The Northern Ireland Ambulance Service Health & Social Care Trust provides an emergency ambulance, urgent care, and patient transport service across the whole of Northern Ireland.
When you contact us as a patient or as a user of the service, we collect information about you and keep records about the service we provide you. We may also record information about you if you contact us for any other reason. This notice explains the type of information we record about you, why this is necessary, and the ways in which this information may be used by the Service.
-
What information is collected?
In order for the Northern Ireland Ambulance Service Health & Social Care Trust to provide a service to you we need to know some information about you. Personal Information that we process about you is governed by Data Protection Legislation
We only collect the information we need to. This will include your name, address, date of birth, contact details and relevant health and social care history. We may need to collect information about you from other people, for example, your family, carers, other health professionals, or if necessary, other external agencies.
NIAS utilises an electronic system for the creation and retention of patient clinical records; this system is replacing the traditional paper-based patient report forms and has many benefits, both in terms of security and governance. Ambulance crews record on an electronic device, their attendance to a patient, the patient’s personally identifiable information, the patient’s condition, clinical observations (which may include ECG recordings and clinical imagery) and any treatments given to the patient.
One main way of sharing information throughout the healthcare system in Northern Ireland is via The Northern Ireland Electronic Care Record – the summary care record contains information about your allergies, medications, and reactions you have to medications, so that in an emergency or when your GP practice is closed this information is available so that you can be cared for. This is a regional programme for sharing your information. For more information please click here.
-
How is it collected?
Information you provide to us is recorded in a paper file and or also on our computer systems. This can include information you provide in person, on an official form (either online or in paper form) or by telephone. The Trust utilises surveillance cameras (Static/Vehicle based CCTV and Body Worn Cameras) in and around the Trust’s sites, on our emergency vehicles, as well as body worn cameras used by operational crews. Surveillance cameras inside our vehicles and our body worn cameras are only activated by the crew when they feel there may be a risk to safety at that time.
Health and Social Care staff involved in your care and treatment may also collect information from other healthcare professionals and organisations in line with legislation and data sharing agreements. This could include:
- Your GP.
- Community Pharmacists.
- Government Agencies, Police Service of Northern Ireland (PSNI), Probation Board Northern Ireland (PBNI), Northern Ireland Housing Executive (NIHE), NI Prison Service.
- Commissioned Services – Nursing Homes, Residential Homes, Charities.
This list is not exhaustive.
-
What do we do with your information?
We collect this information to assist, treat you and provide healthcare services for you. This information may include:
- We log details electronically when we receive a call for help or a booking for non-emergency patient transport services that we operate. This will include your name, address, presenting clinical condition etc. All calls received in the Emergency Ambulance Control and Non-Emergency Ambulance Control are recorded.
- If one of our ambulances attends you, or you are transferred between Hospitals by ambulance, we will collect information about you to help us identify and treat you.
- This information is passed electronically to a hospital Emergency Department if the patient requires hospital care see encompass – DHCNI (hscni.net) or alternatively it can be transmitted to any approved referral urgent or appropriate care pathway for the purposes of continuity of patient care.
- Once transmitted, this information is stored in secure dedicated data centres. A copy may be forwarded to a patient’s General Practitioner for reference and to ensure continuity of care. When the clinical episode is complete, the data is removed from the tablet device.
- Clinical records are primarily intended to provide a detailed account of a patient’s assessment and treatment as well as allowing for onward referral to appropriate clinical services. They may also be accessed in order to respond to any complaints or to investigate untoward incidents under the Trust’s policy.
- Helping to review the care given to you to ensure it is of the highest possible standard. This is done through internal audits, service user/carer feedback evaluations or external inspections of our service.
- Training and education staff for audit purposes.
- For research purposes (with your consent).
- Looking after the health and social welfare of the general public.
- Investigating complaints or legal claims.
- Preparing statistics on the Trust’s activity and performance.
- Providing anonymised data for example to the Department of Health, the Public Health Agency, and the Strategic Planning and Performance Group for the planning of services.
We may also use data for emerging technological advancements. Prior to the implementation or change to the data processing we will ensure due diligence is applied before commencement.
-
Who will my information be shared with?
To help us provide the best care or service for you, we may need to share your information with authorised individuals directly involved in your health and/or social care. We only ever do this if it is needed in your interests. Your relatives, friends and carers may be given information about you, but only if you agree, or in circumstances where it is necessary to ensure your health and wellbeing or where there are safeguarding concerns.
Your information may also be used in a way that does not identify you, for example, to help identify trends such as increases in certain diseases.
Health and Care staff involved in your care and treatment may share information about you with each other but only when necessary. This could include:
- Family Practitioner Services
- Hospital Staff
- Community Services Staff
This could include:
- Your GP
- Doctors
- Nurses
- Pharmacists
- Social Workers
- Allied Health Professionals like Physiotherapists, Occupational Therapists, Health Visitors and other Health and Social Care Professionals.
- Health and Social Care Administrative staff.
