Health and Social Care Privacy Notice
The Department of Health and Social Care is committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 2002/General Data Protection Regulation (Isle of Man) Order 2018, the Common Law Duty of Confidentiality and the Human Rights Act 1998.
Who are we?
The Department of Health and Social Care is a registered data controller for the purposes of the Data Protection Act 2002/General Data Protection Regulation (Isle of Man) Order 2018.
All data controllers must notify the IOM Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is N003362 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website. https://www.inforights.im/
The Data Protection Officer (DPO) is responsible for:
- Monitoring compliance with data protection laws, our data protection policies, privacy awareness-raising, training, and audits
- Provide advice and information to the Department on our data protection obligations
- A single point of contact for our employees, our patients and service users (or any other individuals) and the ICO
We provide a comprehensive range of vital health and social care services that contribute to the health and social care wellbeing of our citizens.
These services include:
- General Practitioner and Dental Services
- Community Healthcare
- Hospital Healthcare
- Mental Healthcare
- Public Health
- Social Services for Adults and for Children and Families
- Specialist off-Island Care
- Registration and Inspections
Contact the Data Protection Officer for Health and Social Care:
Data Protection Officer (DPO)
Medical Records Department
Isle of Man IM4 4RJ
Telephone: +44 1624 686784
Lawful basis for processing your information
We will only process your personal data if a lawful basis exists. We may rely on:
- Your consent – if we rely on your consent to process your data you may withdraw your consent at any time by contacting our Data Protection Officer (DPO)
(For example - if you have consented to participate in medical research)
- The need to meet a legal obligation in carrying out statutory government functions
(For example – to provide you with Health or Social Care intervention, which by law we are required to do)
- The need to meet a request you have made for information or a service
(For example – if you requested help and assistance with your children from the Children’s and Families Division)
- The need to prevent or investigate suspected or actual violations of law
(For example – to assist the IOM Police for the prevention or detection of crime)
- The need to protect the public interest
(For example – investigation of Adult or Children’s safeguarding issues)
- The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999. For more information on retention by the Public Record Office: /pro
How your records are used to help you
We use your records to:
- provide a good basis for any care or advisory services we provide to you
- allow you to work with us when we provide care or advice
- make sure your care is safe and effective, and the advice we provide is appropriate and relevant to you
- work effectively with others providing you with care or advice and make sure that appropriate information is available if you see another Social Worker, Doctor, Nurse or an external Health and Social Care provider
- train and educate our health and social care professionals
It is very important for your care that your details are accurate and up to date so we will often check with you at appointments or visits that your personal details are correct.
Sharing your information
If you are receiving care services from us, we may share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, staff training, research, audit and public health.
We would never share information that identifies you unless we have a fair and lawful basis such as:
- You ask us to do so
- We ask and you give us specific permission to do so (consented)
- We have to do so by law (e.g. when sharing information with the police may prevent a serious crime, or prevent harm to you or other people)
- We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. when an infectious disease such as meningitis or measles may endanger the safety of others)
- To protect children and vulnerable adults (e.g. safeguarding)
- When a formal court order has been served upon us (e.g. the court orders us to release specific information)
Third parties that we may share your information with include; for example:
- UK NHS Trusts (if you are referred off island for specialist treatment)
- Veterans UK (if you have applied for a war pension through service injury)
- Law enforcement agencies (prevention or detection of crime)
- UK Office for National Statistics (ONS) (Public Health data sets)
- Other Health and Social Care Organisations involved in your direct care (GP’s)
- IOM Department of Education and Culture (school nurses or health visitors)
- Local authorities (health assessments for alternative housing )
- Voluntary sector and contracted services (advice or counseling services)
Anyone who receives information from us also has a legal duty to keep it confidential.
Why we collect information about you
We aim to provide you with the highest quality of care. To do this we must keep records about you and about the health and social care we have provided, or plan to provide to you. In order to provide care we are required to collect personal and sensitive personal data, for example as below:
Any information relating to an identified or identifiable natural person for example:
- Identifier (e.g. NHS Number, Hospital Number)
- Online identifier (e.g. IP address, email address)
- Or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (e.g. patient/service user)
Sensitive Personal Data
Data consisting of the following:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Data concerning health
- Data concerning a natural person's sex life or sexual orientation
How long we keep your information
We make every effort to keep all the personal data we hold secure, whether held electronically or as paper copies. We also ensure that only members of staff with a legitimate reason to access your information have permission to do so.
Your information will only be kept for a specific amount of time after which it will be securely destroyed.
How we keep your information confidential
Everyone working for the Department of Health and Social Care has a legal duty to keep information about you secure and confidential and to make sure that anyone working with us also works to the same standards.
We follow the rules set out in the Data Protection Act 2002/General Data Protection Regulation (Isle of Man) Order 2018 and in professional codes of conduct to keep your information safe.
We assess ourselves regularly to make sure that we follow good practice and that the latest security measures are in place.
Your information rights
- You have the right to know how we will use your personal information
- You have the right to see your care record. This is known as Right of Subject Access
- You have the right to object to us making use of your information
- You can ask us to change or restrict the way we use your information and we have to agree if possible
- You have the right to ask for your information to be changed, blocked or erased if it is incorrect
If you wish to access your records, or exercise any other of your rights above, please contact the Data Protection Officer (DPO)
Your right to complain
It is your legal right that if you wish to complain on how the Department of Health and Social Care processes your information you can contact the DPO-DHSC@gov.im or submit a complaint to the following: