This policy sets out the personal and other information we, Healthcare at Home Ltd, collect about you and your usage of our website, when you visit our website, and how we will treat that information, including that it may be processed in the United States.
If you do not wish us to use your personal and such other information in the manner set out in this policy, please do not use our website.
This policy forms part of our Terms and Conditions, which can be accessed by clicking here.
Sciensus needs to collect and process personal information in order to deliver services such as dispensing medicines and ancillary items to patients. We also deliver patient support programmes and adherence and persistence programmes to help patients get the best from their medicine. We run joint programme services with patient’s referring centre and the Pharmaceutical organisations who produce medicines as part of our pharmacovigilance obligations.
In all our operations we put you and any connected recipients at the heart of our decision making when we process your personal information. We are committed to being transparent with you about our use of your personal information. Data usage, sharing, protection and your rights can be complicated, and Sciensus has created this Privacy Notice in a manner we feel is easy to read and understand. However, if you have any questions we are here to help.
The Privacy Notice below provides you with the information relevant to you. If you would like a printed copy, and / or you would like this in your preferred language, brail or audio please contact our Information Governance and Security team at DPO@sciensus.com or by contacting our free phone number on 0800 917 4980.
Sciensus Patient Privacy Notice
At Sciensus, we’re proud to be a leading healthcare provider. Working in partnership with the NHS, private providers and pharmaceutical companies, we use unrivalled insights, experience and technology to bring life-changing medicines to over 200,000 diverse patients. Wherever patients are on their healthcare journey, we’re right by their side.
We are a registered data controller operating in the UK, Wales, Scotland and Northern Ireland. Our registration number is Z6896758. We operate as a joint data controller with your referring establishment (e.g. hospital, GP) and an independent data controller with our Pharmaceutical customers (i.e. companies who supply the medicine). We have policies and procedures in place for data management, sharing, retention and security and all staff and contractors undertake annual data protection and cyber security training. We confirm that we are compliant with
We make changes to the Privacy Notice from time to time. Any changes we may make will be posted on this page so please check back frequently.
We will always keep your data safe and secure and only use it for the purposes it was obtained. We will ensure we record the lawful grounds for the use of your data and keep you informed of any changes. Where we need to seek your consent, we will do so. In this Privacy Notice we have detailed our lawful grounds, however these are continually under review and we carry out data protection impact assessments when we are considering changing the use of your personal information where we identify a potential impact. In carrying out this assessment we will always ensure you are at the heart of our decision making when using your personal information.
This Privacy Notice explains to you, as the patient or connected recipient to the patient of Sciensus, how we use your personal information we collect about you. It also details your individual rights in relation to that information.
Definition of personal identifiable information (PPI) / personal data
“Personal information” refers to an identified or identifiable individual (‘Data Subject’) who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of the individual. Where we refer to “we”, “us” or “our” in this Privacy Notice it refers to Healthcare at Home.
(1) Where we get your information from
We receive your information from many sources to deliver our services to you and we collect and process information about you from these sources. We maintain an extensive list of sources but for ease we have branched them into specific categories:
- From You – when you complete our forms, contact us, when we visit you as part of patient support and nurse programme, during our delivery process of your medicine, online, etc.
- Referring Establishment / Centre – Hospital, Private Medical Consultants, GPs, others involved in your care.
- Legal – Solicitors, Legal Representatives acting on your behalf
- Clinicians – when they visit you via our solo protect device, confirming the name and address if the individual the Nurse is visiting. Via our clinician evaluation forms.
- Laboratories – as part of any medical blood testing results.
- Visiting our on-line website and systems – technical identification information, enquiry form you may complete on line, cookies we may attach to your computer to improve your experience on our website and keep a history of areas most visited on our website.
- Research and Survey companies – when we supply limited information e.g. name and contact details to carry out these activities on our behalf.
- Other People – “recipient” you have authorised to act on your behalf or receive medicine when we carry out our deliveries.
- Social Care and Safeguarding agencies – to enable us and them carry out our legal obligations for patient safety and care.
- Third Parties – Advertising networks, analytics providers, persistence and adherence management providers.
- Parent, Guardian or Responsible Person – assigned and recorded to act on behalf of a paediatric patient (infant, children and adolescents).
If you provide personal information to us about any person other than yourself, you must ensure they are made aware of this Privacy Notice as this is your obligation. It will be your responsibility to ensure they have agreed with you to supply their information. Please keep us informed of any changes to keep your record up to date.
When we register a paediatric patient at Sciensus we will need proof that the appointed person acting for the patient has the legal duty to act on their behalf (e.g. proof they are the parent and approved by the referring establishment).
