Patient Privacy Notice

Hanham Secure Health Limited (HSH) is committed to protecting the Privacy and security of your personal information. This Privacy notice describes how we collect and use personal information about you in accordance with General Protection Regulation (GDPR) 2016 and the Data Protection Act 2018.

1. About Us

HSH is a “Data Controller”. This means that we are responsible for deciding how we hold and use your personal information about you. We are required by law under the General Data Protection Regulations and the Data Protection Act 2018 to notify you of the information contained in this Privacy Notice. This Privacy notice applies to all current employees, contractors and Bank staff. This does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.

2. Why we are providing this Privacy Notice

We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store and hold about you. The Law says:

  1. We must let you know why we collect personal and healthcare information about you;
  2. We must let you know how we use any personal and/or healthcare information we hold on you;
  3. We need to inform you in respect of what we do with it;
  4. We need to tell you about who we share it with or pass it on to and why; and
  5. We need to let you know how long we can keep it for.

If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, then please contact our Data Protection Officer.

3. The Data Protection Officer

The Data Protection Officer for the HSH is Kelly-Anne Gast. You can contact her if:

  1. You have any questions about how your information is being held
  2. If you require access to your information or if you wish to make a change to your information;
  3. If you wish to make a complaint about anything to do with the personal and healthcare information we hold about you
  4. Or any other query relating to this Policy and your rights as a patient

Kelly-Anne can be contacted here:

4. Coronavirus Pandemic – Data Protection

Coronavirus (COVID-19) Pandemic and Your Information

The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the Coronavirus (COVID-19) pandemic. The ICO also recognises that: “Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.”

The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a Notice under Regulation 3(4) of The Health Service Control of Patient Information (COPI) Regulations 2002 requiring healthcare providers to use your information to help other healthcare organisations to respond to and deal with the COVID-19 pandemic.

In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the Covid-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease.

Please be assured that we will only share information and health data that is necessary to meet your healthcare needs.

The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 30th September 2020 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.

Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.

It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.

If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.

5. How we look after your personal information when working from home during the Covid-19 pandemic

In accordance with government guidance and in order to protect the health and safety of our staff during this difficult period, some of our central staff will be asked to work from home. This means that staff may have access to any necessary personal and/or medical information in order to look after your healthcare needs.

We would like to assure you that our staff will be subject to all relevant security procedures and policies of the organisation to ensure that any information is kept safe, secure and confidential at all times. If you have any concerns about how your information may be used please contact our DPO who will be happy to assist with your enquiry.

6. Information we collect from you

  1. Your contact details (such as your name, home address)
  2. Details and contact numbers of your next of kin;- we may hold this if it’s recorded in the notes we receive from the courts or prison service but we wouldn’t actively request it
  3. Your age range, gender, ethnicity
  4. Details in relation to your medical history
  5. Correspondence this may include information relating to your conviction and/or sentence.

7. Information about you from others

We also collect personal information about you when it is sent to us from the following:

  1. A hospital, a consultant or any other medical or healthcare professional, or any other person involved with your general healthcare
  2. Community drug and alcohol services and community prescribers
  3. Avon & Somerset Police Firearms department
  4. Court Orders
  5. Immigration matters
  6. Solicitors
  7. Fire Brigade
  8. Social Services and Local Authorities
  9. Children’s homes, foster homes and/or care homes where you have previously been cared for (relevant to children and young people only)
  10. Education- Her Majesty’s Prison & Probation Service
  11. Other secure establishments where you have previously been resident

8. Your Summary Care Record

Your summary care record is an electronic record of your healthcare history (and other relevant personal information) held on a national healthcare records database provided and facilitated by NHS England. This record may be shared with other healthcare professionals and additions to this record may also be made by relevant healthcare professionals and organisations involved in your direct healthcare.

  • You have the choice of what information you would like to share and with whom.
  • Authorised healthcare staff can only view your SCR with your permission.
  • The information shared will solely be used for the benefit of your care.
  • Your options are outlined below;
  1. Express consent for medication, allergies and adverse reactions only. You wish to share information about medication, allergies and adverse reactions only.
  2. Express consent for medication, allergies, adverse reactions and additional information. You wish to share information about medication, allergies and adverse reactions and further medical information that includes: Your significant illnesses and health problems, operations and vaccinations you have had in the past, how you would like to be treated (such as where you would prefer to receive care), what support you might need and who should be contacted for more information about you.
  3. Express dissent for Summary Care Record (opt out). Select this option, if you DO NOT want any infor-mation shared with other healthcare professionals involved in your care.

Please note that it is not compulsory for you to complete  a consent form. If you choose not to complete a consent form, a Summary Care Record containing information about your medication, allergies and adverse reactions and additional further medical information will be created for you as described in point b) above.

You may have the right to demand that this record is not shared with anyone who is not involved in the provision of your direct healthcare. If you wish to enquire further as to your rights in respect of not sharing information on this record then please contact our Data Protection Officer.

To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, please visit:

Please note: if you do choose to opt out, you can still consent to your data being used for specific purposes. However, if you are happy with this use of information you do not need to do anything. You may however change your choice at any time.

