Prescribing Services Limited (PSL) takes data protection and privacy very seriously. We are committed to supporting our customers’ obligations around transparency and to informing patients about their rights.

If you have any questions or wish to make a request in relation to your information, please contact the Prescribing Services Data Protection Officer:

Emma Cooper
Eclipse, The Norfolk Clinical Park, Buxton, Norwich, Norfolk, England, NR10 5RH

PSL as Data Processor

1. Our customers are health or social care providers across the UK such as GP surgeries and hospitals.

2. Our customers will decide the lawful basis and purpose for processing patient information.

3. This information will usually be used for ‘health or social care purposes’ – where information will be used to make decisions about the care of an individual patient.

4. The information may also be used for making decisions about planning health and care services for a particular geographic area.

5. The Data Protection Act 2018 and GDPR 2016 have particular sections related to the use of patient information for these purposes.

What Service Does PSL Provide?

7. Prescribing Services provide IT solutions for the NHS and Social Care Providers, specialising in cost-effectiveness and risk stratification tools, integrated care systems and patient self-management plans.

8. This means that patient information will be securely extracted from systems used by GPs or hospitals and pulled into a secure area.

9. PSL will then apply technology to identify individuals that might benefit from additional care activity or who are at risk of problems with their medication.

10. PSL will then share this information with the health or social care provider to make the final decisions about the care of the individual or planning services.

11. For some projects, PSL will combine information from different health and social care providers to give them a more detailed view of how patients are accessing services and help them make joint decisions about the individual’s care or planning of services.

What Information Does PSL Collect and Use?

12.  PSL collects information from each of the health and social care systems about patients or service users and this includes personal data (which could identify a person) and sensitive personal data (health information).

13.  The information includes NHS Number or other reference number that relates to each patient or service user.

14.  The information also includes codes that indicate what services have been accessed or particular conditions and medications.

15.  PSL is unable to identify any particular patient from the information extracted.

16.  Identification of each patient or service user is only possible for the health and social care providers that provide care to that individual.

17.  When the identity of the individual is not required for the activity – like planning – individual identity will not be made available.

18.  For a full list of the data we process, please contact our Data Protection Officer.

Who Does PSL Share Patient / Service User Information With?

19.  Once the information has been processed to identify potential risks or actions, it is shared with the Health or Social Care providers to make decisions about how to support patients or service users.

20.  Information may be accessed by different team members within PSL (although PSL cannot identify individuals from the information).

21.  PSL works hard to ensure that only the right people have access to information and that they are only given the information they need.

22.  PSL uses a third-party company to help us to extract and securely store some of the information:

• The Bunker (https://www.thebunker.net/) – Data Hosting

• Wellbeing Software (Apollo) (https://www.wellbeingsoftware.com/) – Data Extraction

23.  PSL uses other third-party companies that process personal data related to our business customers or visitors to our website:

• SquareSpace (https://www.squarespace.com/) – Website Provision

• TSO Host (https://www.tsohost.com) – Website Provision

• Cobweb (https://cobweb.com/) Email Service

• Mapus-Smith & Lemmon (https://mapus.co.uk/) - Accounts and Payroll

• Wavenet (https://www.wavenetuk.com/ ) – Telephone Service

• QMS (https://www.qmsuk.com) – ISO Auditors

• Kafico Ltd (www.kafico.co.uk) – Data Protection Consultancy

24.  Any changes to our third-party providers will be notified to our customers, providing an opportunity to object and this notice will be amended.

25.  We have contracts in place with these organisations that prevent them from using data in any other way that how we tell them to. These contracts have been reviewed to ensure that they require the providers to ensure they have technical and organisational measures in place to comply with data protection law.

Will PSL Share Information Without Making Customers or Patients / Service Users Aware?

26.  Sometimes we will be required by law to share information and will not always be able to discuss this with customers or patients / service users directly.

27.  Examples might be sharing with the police or tax authorities for the detection or prevention of crime, where it is in the wider public interest – to keep the public safe, for example - to safeguard children or vulnerable adults or because the court has told us we must share information.

What About the Information Rights of Patients / Service Users?

28.  Data protection law provides a number of rights that PSL is committed to supporting their customers with;

Right to Access

Right to Object or Withdraw Consent

Right to Correction

Right to Portability

Right to Complain

29.  Since PSL are unable to identify patients / service users, we cannot directly respond to information rights requests but will provide support by ensuring that any such requests are promptly directed to the health or social care provider who sends PSL the information.

What About the Information Rights of Business Customers or Visitors to the PSL Website?

30. PSL is still responsible for information rights requests made by business customers or website visitors and will endeavour to respond promptly and effectively.

Does PSL Use Profiling or Automated Decision Making?

31.  The technology that PSL applies to the patient / service user information does profile individuals. It does this by automatically categorising patients / service users according to risk levels or recommended actions.

32.  Any decisions affecting the patient or service user are made by those involved in the care or planning and not by technology alone.

33.  Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.

How Does PSL Protect My Information?

34.  PSL are committed to ensuring the security and confidentiality of personal data. There are a number of ways we do this:

• Staff receive regular training about protecting and using personal data.

• Policies are in place for staff to follow and are regularly reviewed.

• We check that only the minimum amount of data is shared or accessed.

• Our systems are structured so that PSL are unable to identify individual patients or service users.

• We use controlled access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’.

• We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information.

• We report and manage incidents to make sure we learn from them and improve.

• We put in place contracts that require providers and suppliers to protect your data as well.

How Long Does PSL Store Personal Data?

35.  PSL will retain / store your patient / service user information for as long as they are providing services for its customers.

36.  When the contract ends, the information will be returned to be securely destroyed in line with NHS or Social Care guidelines.

How Can I Raise Issues or Make Complaints?

37.  You have the right to make a complaint to our Data Protection Officer or to the Information Commissioner’s Office in writing to the following address:

Information Commissioners Office
Wycliffe House
Water Lane
WILMSLOW
Cheshire SK9 5AF                                                                                                                                     

Enquiry Line: 01625 545700

Website: www.ico.org.uk

Further Information

 If you would like to know more about how Prescribing Services uses your patients’ information please use the Contact Us section of our website.

Further information can also be obtained from the following links:

Data Protection Act 2018

Care Record Guarantee

NHS Confidentiality Code of Practice