
We adhere to the UK General Data Protection Regulation (UK GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.
Legal basis
We have been commissioned by your local clinical commissioning groups to provide a variety of clinical services across BaNES, Swindon and Wiltshire Integrated Care System, and it is necessary for us to process your personal data for the performance of this task in the public interest.
Community Dermatology Service – patients registered with BaNES General Practices
Community Deep Vein Thrombosis – patients registered with BaNES General Practices
Community Fracture and Soft Tissue Injury Service - patients registered with BaNES General Practices
Covid-19 Spring Booster - patients registered with BaNES General Practices
Covid Medicines Delivery Unit - patients registered with BaNES, Swindon and Wiltshure General Practices
Enhanced Access Service - patients registered with BaNES General Practices
Home Visiting Service - patients registered with BaNES General Practices
Rapid Diagnostic Service - patients registered with BaNES General Practices
We will use your special categories of personal data, such as that relating to your race, ethnic origin, and health for the purposes of providing you with health or social care or the management of health or social care systems and services. Such processing will only be carried out by a health or social work professional or by another person who owes a duty of confidentiality under legislation or a rule of law.
Whilst investigating an incident, complaint or complement we will process your personal data on the basis it is in your and our legitimate interest to do so with the full details required.
In some circumstances, we may process your personal information on the basis that:
- it is necessary to protect your vital interests;
- we are required to do so in order to comply with legal obligations to which we are subject;
- in the establishment, exercise or defence of a legal claim;
or
- you have given us your explicit consent to do so.
Your rights
You have a right to:
- access the information we hold about you;
- correct inaccuracies in the information we hold about you
- withdraw any consent you have given to the use of your information;
- complain to the relevant supervisory authority in any jurisdiction about our use of your information
- in some circumstances:
- erase information we hold about you;
- receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
- restrict the use of information we hold about you; and
- object to the use of information we hold about you.
You can exercise these rights by contacting us as detailed below.
How to contact us
If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Data Protection Officer at:
Data Protection Officer
Banes Enhanced Medical Services + (BEMS+)
Unit 13a, Church Farm Business Park
Corston
Bath
BA2 9AP
Or
DataProtection.Officer@Medvivo.com
How to make a complaint
You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
0303 123 1113
Changes to our privacy notice
We keep our privacy notice under regular review and we will place any updates on our website. This privacy notice was last updated on 28th March 2023.