(2) How we manage and keep your personal information secure
In all our operations we will:
- Keep your information confidential
- Only share your information with authorised and vetted third parties, agencies or people
- Use it lawfully, fairly and in a transparent way
- Keep your personal information for as long as necessary for the purposes we have told you about
- Protect your data and keep it secure
- Have contractual obligations for data management and protection when outsourcing functions to third parties to process your personal information on our behalf
- Carry out security and cyber security checks
3) Types of personal information and lawful grounds for processing
This can be a confusing area to understand but the basis Sciensus works on is that we need to record the lawful grounds under the applicable data protection laws that we use your personal information. Each of these conditions are below and they may change depending on the purpose for which we will use or share your information. You can always contact us if you are unsure.
There are two types of data – Personal and Special Category and we shall now supply a brief set of examples of each and the lawful grounds we rely on to use the personal data:
(4) What we will do with your information
We use your personal information to set up and deliver services to you. We may use it to:
- create and maintain a record of your care and treatment and to communicate with your hospital and doctors
- create and manage your prescription records
- contact you to arrange your delivery
- allow us to dispense and deliver the correct medication to you
- facilitate a nurse or healthcare professional to visit you (if necessary)
- answer any questions or concerns you may have and provide customer support
- provide pharmacy services to you and give you information about your medication
- ensure that we charge the NHS or other bill payer the correct amount for our services delivered to you
- provide regular reminders in accordance with your service, e.g. for deliveries, nurse visits or medication
- provide advice to help you to get the best from your treatment and understand your level of engagement with your treatment through statistical and monitoring information
- provide remote care, using technology platforms and assessments, as required for your service
- enhance staff safety, we utilise secure audio recording devices that may be activated in emergency situations
- capture CCTV images for training purposes and for the prevention and detection of crime
- where your care is funded, to communicate with private medical insurance companies
We may also use your information for service improvement purposes such as:
- To train our staff in the delivery of clinical care services
- To manage and resolve any issues you may have – missed or late deliveries, complaints, incidents
- To record and manage (where appropriate) any adverse events or side effects relating to your medication that you tell us about
- To capture information regarding an incident to ensure the safety of our employees
- To escalate concerns regarding you and your care to ensure you are safe
- To enable us to register and investigate incidents and complaints
- To enable the storage, archive and disposal of paper documentation
- To help us to improve the quality of our services based on your feedback
- To conduct patient engagement surveys and see how well we are doing. These surveys could be generated by Sciensus, NHS Trusts or pharma companies, all of which are third parties we use to deliver our services to you. We may carry out the surveys by email or by phone and may send you a text message to direct you to the survey link.
- To keep an audit trail for the services we provide, e.g. recording of calls, system logs
- Occasionally we will be processing your personal data outside the EEA for the development of IT system databases. This data will be very limited but may include your name, contact details and account numbers. This processing takes place under controlled circumstances and is monitored and audited both during and following completion of the task.
We may also use your personal information by removing all identifiers to create an anonymised record (i.e. you cannot be identified) and/or by using limited identifiers to create a pseudonymised record (i.e. includes some information but it cannot be used to identify you without another piece of information that we hold securely). We may use this for our internal and external reporting to our referring establishments or pharmaceutical providers.
The national data opt-out
The National Data Opt-Out is an NHS service that allows patients to opt-out of their confidential patient information being used for research and planning. We confirm that we do not currently process your confidential patient information for purposes beyond your individual care (e.g. research and planning). Furthermore, we confirm that we comply with the requirements of this standard by having in place procedures to ensure that any future processing always takes this into account. To find out more you can visit www.nhs.uk/your-nhs-data-matters.
(5) Who will we share your information with
We want to maintain your trust, and protect your personal information and when we share your personal information we are doing so because it is essential to enable Sciensus to provide our services to you. As set out in this statement we have detailed the sources from which we may receive information about you but we also share your personal information with the same sources. Examples of who we may also share your information with are listed in section 1 above, but we also share from time to time your personal information with:
- Companies in the Healthcare at Home Group – who carry out functions on our behalf.
- Delivery Agents – companies/organisations that deliver your medication and any devices or ancillaries
- Professional service providers – our IT providers and website hosts who help us run our business
- Regulators – Care Quality Commission, Information Commissioner’s Office, Medicines and Healthcare Products Regulatory Agency
- Insurance Companies – for the purposes of defending or instigating a claim
- Private Medical Insurance – if they fund your care
- Law Enforcement Agencies – for the purposes of prevention and detection of crime or fraud
- Auditors – external or internal as part of our performance reporting or compliance with legal / regulatory obligations
(6) Retention of your personal information
We’ll only hold on to your information for as long as is needed to be able to provide services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis.
