Health and Social Care Privacy Notice

We will only process your personal data if a lawful basis exists. We may rely on:

• Your consent – if we rely on your consent to process your data you may withdraw your consent at any time by contacting our Data Protection Officer (DPO)

(For example - if you have consented to participate in medical research)

• The need to meet a legal obligation in carrying out statutory government functions

(For example – to provide you with Health or Social Care intervention, which by law we are required to do)

• The need to meet a request you have made for information or a service

(For example – if you requested help and assistance with your children from the Children’s and Families Division)

• The need to prevent or investigate suspected or actual violations of law

(For example – to assist the IOM Police for the prevention or detection of crime)

• The need to protect  the public interest

(For example – investigation of Adult or Children’s safeguarding issues)

• The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999.  For more information on retention by the Public Record Office: /pro

We use your records to:

• provide a good basis for any care or advisory services we provide to you
• allow you to work with us when we provide care or advice
• make sure your care is safe and effective, and the advice we provide is appropriate and relevant to you
• work effectively with others providing you with care or advice and make sure that appropriate information is available if you see another Social Worker, Doctor, Nurse or an external Health and Social Care provider
• train and educate our health and social care professionals

It is very important for your care that your details are accurate and up to date so we will often check with you at appointments or visits that your personal details are correct.

If you are receiving care services from us, we may share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, staff training, research, audit and public health. 

We would never share information that identifies you unless we have a fair and lawful basis such as: 

• You ask us to do so
• We ask and you give us specific permission to do so (consented)
• We have to do so by law (e.g. when sharing information with the police may prevent a serious crime, or prevent harm to you or other people)
• We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. when an infectious disease such as meningitis or measles may endanger the safety of others)
• To protect children and vulnerable adults (e.g. safeguarding)
• When a formal court order has been served upon us (e.g. the court orders us to release specific information) 

Third parties that we may share your information with include; for example: 

• UK NHS Trusts (if you are referred off island for specialist treatment)
• Veterans UK (if you have applied for a war pension through service injury)
• Law enforcement agencies (prevention or detection of crime)
• UK Office for National Statistics (ONS) (Public Health data sets)
• Other Health and Social Care Organisations involved in your direct care (GP’s)
• IOM Department of Education and Culture (school nurses or health visitors)
• Local authorities (health assessments for alternative housing )
• Voluntary sector and contracted services (advice or counseling services)

Anyone who receives information from us also has a legal duty to keep it confidential.

We aim to provide you with the highest quality of care. To do this we must keep records about you and about the health and social care we have provided, or plan to provide to you. In order to provide care we are required to collect personal and sensitive personal data, for example as below:

Personal Data

Any information relating to an identified or identifiable natural person for example:

• Name
• Address
• Identifier (e.g. NHS Number, Hospital Number)
• Online identifier (e.g. IP address, email address)
• Or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (e.g. patient/service user)

Sensitive Personal Data

Data consisting of the following:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Data concerning health
• Data concerning a natural person's sex life or sexual orientation

We make every effort to keep all the personal data we hold secure, whether held electronically or as paper copies. We also ensure that only members of staff with a legitimate reason to access your information have permission to do so.

Your information will only be kept for a specific amount of time after which it will be securely destroyed.

View our records retention and destruction policy.

Everyone working for the Department of Health and Social Care has a legal duty to keep information about you secure and confidential and to make sure that anyone working with us also works to the same standards.

We follow the rules set out in the Data Protection Act 2002/General Data Protection Regulation (Isle of Man) Order 2018 and in professional codes of conduct to keep your information safe.

We assess ourselves regularly to make sure that we follow good practice and that the latest security measures are in place.

• You have the right to know how we will use your personal information
• You have the right to see your care record. This is known as Right of Subject Access
• You have the right to object to us making use of your information
• You can ask us to change or restrict the way we use your information and we have to agree if possible
• You have the right to ask for your information to be changed, blocked or erased if it is incorrect

If you wish to access your records, or exercise any other of your rights above, please contact the Data Protection Officer (DPO)

It is your legal right that if you wish to complain on how the Department of Health and Social Care processes your information you can contact the DPO-DHSC@gov.im or submit a complaint to the following: