In order for NWAS to fulfil its functions, information is shared between various organisations. It may be appropriate to share your information with other services and third parties. These can include:
- NHS commissioners who are responsible for procuring healthcare services to meet patients’ needs
- Hospitals, for example where a pre-alert is necessary for an acutely ill patient en route to hospital
- Out of hours GP services to provide alternative medical services where deemed appropriate
- Midwives, NWAS and community, when the call is regarding obstetrics
- Social services where there is a concern for the welfare of the patient or others involved
- Mental health services where the patient has a mental health illness and specific treatment is required
- Dental service providers may be contacted where the emergency relates to dental complaints
- The police service
- Next of kin, where the patient has requested us to make the person aware of any ongoing incident
Personal information is shared with NHS Digital under their powers to require or request provision of information needed for the functions it exercises. We will also share information with other third parties if there is a statuary basis for disclosure or a requirement to comply with a court order (GDPR Art. 6(1)(c)).
We may share your information for health purposes and for your benefit with other organisations such as other NHS Trusts, general practitioners, and other partner organisations that could be providing specialist services on our behalf.
Information may also need to be shared with other non-NHS organisations, from which you are receiving care. Where information sharing is required with these third parties, we will always have a relevant Information Sharing Agreement in place and will not disclose any health information without an appropriate lawful principle.
NWAS uses a number of contractors (or data processors) to carry out specific business functions on behalf of the trust which involve the processing of personal data. NWAS, as a data controller, remains responsible for ensuring its processing complies with data protection laws.
We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place.
The trust will only use an approved data processor where:
• There is a written contract in place which stipulates that the data processor can only act in accordance with instructions from NWAS. They are not able to do anything else with that data
• The contract also creates a legal requirement for the data processor to act in accordance with data protection laws i.e. appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
• The trust is satisfied that the data processor has provided sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out
The trust takes all reasonable steps to ensure our data processors continue to remain compliant with technical and organisational security measures.
We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional and where appropriate ratified by the Caldicott Guardian/Data Protection Officer. We may be asked to share basic information about you, such as your name and address or sensitive information (i.e. health information). This would normally be to assist them to carry out their statutory duties.
Your information may be used to help assess the needs of the general population and make informed decisions about the provision of future services. Information can also be used to conduct health research and development and monitor NHS performance.
Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units and research institutions.
Where it is not sufficient to use anonymised information, person-identifiable information may be used, but only for essential NHS purposes. This may include research and auditing services. This will only be done with your consent, unless the law requires information to be passed on to improve public health.