Health and Care staff involved in your care and treatment may also share information with other organisations in line with legislation and data sharing requirements. This could include:
- Regulators – Regional Quality Improvement Authority (RQIA)
- Government Agencies – Police Service of Northern Ireland, Driver, and Vehicle Licensing Agency, Northern Ireland Fire and Rescue Service, Probation Board Norther Ireland, Northern Ireland Housing Executive.
- Commissioned Services – Nursing Homes, Residential Homes, Charities.
- National Registries, National Cancer Registry, National Joint Registry.
- Independent Service Providers.
- Other Health and Social Care Organisations, Public Health Agency, Business Services Organisation, Department of Health.
This list is not exhaustive.
All Health and Social Care staff are obliged within their contracts of employment, professional codes of conduct and common law Duty of Confidentiality to ensure that all personal data is treated with the highest possible levels of confidentiality. Contractors and agency staff are bound by contractual confidentiality obligations in line with data protection legislation.
-
Will it be shared with anyone without my consent?
There may be occasions where your information can be shared with other organisations without your consent, but this will only happen when it is:
- Required by law
- Required by a court order
- Necessary to detect or prevent crime, including allegations or suspicions of fraud.
- Necessary to protect the public from serious harm, e.g., the protection of vulnerable adults or children.
- Required for monitoring certain health conditions, e.g., by the Public Health Agency (PHA) or Department of Health.
- Monitoring of deaths, for example review of hospital deaths or for organ donation purposes
- Necessary for the provision of services and information may be shared with other health providers contracted/subcontracted to provide care on our behalf, such as the independent sector who may assist the Trust in this provision.
- Necessary to communicate with service users – information may be shared with third party organisations contracted/subcontracted by the Trust who may send our correspondence via post or electronic methods.
- Necessary to share with other organisations where information is shared as part of a statutory/lawful process.
- Information may be passed to third parties when legally required e.g., to the Coroner or Police for investigation under appropriate judicial processes.
- Anonymised information may be used to support research, train our staff, and contribute to statistics regarding the health and well-being of the general public.
- Anonymised data may be used to assist to plan services for improved quality of care to meet the needs of the population and inform any future operational planning as required.
- Preparing anonymised statistical information on our performance for the Department of Health and other Regulatory Bodies.
-
How will it affect me if I do not want to provide information?
It is important to remember that the purpose of using your information is to provide you with safe, fast, and effective care. Not providing information may have a significant effect on the appropriate care and protection that we and others provide to you.
-
Security of your Information
At the Northern Ireland Ambulance Health & Social Care Trust we take your privacy seriously. Staff will only access your information on a strict ‘need to know’ basis or when they are involved in your period of care.
All staff have a legal duty to keep your information safe and confidential, as does anyone who receives information about you from the Trust. In line with legislation the Trust has a range of measures and strict standards to protect paper and electronically held information.
We will not transfer your data to other countries outside the UK without an appropriate lawful basis for doing so and the information having been secured in a way that safeguards it during and after transfer to the country receiving it.
-
How long will my Information be retained for?
We will retain your information in line with specific guidance issued by the Department of Health in Northern Ireland. The length of time we keep your information for will depend on the types of records created for your care.
If you want to find out more about how long your records are retained, you can ask staff or view the Department of Health’s website.
-
Keeping your information up to date
It is very important that the information we hold about you is correct and up to date. You can help us to do that by telling us of any changes for example the correct address and contact details. Also ensuring that your contact information remains accurate with your GP details.
Please refer to the following website for information on updating your name and address for health services:
Home – Business Services Organisation (BSO) Website (hscni.net)
-
Your Rights
Data Protection legislation gives you the right to request copies of the personal information NIAS holds about you and a right to take action to correct any factually inaccurate information.
You also have a right to take action if you feel you have suffered damage and distress due to the Trust’s use of your information.
Please see the ICO website (link provided below) for more information about your rights.
Your right to be informed if your personal data is being used | ICO
Under Data Protection Legislation data subjects have the following rights with regards to their personal information.
The Right to be Informed
The Northern Ireland Ambulance Health & Social Care Trust (NIAS) issues certain information about our data processing activities that affect you. This information is provided in the Privacy Notice.
The Right of Access
NIAS as the data controller must provide you with
- Confirmation that your data is being processed.
- Access to your personal data.
For further information on how to make a Subject Access Request see:
Subject Access Form V5 2023
The Right to Rectification
You can ask NIAS to correct personal information it holds about you to ensure your data is factually accurate. Please note this only applies to matters of fact and not professional opinions, such as medical diagnosis.
The Right to Erasure (in certain circumstances)
You have the right to (under certain circumstances) ask for your personal data to be erased where:
- Your personal data is no longer necessary in relation to the purpose for which it was collected/processed.
- You object to the processing and there are no legitimate grounds for the processing.
- Your personal data was unlawfully processed or should be erased to comply with a legal obligation.
NIAS can refuse to erase your personal data where it is processed:
- To comply with a legal obligation for the performance of a task in the public interest.
- For the exercise of defence or legal claims.