If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep or hold of some of your information as required, even after it is no longer needed to provide the services to you for historical or research purposes. Our records retention schedule will be kept in line with the law and national guidance. Information on how long records are kept can be found at: NHS Digital – click here.
|Purpose||Personal Information Used||Lawful Basis|
|Identifiable Data: For Homecare service provision, onboarding and operational contact to deliver patient led services||Personal Data:
||This is necessary to enable us to comply with legal obligations|
|Special Category Data:
||This is necessary for the provision of health care or treatment|
|Identifiable Data: For Homecare Service Pharmacy Provision||Personal Data:
||This is necessary to enable us to comply with legal obligations|
|Special Category Data:
||This is necessary for the provision of health care or treatment|
|Identifiable Data: For Homecare Service Pharmacovigilance, Referring Establishment or Internal performance, statistical reporting. Pharmacovigilance PII, (patient safety)||Personal Data:
||Data controller legitimate operational interests. This is necessary to enable us to comply with legal obligations|
|Special Category Data:
||This is necessary for the provision of health care / treatment and / or for patient safety|
|Pseudonymised Data: For statistical and monitoring reports, performance and sales reports: This data is locked so a person cannot be identified from the strands of data||These will not contain elements of data which you will not be able to be identified from. Examples:
||Required for the performance of a contract|
|Special Category Data:
||Required for historical research purposes or statistical purposes. Management and performance of NHS and Pharma Co Contract requirements|
|Identifiable / Pseudonymised Data||Limited personal and special category data for scientific, service provision, disease management / care, historical research||Required for scientific or historical research|
|Identifiable Data:||All personal and special category data for checking quality of care, (Clinical Audit)||Preventative, medicine provision of health and social care or treatment, management of healthcare systems and services|
(7) Your rights
You can activate these rights by telephone or in writing using our enquiry form on our website but we would recommend that you use these contact details:
The data protection law means you and any person where you have provided Sciensus their personal information have rights including:
Your right of access
You have the right to ask us for copies of your personal information. We will have one month to three months depending on the case to supply you with a copy of the information you are entitled to under the law. Please note, there are exemptions in the law which Sciensus will abide by which may mean you will not be entitled to receive all the information we hold. We will explain this when we respond with a copy of your data. If you have provided us with information about another person “recipient” they will need to make their own request and we shall only provide them with their information.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances, including automated processing and profiling and where automated processing operations are taking place for human intervention.
Your right to object to processing
You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability
You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances where it is technically feasible. This is not an absolute right and may not be possible in all occasions. For example, the right shall not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Your right to complain to the data protection regulator
It is important to Sciensus that any person interacting with us has a right to raise a complaint regarding how we process their data. We have a data protection policy and in receiving a complaint about data protection our patient advocacy team, patient contact centre, care bureau and clinicians will refer all data protection complaints to the Information Governance and Security team who will investigate and respond within 21 working days. However you have a right to raise a complaint with the Information Commissioners Office: Click here or Click Here. The ICO normally ask you to raise your concerns firstly with the Data Controller, but it is important you know you can go directly to the Regulator in the first instance.
You are not required to pay any charge for exercising your rights.
(8) Changes to how we protect your privacy
We may change this page from time to time to reflect how we are processing your data.
If we make significant changes, we will make that clear on the Sciensus website or by some other means of contact such as email, so that you are able to review the changes.
(9) How to contact us
If you want to exercise your rights, have a complaint or just have questions, please contact us by writing to The Head of Information Governance and Security at Sciensus, 107 Station Street, Burton on Trent, DE14 1SZ or by emailing on DPO@sciensus.com or by telephone 0800 917 4980.
Our Data Protection Officer is the Head of Information Governance and Security – Paula Tighe.
Please use 0333 103 9499 if you want to contact us about your delivery or nurse visit.
(1) Data protection disclaimer
We will not sell or share your private information with third parties unless we are required by law to do so.
(2) What we collect
We collect, store and use the following kinds of information relating to you and your use of our website:
(3) How we collect such information
We may collect the following information via this form: name, email address, contact number, post code and relevant message. This information is collected to allow us to contact and help you with your initial enquiry.
(4) What we do with the information we collect
- Your submission will be stored on our website Admin area, which is only accessible by authorised personnel, and a copy of it will be sent to a member of relevant department mailbox so it can be dealt with properly and in a timely manner.
- We may use the information to improve our products and services.
- After the initial contact is made, all your relevant information submitted via this form will be deleted unless you let us know, in writing, that you would like us to keep it for future project opportunities.