New NIAS Privacy Notice25th May 2018
Your Information, What You Need to Know
The Northern Ireland Ambulance Service (NIAS) was established by the Northern Ireland Ambulance Service Health and Social Services Trust (Establishment) Order (Northern Ireland) 1995 as amended by the Health and Social Services Trusts (Establishment) (Amendment) Order (NI) 2008 and Section 1 of the Health and Social Care (Reform) Act (NI) 2009.
NIAS covers an area of over 5,450 square miles with a population of over 1.8 million people in the pre-hospital environment, serviced by a fleet of over 313 ambulance vehicles. It directly employs in excess of 1200 staff across – maybe use across or over59 ambulance stations and deployment points. NIAS has one Emergency Ambulance Control Centre (EAC) based in Knockbracken in Belfast and one non-Emergency Control Centre (NEAC) based in Altnagelvin in Londonderry. A Regional Education and Training Centre (RATC) along with a Headquarters building is also situated in Belfast.
NIAS provide ambulance care, treatment, referral pathways, and transportation services to the people of Northern Ireland 24 hours per day/7 days per week/365 days per year.
The services we provide can be categorised as:
- Emergency Services
- Patient Care Service
- Managing Major Incidents
- Managing Clinical Conditions
- Community Engagement and Education
NIAS is a registered “Data Controller”. Information Commissioner Office (ICO) Registration No. Z5545963
This notice explains how we use and share your information. Information may be collected on paper, or online form, telephone, email, CCTV or by a member of our staff, or one of our partners.
We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the Law. When such changes occur, we will revise the “last updated” date as documented in the Version Control Section.
|Data Controller Name:||Northern Ireland Ambulance Service|
|Address:||Site 30, Knockbracken Healthcare Park, Saintfield Road, Belfast|
|Telephone:||028 9040 0999|
|Data Protection Officer Name:||Alison Vitty|
|Telephone:||028 9040 0710|
Why are you processing my personal information?
In carrying out some of our services we may collect information about you which helps us to deliver a service to you eg. responding to a 999 call and providing treatment or referral, or transporting you to Hospital . This is vital so that we can respond to you when required. We may keep your information in written form and/or in digital form and also operate CCTV on ambulance. The records may include details about you, such as your name and address, age, gender and more sensitive information about your clinical condition or health.
We also record your 999 call when it is received and capture in most cases the telephone or mobile number we have received the call from. This is to ensure we can re-contact you if the phone cuts out or more information is required.
We also have Clinical Support Desks operating in the Emergency Control Room and a trained Paramedic can speak to you and access aspects of your Electronic Care Record to support your ongoing clinical management at that time.
When we respond to you in an emergency we will also complete a paper record known as a Patient Report Form (PRF). The attending crews will collect information such as name, home address, next of kin, GP details, mobile numbers, incident location, previous medical history along with recording other information associated with your clinical management such as observations, stats etc. If you require defibrillator monitoring then stats are recorded on this machine including your name, DOB, weight etc and capture heart rhythms, observations and can transmit ECGs.
In the Non-Emergency Control environment we need your name, address and some level of your medical condition and mobility to ensure that we can transport you appropriately to a Hospital appointment or to transport you home.
We also operate an Air Ambulance in Northern Ireland with Doctors and Paramedics. These staff can also collect information about you or if a crew is already on scene they can share information already provided to treat you.
Advice and guidance is provided to care providers to ensure that adult and children’s safeguarding matters are managed appropriately. Access to identifiable information will be shared in some limited circumstances where it’s legally required for the safety of the individuals concerned.
Serious Incident Management
NIAS works with HSC Trusts to ensure effective governance and to learn from serious and interface incidents. The Francis Report (February 2013) emphasised providers had a responsibility for ensuring the quality of health services provided.
Frequent and Vulnerable Callers
Most individuals or organisations that contact the 999 system do so with legitimate healthcare requirements. However, identification and management of those persons / organisations who access emergency healthcare via the 999 service, on an abnormally high number of occasions can lead to the identification of individuals who are at risk, vulnerable or accessing the incorrect healthcare for their needs or the identification of organisations who have policies which over rely on the use of the ambulance service. We have a duty to safeguard vulnerable people and to ensure that other high use organisations only use the ambulance service when appropriate.
NIAS extract reports that contains names, addresses, age, clinical condition etc and support the identification of these patients. We have appointed a staff member who then liaises with you directly as a patient to get consent to liaise with other service users such as your GP, Social Workers etc.
The Police Service of Northern Ireland (PSNI) are currently facilitating Support Hubs through Policing with the Community and which NIAS partakes in. The Hubs, currently being established in council areas, allow the agencies involved to bring any vulnerable individual, with their consent, to a Multidisciplinary forum in order to support these often complex cases in a unified and effective manner. Each Agency involved has signed an agreement to facilitate the sharing / disclosure of personal data and/or sensitive personal data. The current Agencies involved are: PSNI; Northern Ireland Fire & Rescue Service (NIFRS), Housing Executive, Youth Justice Agency, Education Authority Northern Ireland, Probation Board for Northern Ireland, HSC Trusts. Where appropriate, NIAS will be involved in these Hubs if frequent or vulnerable callers are identified that may benefit from inter-agency working or if individuals are brought to the Hub with consent from other agencies and they are known to NIAS as a Service User who may be vulnerable and may benefit from assistance in managing their Health Care needs. Information shared will be in line with strict consent and governance protocols.
