Adult Social Care Privacy Notice

Privacy Notice - Whole Systems Integrated Care (WSIC)

The Adults Social Care Department in the Royal Borough of Kensington and Chelsea is a participant in WSIC. The Privacy Notice set out below is produced by the North West London ICS, of which the Royal Borough of Kensington and Chelsea is a member. A more detailed Privacy Notice is available from the NWL ICS Website.

Introduction

WSIC refers to the Whole Systems Integrated Care Programme, and is sometimes referred to as WSIC, WSIC Dashboard, WSIC Integrated Care Record. It is an electronic record used by health and care professionals to record key information about your care. It’s different from previous records as all the health and social care teams involved in your care can share a summary of relevant information from your health and social care records, providing a joined-up history of your care. The record holds your contact details, your date of birth and your NHS number, as well as details about your health and treatment.

Who are we?

WSIC has been established by health and social care providers (for example: GPs, hospitals, mental health and community providers, and social services) from across North West London. For the purposes of the Data Protection Act, these partners collectively form the North West London ICS and are the data controllers for WSIC. More information on who they are and what they do, can be found on the North West London ICS webiste.

You can contact the Data Protection Officer at [email protected] or via our postal address:

Data Protection Officer, NWL ICB,
1st Floor,
15 Marylebone Road,
London,
NW1 5JD

Please mark your correspondence with ‘Data Protection Officer’. You can find more information about the role of the DPO here.

How we collect your data

If your health or care organisation is part of the WSIC programme then data will be automatically extracted from your health and/or care records, and processed to create an ‘integrated record’. Any organisation which participates in the programme will have agreed, and be bound by the terms of the North West London Digital Information Sharing Agreement and data will be processed according to the North West London Information Sharing Protocol.

You don’t need to do anything for this to happen. This is because your health and/or care organisation have legal responsibilities when delivering their services, to share information where this will facilitate care for an individual. It is on this basis that data is collected and processed.

What data do we collect?

The information collected includes your name, address, postcode, your date of birth and your NHS number, as well as details of your health and treatment.

How we use your information

This information is collected to produce an electronic record or dashboard of key information about your care. It provides a joined-up view of your care and allows your health and care team to access a complete picture of your care wherever they are, making the treatment you receive safer and more accurate. Medication history, diagnosis, alerts and allergies are among key information shared among all your care organisations and means that:

  • you won’t have to explain your medical history over and over again to different people
  • you won’t need to repeat details about your medications, treatments or medical history every time you see a new health or care professional
  • you can be more involved in decisions about your care to support your health and well-being

Find out more about why integrated care is so important to people and their families by listening to their stories on the Vimeo website.

Your data is also used to support the improvement of health and care services across North West London. Researchers, doctors and people running health services use small amounts of information which doesn’t directly identify you to understand how our health is changing and the best ways to plan services, monitor safety and evaluate NHS policy. This information is called ‘de-personalised data’. They won’t be able to identify you from this information. De-personalised data is information about your care. It doesn’t include:

  • name
  • date of birth
  • phone number
  • email
  • address
  • NHS Number

You can find out more about de-personalised data and how data is used in the NHS on the Understanding patient data website.

Improving health and care services

De-personalised data will be shared with Clinical Commissioning Groups (CCGs) to help them understand what types of services the NHS should provide and where. This will help them to commission better health and care services for you.

Research

The information from patient records is valuable to help understand more about disease and develop new treatments. The NHS may collaborate with academic researchers and industry partners to do this. To find out more about research work in North West London, please see the Imperial College health partners website.

Who will see my data?

Your WSIC Dashboard/Record will be seen only by health and care professionals directly involved in your care. This includes GPs, consultants, nurses and care co-ordinators. Authorised researchers will be able to view your de-personalised data, but this will not identify you.

How long is my data kept for?

Your data will be kept in line with NHS Guidance (see Records Management Code of Practice for Health and Social Care 2016 below), which sets out what people working with or in NHS organisations in England need to do to manage records correctly. It's based on current legal requirements and professional best practice. Appendix 3 of the Code contains detailed retention schedules and sets out how long records should be retained, either due to their ongoing administrative value or as a result of a statutory requirement. In the case of your WSIC record it is made up of many components therefore the longest retention period applies and they are kept until 10 years after death.

Please note that this retention period is being applied by the NHS, to include all of their data. Your social care record itself will be maintained in line with the council’s social care retention periods, which will differ and will depend on the nature of the services and support you received prior to your case being closed.

Where is my data stored?

Your data is processed and stored on servers based in the United Kingdom. These are secured by state of the art datacentre facilities, with robust technical and organisational controls in place. The facilities and services we use are audited annually to make sure the highest standards are maintained.

Can I access my information?

You have the right to access information we hold about you. You can do this at any time by contacting us through our contact page.

Can I request my information is updated if I think it is incorrect?

If you believe any of your information is inaccurate then you have the right to request that it is updated. You may also request that access to your information is restricted until the correction is made. Please use the contact page to get in touch.

Can I opt-out?

When it comes to providing you with the best possible care, health and care professionals who are involved in your direct care need to have as much information as possible so they can make informed decisions about you. This information is identifiable, and you do not have a right to opt-out of such uses by law as consent (in a data protection context) is not the lawful basis on which the information is shared in the first place. Such information is only made available on a need-to-know basis and all these professionals owe you a duty of confidence, they will only use this information when acting in your best interests.

When using your de-identified data for secondary purposes within the de-identified environment, it is contextually anonymised to any users who access the data and therefore absolutely protects your confidentiality, on that basis and in line with law and available guidance you are neither asked to optin, nor are you permitted to opt-out of such uses.

Please see the section below for how the National Data Opt-Out affects opt-outs in respect of secondary purposes. 

National Opt-Out

The National Data Opt-Out was introduced in May 2018, following recommendations from the National Data Guardian.

The National Data Opt-Out does not apply to personal confidential data being used for direct health and social care purposes. Health care providers specifically require this information to provide immediate and direct care to an individual.

Where the National Data Opt-Out does apply is in respect of secondary purposes, which are purposes beyond the immediate and direct aspect of the care for that individual. Key examples of secondary purposes are research and planning.

Following guidance from the National Data Guardian, the National Data Opt-Out only allows patients to opt-out of personally identifiable, confidential data being used for secondary purposes. English case law (R (Source Informatics) v Department of Health [2001] Q.B 42) dictates that, if data is anonymous, it loses the necessary quality of confidence to make it confidential. This means that organisations can use patients’ data for research and planning purposes if it has been through a de-identification process (in line with the current ICO code of practice for anonymisation) and it is therefore no longer possible to use that data to identify an individual person from it. The de-identified database complies with the ICO code of practice for anonymisation. As such, the entire database is considered to be de-identified and can be used for secondary purposes, without prejudicing the confidentiality of patients.

This decision was made following a review by the National Data Guardian, which heard that the public were satisfied with anonymous data being used for secondary purposes. The National Data Guardian also found that the majority of purposes beyond those of direct care do not actually require personal confidential data to identify individuals, and that these purposes are of considerable benefit to commissioners, planners, and researchers. It was considered that the possibility of an opt-out where the dataset would be removed entirely would have a negative impact on health services’ ability to use the information for research and planning. 

With the above in mind, although the majority of data being used for secondary purposes is already anonymised, patients have the option to opt-out of having their confidential patient information shared for reasons beyond their individual care, for example for research and planning. However, this will not affect their de-identified data being used for such purposes. Please refer to this link to find out more about the national data opt-out and how to set up your choices.

What can I do If I have any concerns?

If you have any concerns, or are unhappy about how your data is being used please get in touch through any of the contact methods below:

  • email: [email protected]
  • in writing: WSIC Dashboards Team, NWL ICB, 1st Floor, 15 Marylebone Road, London, NW1 5JD

Alternatively, you can raise a concern with the Information Commissioners Office (ICO) who are the UK data protection regulator who will investigate your complaint. Please see the Information Commissioner’s website for more details.

Last updated: 23 February 2023