Manx Care Privacy Notice

Manx Care is a data controller for the purposes of the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation).

Manx Care is registered with the Information Commissioner’s Office. Our Register number is R002977 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website.

We provide a comprehensive range of vital health and social care services that contribute to the health and social care wellbeing of our citizens.

These services include: 

• General Practitioner and Dental Services
• Community Healthcare
• Hospital Healthcare
• Mental Healthcare
• Social Services for Adults and for Children and Families
• Specialist off-Island Care

We will only process your personal data if a lawful basis exists. Article 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

We may rely on:

• Your consent – if we rely on your consent to process your data you may withdraw your consent at any time by contacting our Data Protection Officer (DPO)
  
  (For example - if you have consented to participate in medical research)

• The need to meet a legal obligation in carrying out statutory government functions
  
  (For example – to provide you with Health or Social Care intervention, which by law we are required to do)

• The need to meet a request you have made for information or a service
  
  (For example – if you requested help and assistance with your children from the Children’s and Families Division)

• The need to prevent or investigate suspected or actual violations of law
  
  (For example – to assist the IOM Police for the prevention or detection of crime)

• The need to protect  the public interest
  
  (For example – investigation of Adult or Children’s safeguarding issues)

The need to retain information for historical or archiving purposes by the Public Record Office under the Public Records Act 1999.  For more information on retention by the Public Record Office

We use your records to:

• provide a good basis for any care or advisory services we provide to you
• allow you to work with us when we provide care or advice
• make sure your care is safe and effective, and the advice we provide is appropriate and relevant to you
• work effectively with others providing you with care or advice and make sure that appropriate information is available if you see another Social Worker, Doctor, Nurse or an external Health and Social Care provider
• train and educate our health and social care professionals

It is very important for your care that your details are accurate and up to date so we will often check with you at appointments or visits that your personal details are correct.

If you are receiving care services from us, we may share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, staff training, research, audit and public health. 

We would never share information that identifies you unless we have a fair and lawful basis such as:

• You ask us to do so
• We ask and you give us specific permission to do so (consented)
• We have to do so by law (e.g. when sharing information with the police may prevent a serious crime, or prevent harm to you or other people)
• We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. when an infectious disease such as meningitis or measles may endanger the safety of others)
• To protect children and vulnerable adults (e.g. safeguarding)
• When a formal court order has been served upon us (e.g. the court orders us to release specific information)

Third parties that we may share your information with include; for example:

• UK NHS Trusts (if you are referred off island for specialist treatment)
• Veterans UK (if you have applied for a war pension through service injury)
• Law enforcement agencies (prevention or detection of crime)
• UK Office for National Statistics (ONS) (Public Health data sets)
• Other Health and Social Care Organisations involved in your direct care (GP’s)
• IOM Department of Health and Social Care (performance data)
• IOM Department of Education and Culture (school nurses or health visitors)
• Independent Review Body for Health and Social Services
• Mental Health Commission
• Local authorities (health assessments for alternative housing )
• Voluntary sector and contracted services (advice services)

Anyone who receives information from us also has a legal duty to keep it confidential.

We aim to provide you with the highest quality of care. To do this we must keep records about you and about the health and social care we have provided, or plan to provide to you. In order to provide care we are required to collect personal and sensitive personal data, for example as below:

Personal Data

Any information relating to an identified or identifiable natural person for example:

• Name
• Address
• Identifier (e.g. NHS Number, Hospital Number)
• Online identifier (e.g. IP address, email address)
• Or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (e.g. patient/service user)

Special Category Data

Data consisting of the following:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Data concerning health
• Data concerning a natural person's sex life or sexual orientation

We make every effort to keep all the personal data we hold secure, whether held electronically or as paper copies. We also ensure that only members of staff with a legitimate reason to access your information have permission to do so.

Your information will only be kept for a specific amount of time after which it will be securely destroyed.