What categories of personal data are we processing?
|Types of personal data||Details|
|Individual details||Name, home address, gender, age, date of birth next of kin details, GP details, telephone numbers (registered address to that number), health and social number, incident location, X/Y variables, existing medical conditions, presenting medical condition|
|Special categories of personal data||Certain categories of personal data have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric or data concerning sex life or sexual orientation.
We will collect varying levels of data that may fall under this depending on what service we are providing to you.
Please note that if you have contacted NIAS or maybe a HCP professional has acted on your behalf we may hold a security code against your address to access your property, or may have information about a clinical condition that you may have which is needed to support the frontline staff attending you.
Information we collect is used to ensure we provide the best possible care. We consider a “record” to be information about providing health which identifies the patient or service user whether they are an adult or a child.
If you are child this leaflet will help you understand what you do with your information.
Where do you get my personal data from?
- Your family members, employer or representative
- Healthcare Professionals such as GPs, Consultants, Nurses, Social Workers etc
- Business Services Organisation (BSO)
- Other public bodies such as HSC Trusts, Police Service of Northern, NIFRS
- British Telecom
- Other organisations who you have given permission to share your information for the provision of the services we provide
Do you share my personal data with anyone else?
Yes. We may engage the services of suppliers (data processors) to store and manage your information on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or an information sharing agreement in place to ensure that the requirements of the GDPR on handling personal data are met eg, Business Services Organisation (BSO), Voluntary and Private contractors such as ProParamedics, Order of St Malta, JK, Red Cross etc.
Voluntary and Private contractors are used to support non-emergency transportation under a contract arrangement. When on duty, NIAS EAC will allocate incidents to them to attend to. When they arrive on scene, they also complete a Patient Report Form (PRF) and collect information about you to treat and transport you. The PRF is then held directly by the voluntary and private contractor and if a request for information is received will be sourced from them. All contracts have strong information governance requirements placed within.
We also use voluntary car drivers to transport non-emergency patients to Hospital and they are provided with details such as your name, address, Ward or Hospital you are attending to get you to your appointment. They do not complete any medical records about you during this transportation.
Community First Responder schemes are also in operation across Northern Ireland. They respond to suitable cardiac related calls. The protocol is to page a first responder if a call is suitable for them to attend and they are provided with the incident number of the call, location of incident, what’s the problem, presenting clinical condition, age, category of call.
Sometimes, it is in line with our legal duties and in the interest of public safety to share information with other organisations such as the Police Service of Northern Ireland (PSNI), NIFRS Service or HSC colleagues or social services. We may also share your personal information when there is a justifiable public safety and security reason. Examples are:
- For the investigation, detection and prevention of crime or if we are required to do so by law eg. PSNI, Police Ombudsman, Coroners Service, Health and Safety Executive of NI, Harbour Police, Airport Police
- Court Orders
- If there are serious risks to the public, our staff or other professionals
- To protect children or vulnerable adults eg safeguarding referrals, interface incidents
Do you transfer my personal data to other countries?
At this time no. All data remains within the United Kingdom. Sometimes it may be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the GDPR.
How long do you keep my personal data?
We will only retain your data for as long as necessary to process (i.e. your rates) and in line with our Retention and Disposal Schedule.
For further information refer to the following Department of Health link:
Security of Your Information
NIAS is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:
- All NIAS staff have contractual obligations of confidentiality, enforceable through disciplinary procedurals
- Everyone working for the HSC is subject to the common law duty of confidentiality
- Staff are granted access to personal information as required to do their job on a day to day basis. Access is provided in accordance with relevant internal processes and appropriately recorded
- NIAS has appointed a Data Protection Officer who provides advice and guidance in the area of protection and compliance with accountability under GDPR
- NIAS has appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents
- NIAS has appointed a Caldicott Guardian and Personal Data Guardian who is responsible for ensuring confidentiality and security of service user information for the Trust
- All staff are required to undertake information governance training on a regular basis
- A range of policies and procedures are in place which are available on the Trust’s website
How Your Records Are Used to Help NIAS
We need your personal information in the main to respond to emergency and non-emergency incidents and to ensure we provide ambulance care, treatment and referral and transportation as required.
Your information may also be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development and monitor HSC performance.
Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities or the general public as part as Freedom of Information requests.
Where it is not sufficient to use anonymised information, person-identifiable information may be used, but only for essential HSC purposes. This may include research and auditing services. This will only be done with your consent, unless the law requires information to be passed on to improve public health.
What rights do I have?
Subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- You have the right to obtain confirmation that your data is being processed, and access to your personal data
- You are entitled to have personal data rectified if it is inaccurate or incomplete
- You have a right to have personal data erased and to prevent processing, in specific circumstances
- You have the right to ‘block’ or suppress processing of personal data, in specific circumstances
- You have the right to data portability, in specific circumstances
- You have the right to object to the processing, in specific circumstances
- You have rights in relation to automated decision making and profiling
How do I complain if I am not happy?
If you would like to know more about how we use your information, or if (for any reason) you do not wish to have your information used in any of the ways described above, please contact:
Data Protection Officer Name: Alison Vitty
Telephone: 028 9040 0710
NIAS Headquarters, Site 30
Knockbracken Healthcare Park
If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Tel: 0303 123 1113