9. National Data Opt-Out Programme

Information about patients’ health and care helps us to improve individual care, speed up diagnosis, plan local services and research new treatments. In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about the purposes that it is used for. You can now choose whether your confidential patient information is used for research and planning. To find out more visit:

If you would like more information about the national data opt-out, then please visit or call the national data opt-out helpline on 0300 303 5678.

To use the Next Generation Text Service (NGTS) dial 18001 followed by 0300 303 5678.

Handouts are also available in a range of accessible formats.

10. Who we may provide your Personal Information to and why

We may pass your personal information on to the following people or organisations, because these organisations may require your information to assist them in the provision of your direct healthcare needs. It, therefore, may be important for them to be able to access your information in order to ensure they may properly deliver their services to you:

  1. Hospital professionals (such as doctors, consultants, nurses, etc.)
  2. Other GPs/Doctors
  3. Pharmacists
  4. Nurses and other healthcare professionals
  5. Dentists
  6. Any other person that is involved in providing services related to your general healthcare, including mental health professionals
  7. Police
  8. Driving Vehicle Licensing Authority (DVLA)
  9. Solicitors
  10. Court Orders
  11. Immigration
  12. Fire Brigade
  13. Social Services
  14. Education

11. Other people who we provide your Information to

  1. Commissioners
  2. Clinical Commissioning Groups
  3. Public Health England (when consent is given)
  4. Local authorities
  5. Community health services
  6. For the purposes of complying with the law e.g. Police, Solicitors, Insurance Companies
  7. Anyone you have given your consent to, to view or receive your record, or part of your record.
  8. Out of Hours medical providers
  9. Partner providers involved in delivering care and treatment as part of an integrated health partnership, including:
    • Avon & Wiltshire Mental Health Partnership NHS Trust
    • Her Majesty’s Prison and Probation Service (HMPPS)
    • Prisons and Probation Ombudsman (PPO)
    • Serco, Secure Children’s Homes (SCH)
    • South Gloucestershire County Council
    • Hampshire County Council
    • The Hep C Trust

You have the right to request that your personal and healthcare information is not shared by HSH in this way. Please note the anonymised information section in this Privacy Notice.

12. Third Parties mentioned on your Medical Record

Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including you. Third parties can include: spouses, partners, and other family members.

13. How we use the Information about you

We use your personal and healthcare information in the following ways:

  1. When we need to speak to, or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or on going healthcare
  2. When we are required by Law to hand over your information to any other organisation, such as the police, by court order, solicitors, or immigration enforcement

Please note: We will never pass on your personal information to anyone else who does not need it, or has no right to it, unless you give us clear consent to do so.

14. Legal Justification for Collecting and Using your Information

The Law says we need a legal basis to handle your personal and healthcare information.

  • CONTRACT: We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public
  • CONSENT: Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs
  • Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us
  • NECESSARY CARE: Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent
  • LAW: Sometimes the Law obliges us to provide your information to an organisation

15. Special Categories

The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:

  • PUBLIC INTEREST: Where we may need to handle your personal information when it is considered to be in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organisations to ensure you receive advice and/or treatment
  • CONSENT: When you have given us consent
  • VITAL INTEREST: If you are incapable of giving consent, and we have to use your information to protect your vital interests (e.g. if you have had an accident and you need emergency treatment)
  • DEFENDING A CLAIM: If we need your information to defend a legal claim against us by you, or by another party

16. How long we keep your Personal Information

We carefully consider any personal information that we store about you, and we will not keep your information for longer than is necessary for the purposes as set out in this Privacy Notice.

17. If English is not your first Language

If English is not your first language you can request a translation of this Privacy Notice.

Please Speak to our Data Protection Officer.

18. Complaints

If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, with your data or how we have used or handled your personal and/or healthcare information, then please contact our Data Protection Officer.

You also have a right to raise any concern or complaint with the UK information regulator at the Information Commissioner’s Office (ICO):

19. Our Website

The only website this Privacy Notice applies to is the HSH website. If you use a link to any other website from the HSH website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.

20. Cookies

Our website uses cookies. For more information on which cookies we use and how we use them, please contact our Data Protection Officer.

21. Security

We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. We regularly update our processes and systems and we also ensure that our employees are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.

22. Where to find our Privacy Notice

You will find a copy of our Privacy Notice on our website: or a copy may be provided on request.

23. Data Storage

NHS Digital sub-contracts Amazon Web Services (AWS) to store your patient data. We have been informed that the data will remain in the UK at all times and will be fully encrypted both in transit and at rest. We have further been advised that AWS offers the very highest levels of security and support. HSH does not have any influence over how the data is stored as this is decided centrally by NHS Digital and the HM Prison and Probation Service.

24. Changes to our Privacy Notice

We regularly review and update our Privacy Notice. This Privacy Notice was last updated on 5th October 2020.

Published:   30/04/2020

Last Reviewed:  05/10/2020

Reviewed By:  Kelly-Anne Gast, Data Protection Officer & Viki Lamb, Managing Director