- For the purposes relating to health and social care, medical diagnosis, preventative medicine in the area of public health, archiving in the public interest, scientific/historic research, or statistics.
The Right to Restrict Processing (in Certain Circumstances)
You have the right to restrict the processing of personal data held by NIAS where:
- You have contested its factual accuracy.
- You have object to the processing and NIAS is considering grounds whether they have legitimate ground which overrides this.
- Processing is unlawful.
- NIAS no longer needs the data, but you require it to establish, defend a legal claim.
The Right to Data Portability
The right to data portability allows individuals to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This enables you to obtain and reuse your personal data across different services.
The right to data portability only applies:
- To personal data that the individual personally provided to NIAS.
- Where processing is based on consent or the performance of a contract.
- Where processing is carried out by automated means I.e. (excluding paper files).
The Right to Object (in Certain Circumstances)
You have the right to object to of processing of your personal data in certain circumstances.
- Task carried out in the public interest.
- The exercise of official authority vested in the public interest.
- NIAS legitimate interests (or those of a third party).
However, in these circumstances the right to object is not absolute and you must give specific reasons why you are objecting to the processing of your data.
Please be aware that NIAS would be able to continue processing your personal data if:
- We can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the individual.
- The process is for the establishment, exercise, defence, or legal claims.
Rights Relating to Automated Decision Making and Profiling
- We may use your data in emerging technological advancements, including Artificial Intelligence (AI) and machine learning, for purposes such as improving operational planning or enhancing patient care. Before any such processing occurs, the Trust will conduct thorough due diligence, including Data Protection Impact Assessments (DPIAs), to identify and mitigate potential risks to your rights and freedoms.
- These technologies will always adhere to the principles of data minimisation, fairness, and transparency, ensuring that your information is used lawfully and responsibly.
- We will not use AI for fully automated decision-making that significantly affects you without implementing appropriate safeguards, including human oversight. For more information, please refer to the ICO’s guidance on the use of AI in decision-making.
- Automated decision making is when decisions are made about you without any human intervention. Profiling is where your personal data may be used to analyse or predict certain things. The link to the ICO guidance is:
Your rights relating to decisions being made about you without human involvement | ICO
-
How do I see my information?
If you want to see the information, we hold about you or ask about how we use it, you can speak to the person in charge of your care or you can request a copy of your information. See the Trust’s website for further details on how you can apply for a copy of your health and social care information.
Requests received will be responded to as quickly as possible and usually within one month; however, the UKGDPR allows up to 3 months for providing a response to complex requests. Generally, there is no charge for copies of records except where the request is manifestly unfounded or excessive or is a repeat request.
-
Is there any information that I cannot see?
There are occasions when other people have provided information relating to your care. In some cases, there may also be information in your notes about other people that is their personal information. We have a duty to keep certain information confidential and may not be able to share it with you.
-
Complying with Legislation
The conditions that ensure the Trust processes your personal information lawfully, fairly and in a transparent manner are set out in Article 6 and Article 9 of the UKGDPR. These conditions include, for example, complying with our legal obligations, to meet the vital interests of service users, for public health purposes and to fulfil our public duty to provide health and social care services and manage our systems.
Lawful Processing
To process personal data NIAS must have lawful grounds for processing as provided for in UKGDPR.
The day-to-day processing of personal data relating to health and social care does not rely on consent. The most commonly grounds for lawful processing in a health care setting is as follows:
- Vital Interests
- Public Task in the Public Interest
As healthcare data is categorised as “special category” another basis is required for the lawful processing of this data.
The most commonly used in healthcare settings:
- Vital Interests
- Public Interest
- Health
- Public Health
See example below:
The processing for Direct Care for Patients.
The legal basis is:
Public Task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
The Public Task function is outlined in the Health & Social Care (Reform) Act (NI) 2009
The provision of health or social care or treatment or the management of health or social care systems and services.
The service meets the associated condition in UK law set out in Part 1 of Schedule 1 of the DPA 2018 for Health or social care purposes:
2(1) This condition is met as the processing is necessary for health or social care purposes.
NIAS may on occasion rely on Legitimate Interests as a lawful basis of processing when not performing ‘core tasks. When they do this, they will perform a legitimate interest test.
-
Where can I find more information?
If you want to know more about how we use your information, if you are unhappy with any aspect about how we use your information or comply with your request, you can contact the Information Governance Team or the Data Protection Officer at the following address:
Information Governance Team
NI Ambulance Service Headquarters
Site 30 Knockbracken Healthcare Park
Saintfield Road
Belfast
BT8 8SG
Email: informatics.department@nias.hscni.net
Tel: 02890400999
Data Protection Officer
NI Ambulance Service Headquarters
Site 30 Knockbracken Healthcare Park
Saintfield Road
Belfast
BT8 8SG
Email: informatics.department@nias.hscni.net
Tel: 02890400999
If you have any further concerns or queries on how your personal data is being processed, you can contact the Information Commissioners Office.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 or 01625 545 745
Website: https://ico.org.uk/