Any enquiries should be made directly to the Data Protection Officer (details below).

The Isle of Man Public Record Office holds selected records of Isle of Man public authorities that are of long-term historic and cultural value, for permanent preservation.

Access to and the use of records at the Isle of Man Public Record Office is governed by legislation under the Public Records Act 1999 - more information on retention is available from the Public Record Office.

Everyone working for Manx Care has a legal duty to keep information about you secure and confidential and to make sure that anyone working with us also works to the same standards.

We follow the rules set out in the Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018 and the Data Protection (Application of LED) Order 2018, together with any regulations made under them (Manx Data Protection Legislation) and in professional codes of conduct to keep your information safe.

We assess ourselves regularly to make sure that we follow good practice and that the latest security measures are in place.

You have rights regarding your information, these rights vary depending on our reason for using use personal information.  

Your data protection rights are: 

• Your right of access - You have the right to ask us for copies of your personal information.  
• Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  
• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.  
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.  
• Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances. 
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

If you wish to access your records, or exercise any other of your rights above, please contact the Data Protection Officer (DPO)

Contact details for our Data Protection Officer (DPO) are:

The Data Protection Officer (DPO) is responsible for:

• Monitoring compliance with data protection laws, data protection polices, including managing internal data protection activities; raising awareness of data protection issues, training staff and conducting internal audits; 
• to advise on, and to monitor, data protection impact assessments; 
• Providing advice and information to Manx Care on our data protection obligations
• Being a single point of contact for our employees, our patients and service users (or any other individuals) and the ICO.

Automated decision making is the use of computer systems or definitions to apply rules to data in order to determine an outcome – credit ratings are an example of automated decision making. Manx Care does not use automated decision making as all decisions have human intervention.

Most national and local flows of personal data in support of commissioning are established as collections by NHS Digital either centrally, or for local flows by its Data Services for Commissioners Regional Offices (DSCRO).

The lawful basis for processing personal information is: 6(1)(c) ‘…for compliance with a legal obligation…’ Where the collection or provision of data is a legal requirement, for example where NHS Digital is directed to collect specified data, and can require specified organisations to provide it.

The lawful basis for processing personal data is: 9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’

Manx Care only receives anonymised information to assist with the above.

Patients who require transport to and from a healthcare facility in the Island, Manx Care has entered into a contract with the Department of Infrastructure, Bus Vannin to provide this service.

To provide this service in a safe and effective way, Bus Vannin will need to process personal information and also information in relation to your health and care. This helps to ensure that the transport service can be conducted safely and that the patient’s needs and wellbeing are taken into account.

What kind of information will Manx Care share with Bus Vannin

• Name, date of birth,
• Address, telephone, email address
• Age, gender
• Details of your mobility and medical issues related to your journey

How patient records are kept confidential

Department of Infrastructure, Bus Vannin has a duty to:

• Maintain a full accurate record of the journey and any care given to a patient
• Keep records confidential, secure, accurate and accessible
• Dispose of your information confidentially when it is no longer needed
• Provide copies of information in an easy to understand format

Department of Infrastructure is registered with the Information Commissioner.

This sharing is based on the following lawful bases under data protection law:

• Article 6(1)(e) – for the performance of a task carried out in the public interest, or in the exercise of the official authority of the data controller; and
• Article 9(2)(h) – the provision of health or social care or treatment or the management of health or social care systems

Bus Vannin may use your information to:

• Manage the Patient Transport Service effectively
• Provide you with a safe environment
• Protect the health of the general public, for example by reporting infectious diseases
• Help investigate any concerns or complaints a patient or their family may have

The Covid 111 Team process personal data in relation to the vaccination programme.

Calls to the 111 phone service are recorded and stored securely. This information is only shared with others directly involved with your care.

You can find out more in the 111 Privacy Notice.

It is your legal right that if you wish to complain on how Manx Care processes your information you can contact the DPO-ManxCare@gov.im or submit a complaint to the following: