Privacy Notices & Security Policy


Here at InHealth Intelligence, we take looking after your data very seriously. We provide a number of services and products to the NHS, so select the one you are interested in below to view the relevant privacy notice:
Diabetic Eye Screening Programme
The NHS in England operates a national Diabetic Eye Screening Programme (DESP) to prevent sight loss. InHealth Intelligence is pleased to have been commissioned by NHS England & NHS Improvement to support the delivery of diabetic eye screening for over 1 million people with diabetes across several local programmes.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data will be kept and when, why and with whom your data may be shared.

The Notice sets out the legal basis we have for processing your personal data and explains the effects of refusing to provide the personal data requested. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about you and where from?

Information from your eye screening appointment (including your results and images), your GP Practice and the Hospital Eye Service will be kept on a register of people with diabetes to provide this service and monitor your needs and the quality of care provided. The register holds your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence addresses and details of your GP Practice, as well as details of your medical record related to diabetes and eye health.

Who do we share your personal data with?

The DESP will keep information about you and your diabetes care to ensure we deliver a safe and quality service. The register is maintained by InHealth Intelligence, a trading name of Health Intelligence Ltd, an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Diabetic Eye Screening Invitation and Result Letters InHealth Intelligence currently send invitation, reminder, and result letters for over 1 million people with diabetes. We therefore use a letter dispatch service provided by Synertec Ltd and UK Mail who securely print and dispatch our letters via Royal Mail business class. Details of your name, address and appointment are provided to support this service. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

Voice Messaging Service InHealth Intelligence engages Yakara Ltd to generate appointment reminder telephone voice messages. Details of your name, telephone number and appointment are provided to support this service. The information is only retained for a short period which allows the reminder telephone calls to be made. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

Gov.uk Notify Service Gov.uk Notify provides a text messaging service which is used by InHealth Intelligence to send text messages to patients in relation to their screening appointments. To support this, your mobile telephone number and time/venue of screening appointments is shared with Gov.uk Notify. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

Training and Research for Ourselves and Other Third Parties If you have consented for such sharing, your data may be used for training and research purposes internally or shared with other third parties involved in the improvement of retinal screening. This will only occur with your explicit consent.

How can I opt-out of my images being used for research and training?

This is very easy to do, just email our Data Protection Officer on dpo@inhealth-intelligence.com. Simply title your email 'Opt-out' and provide your name, address and contact number in the body of the email.

How long do we keep your personal data for?

We will keep your information for the length of the contract we have with NHS England to supply the diabetic eye screening service. After this time, we will securely transfer your data and images to the new provider under instruction from NHS England, then delete all personal data in a secure manner.

Who has access to your personal data?

The security arrangements that protect your privacy ensure that your data is only accessed by staff involved in the delivery of the Diabetic Eye Screening Programme, and healthcare professionals involved in your care working for InHealth Intelligence or the NHS and only for the purposes of direct care.

How will we communicate with you?

We will communicate with you via letter, text (SMS) message and voice message regarding your diabetic eye screening. If you wish to talk to us about your communication preferences, please call the Bookings Office.

What legal basis do we have for using your information?

The Secretary of State delegates several public health functions to NHS England. The public health functions agreement 2017 – 2018 enables NHS England to commission certain public health services which will drive improvements in population health, and this agreement sets out the service specifications which are to be commissioned to satisfy those public health functions. One such service is the National Diabetic Eye Screening Programme, and so it is commissioned by NHS England to discharge part of its public health duties.

NHS England has responsibility to ensure that the Diabetic Eye Screening service is seamless from entry in primary care through to integration with NHS management, treatment and care including working with NHS Hospital Trusts/Hospital Eye Services.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:
  • Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
  • Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
  • Controlling access for different user roles, so only certain data required for a specific role is accessible
  • Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
  • Regular testing of our technology including keeping up-to-date on the latest security updates
We do not transfer personal data out the UK unless you explicitly consent to your data being used for research purposes with other third parties involved in the improvement of retinal screening but only within the European Economic Area (EEA).

Can you access the information we hold?

Your GP Practice has access to all the information we hold about you or contact/email the Data Protection Officer (details below) to request a Subject Access Request Form.

Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

Take a look at our Cookie Policy for more information


We have provided this document in a PDF format for you to download if required


Child Health Information Service
Child Health Information Services (CHIS) are commissioned by NHS England to support the monitoring of the care delivered to children.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about children and will explain how and why their personal data is used. We will also explain how long the data will be kept and when, why and with whom the data may be shared.

