DATA PROTECTION STATEMENT
Healthcare Fieldwork complies with the Data Protection Act 1998 in ensuring the confidentiality of data and ensures that all personal data about research study participants, employees and individuals working on its behalf will be stored securely and will not be passed onto any other company, including those companies which request Healthcare Fieldwork to undertake research study interviews on their behalf.
Healthcare Fieldwork needs to collect personal information about its study participants, employees and individuals who work on its behalf in order to carry out its business and provide its services. The personal information may include name, address, email address, telephone number, date of birth, private and confidential information and sensitive information including (in the case of study participants), medical history. This information may be collected, recorded and used (e.g. on a computer or on paper) and must be dealt with properly to ensure compliance with the Data Protection Act 1998.
The lawful and proper treatment of personal information by Healthcare Fieldwork is extremely important to the success of its business and in order to maintain the confidence of study participants, employees and individuals who work on its behalf. Healthcare Fieldwork aims to treat all personal information lawfully and correctly.
The Data Protection Act 1998 sets out rules for processing personal information relating to living individuals. It applies to paper records as well as those held in electronic form or other format. The Act gives individuals certain rights. It also imposes obligations on those who record and use personal information to be open about how that information is used and requires them to follow the eight data protection principles.
Personal data must be processed following these principles so that data are:
processed fairly and lawfully and only if certain conditions are met
obtained for specified and lawful purposes
adequate, relevant and not excessive
accurate and where necessary kept up-to-date
not kept for longer than necessary
processed in accordance with an individual's rights
kept in a secure manner
not transferred outside of the EEA without adequate protection.
Under the Data Protection Act 1998 an individual has the right, subject to certain exemptions, to access the personal information that an organisation holds about them. Accessing personal data in this way is known as making a subject access request. Individuals also have rights to prevent data processing which is likely to cause substantial and unwarranted damage or distress, to prevent processing for the purpose of direct marketing, and to correct inaccurate personal data.
Responsibilities under the Act
The Data Protection Act imposes certain responsibilities on all those who process personal data at Healthcare Fieldwork. These obligations include:
holding and using data in a secure manner
ensuring that data is handled in line with what individuals have been told and consented to and that this consent is explicit
having appropriate arrangements in place for the access to (and sharing of) data and making sure that individuals' data is accurate and retained for a suitable period.
Most importantly, if a data breach occurs (e.g. personal data held by the Healthcare Fieldwork is lost, stolen, inadvertently disclosed to an external party, or accidentally published), this will be dealt with in an appropriate way.
Roles and Responsibilities of Healthcare Fieldwork
Healthcare Fieldwork will:
• ensure there is a designated person with overall responsibility for data protection. Currently this person is the Data Protection Officer (DPO)
• provide training for all staff members who handle personal information
• provide clear lines of report and supervision for compliance with data protection
• carry out regular checks to monitor and assess new processing of personal data
• develop and maintain DPA procedures to include: roles and responsibilities, notification, subject access, training and compliance testing
All Healthcare Fieldwork employees and individuals working on behalf of Healthcare Fieldwork will through appropriate training and responsible management:
• observe all forms of guidance, codes of practice and procedures about the collection and use of personal information
• understand fully the purposes for which the Healthcare Fieldwork uses personal information.
• collect and process appropriate information, and only in accordance with the purposes for which it is to be used by the Healthcare Fieldwork to meet its service needs or legal requirements
• ensure the information is correctly recorded
• ensure the information is destroyed (in accordance with the provisions of the Act) when it is no longer required or at such point a participant requests their data is removed (if this is sooner)
• understand that breaches of this Policy may result in disciplinary action, including dismissal
If you have any questions regarding our Data Protection policy, please contact our Data Protection Officer Sarah Weir