The Notice sets out the legal basis we have for processing children’s personal data. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about a child and where from?

Screening, physical examination and vaccination services are monitored to ensure that every child has access to all relevant health promoting initiatives. In support of this the CHIS maintains a record of all children from birth up to the age of 19 and receives data from General Practice, maternity departments, health visitor providers, screening providers and school age vaccination providers.

Who do we share your personal data with?

The CHIS will keep information about all children to ensure we deliver a safe and quality service. The service is maintained by InHealth Intelligence, a trading name of Health Intelligence Ltd, an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Newborn Baby Blood Spot Result Letters InHealth Intelligence currently send newborn blood spot result letters via Synertec Ltd and UK Mail who securely print and dispatch our letters via Royal Mail business class. Details of your name and address are provided to support this service. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

How long do we keep your personal data for?

We will keep a child’s information for the length of the contract we have with NHS England to supply the CHIS. After this time, we will securely transfer the data to the new provider under instruction from NHS England, then delete all personal data in a secure manner.

Who has access to your personal data?

In support of child services this data is shared with healthcare professionals involved in delivering NHS services to children:
  • GP Practices
  • Newborn (Neonatal) Hearing Screening
  • Newborn Blood Spot
  • Independent Midwives
  • Safeguarding Team
  • Local Education Authority
  • School Immunisation Providers (SIPs)
  • 0-19 Services (Health Visitor Providers)
  • Maternity Departments
  • Other CHISs located outside the region (supporting children as they move around)

  • For further information, please contact the Data Protection Officer using the details at the end of this Notice.

    How will we communicate with you?

    We will communicate with you via letter regarding newborn baby blood spot results.

    What legal basis do we have for using your information?

    The Secretary of State delegates several public health functions to NHS England. The public health functions agreement 2017 – 2018 enables NHS England to commission certain public health services which will drive improvements in population health, and this agreement sets out the service specifications which are to be commissioned to satisfy those public health functions. One such service is the CHIS, and so it is commissioned by NHS England to discharge part of their public health duties.

    How do we protect a child’s information?

    We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:
    • Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
    • Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
    • Controlling access for different user roles, so only certain data required for a specific role is accessible
    • Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
    • Regular testing of our technology including keeping up-to-date on the latest security updates
    We do not transfer personal data outside the UK or the European Economic Area (EEA).

    Can you access the information we hold?

    Please contact/email the Data Protection Officer (details below) to request a Subject Access Request Form.

    Do we use Cookies on our websites to collect personal data on you?

    We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

    Take a look at our Cookie Policy for more information


    We have provided this document in a PDF format for you to download if required


Hydroxychloroquine (HCQ) Monitoring Service
In 2017/18, the Royal College of Ophthalmologists (RCO) published guidance recommending that all patients on Hydroxychloroquine (HCQ) be monitored for retinal deterioration. It states that a baseline examination should be carried out initially and then annual monitoring after 5 years on treatment. Patients on HCQ with additional risk factors identified should be monitored annually after 1 year of treatment.
Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data will be kept and when, why and with whom your data may be shared.
The Notice sets out the legal basis we have for processing your personal data and explains the effects of refusing to provide the personal data requested. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about you and where from?

Information from your eye monitoring appointment (including your results and image files), your GP Practice and the Hospital Eye Service will be kept on a register of people prescribed HCQ to provide this service and monitor your needs and the quality of care provided. The register holds your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence addresses, and details of your Hospital Consultant and GP Practice, as well as details of your medical record related to your eye health.

Who do we share your personal data with?

The HCQ Monitoring Service will keep information about you and your HCQ eye care to ensure we deliver a safe and quality service. The register is maintained by InHealth Intelligence, a trading name of Health Intelligence Ltd, an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Invitation and Result Letters To send appointment and result letters, InHealth Intelligence use letter dispatch services provided by Synertec Ltd and UK Mail who securely print and dispatch our letters via Royal Mail business class. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

Gov.uk Notify Service Gov.uk Notify provides a text messaging service which is used by InHealth Intelligence to send text messages to patients in relation to their appointments. To support this, your mobile telephone number and time/venue of HCQ monitoring appointments is shared with Gov.uk Notify. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

How long do we keep your personal data for?

We will keep your information for the length of the contract we have with Southampton City CCG to supply the HCQ monitoring service. After this time, we will securely transfer your data and images to the new provider under instruction from Southampton City CCG, then delete all personal data in a secure manner.

Who has access to your personal data?

The security arrangements that protect your privacy ensure that your data is only accessed by staff involved in the delivery of the HCQ Monitoring Service, and healthcare professionals involved in your care working for InHealth Intelligence or the NHS and only for the purposes of direct care.

How will we communicate with you?

We will communicate with you via letter and text (SMS) message regarding your HCQ monitoring. If you wish to talk to us about your communication preferences, please call the Bookings Office.

What legal basis do we have for using your information?

InHealth Intelligence have been commissioned by Southampton City CCG to deliver this service in support of your direct patient care. Patients are referred to the service via University Hospitals Southampton (UHS) and we will provide results back to UHS, your GP Practice and yourself.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:
  • Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
  • Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
  • Controlling access for different user roles, so only certain data required for a specific role is accessible
  • Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
  • Regular testing of our technology including keeping up-to-date on the latest security updates.
No personal data will be transferred outside the UK.

Can you access the information we hold?

Please contact/email the Data Protection Officer (details below) to request a Subject Access Request Form.


We have provided this document in a PDF format for you to download if required


Analytics
e.g. NHS Health Check Reporting Tool, Childhood Vaccination & Immunisation Reporting Tool, Long Term Condition Intelligence dashboards
InHealth Intelligence (trading name of Health Intelligence Ltd) provide several analytic products to General Practice, including:
  • Long term condition clinical dashboards produce reports on all aspects of the various diseases from a Primary Care perspective to help improve outcomes for patients and Practices alike
  • NHS Health Check Reporting tool will help support General Practice and Local Authorities to meet the targets set by Public Health England
  • Childhood Vaccination and Immunisation Reporting tool improves General Practices data management of vaccinations and immunisations helping to achieving targets set by the Department of Health, NHS England and Public Health England
  • Risk Stratification and Case-Finding tool identifies high risk patients who will benefit immediate and early intervention
  • Our Medicines Optimisation tool aims to help GPs have more time available for medication reviews, ultimately leading to improved patient outcomes
Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data will be kept and when, why and with whom your data may be shared.

The Notice sets out the legal basis we have for processing your personal data. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about you and where from?

We host and display the product-related information exported to your GP Practice in a meaning format (reports) to enable them to monitor your needs and the quality of care provided more efficiently. The dashboard holds your full name, NHS number, gender, date of birth, ethnic group, phone number(s), correspondence address and medical data such as condition-related medical history.

Who do we share your personal data with?

Our analytic products host information about you and your care to ensure your GP can deliver a safe and effective service. InHealth Intelligence, a trading name of Health Intelligence Ltd, an NHS Business Partner contracted by the NHS England & NHS Improvement or your CCG to deliver this service. The security arrangements that protect your privacy ensure that your data is only accessed by your GP Practice and if required (with your GP Practice’s permission) for software investigation by those working for InHealth Intelligence.

How long do we keep your personal data for?

We will keep your information for the length of the contract. After this time, we will securely delete all personal data.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:
  • Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
  • Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
  • Controlling access for different user roles, so only certain data required for a specific role is accessible
  • Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
  • Regular testing of our technology including keeping up-to-date on the latest security updates
We do not transfer personal data out of the UK or European Economic Area (EEA).

Can you access the information we hold?

Your GP has access to all the information we hold about you, please contact them if you wish to review your information.

Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

Take a look at our Cookie Policy for more information


We have provided this document in a PDF format for you to download if required



Where can I get further information?

If you have any queries or concerns about how we handle your personal data, please contact:

Mr Michael Pennington (Data Protection Officer)
InHealth Intelligence
Unity House
Road Five, Winsford Industrial Estate
Winsford
Cheshire
CW7 3RB

Email: dpo@inhealth-intelligence.com
Telephone: 01270 765124

For independent advice about data protection, privacy and data sharing issues, the Information Commissioners Officer (ICO) are always happy to help:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

Website: (www.ico.org.uk)
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)


Security Policy

Our Security Policy is reviewed frequently, if you would like to request the latest version then please fill in the form:

InHealth Intelligence will not use your information for marketing purposes or share it with any other organisations.



Care Quality Commission Registered

InHealth Intelligence (trading name of Health Intelligence Ltd) and it's Diabetic Eye Screening Services are registered under the Care Quality Commission (CQC): 2033813192



Self Certification of Monitor Licence Condition G6

View Document