Privacy and Cookies
This document is subject to change. Please visit this page regularly.
What is GDPR?
The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data.
For more information, please visit the Offical GDPR Web Site.
SonarHealth & GDPR
Protection and confidentiality of Patient's Information is the Key Element in all our business activities, therefore Sonar Informatics has re-assessed its Network and Security Infrastructure to ensure safeguarding of Patient's Information, also reviewed and updated all current procedures and policies to comply with the New GDPR Regulations:
- Information security
- Data storage and destruction
- Changes to our Privacy Notice (Changes are marked with: new)
**Patient's Rights are described in our Privacy Notice
Data Protection Officer (DPO)
Mr. Gabriel Castillo is responsible for all matters related to data protection and GPDR compliance.
DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
Contact details:
Mr. Gabriel Castillo
gabriel.castillo@sonarinformatics.com
Data Subject Rights
The New GDPR Regulations give Data Subjects enhanced rights to their Personal Information and/or other Related Information held/used by Data Controllers and Data Processors, than the stipulated in the current Data Protection Act 1998 (DPA):
Some of the new rights are; recall of consent, data transfer and erasure of data (subject to the public interest vs rights).
**Patient's Rights are described in our Privacy Notice
These rights can be requested by the client to Sonar users. Providers are urged to confirm identity of person making these requests and to contact Sonar DPO; If the information is not readily available on the Sonar system. Our DPO will support these requests, but all information you record on the sonar system is easily available direct to you as a user of the sonar system. Sonar is working to create an easy download options for individual patient requests made to our users from patients.
The GDPR requirements for sonar will form part of our privacy policy. Sonar is registered with the ICO.
Sonar keeps records for the mandated period for each type of record. Sonar does not use any outside sub-contractors to perform any services.
What is a Privacy Notice?
A privacy notice is a statement that describes how Sonar Informatics LTD collects, uses, retains and discloses personal information.
To ensure that we process your personal data fairly and lawfully we are required to inform you:
- Why we need your data
- How it will be used and
- Who it will be shared with
This information also explains what rights you have to control how we use your information.
The law determines how Sonar Informatics LTD can use personal information. The key laws are: the Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), Relevant health service legislation, and the Common law duty of confidentiality.
Within these pages we describe instances where Sonar Informatics LTD is the "Data Controller", for the purposes of the Data Protection Act 1998 (DPA), and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.
Sonar Informatics LTD recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care to meet its legal duties.
This part of the fair processing notice outlines the management of the notice, contact details and other access to information legislation.
Complaints about how we process your personal information
In the first instance, you should contact us
Changes to our fair processing notice
We keep our fair processing notice under regular review and we will place any updates on this web page. This notice was last updated on 15/01/2018.
Data Protection Notification
Sonar Informatics LTD is a ‘data controller’ under the DPA - Our Registration Number: Z1149750. We have notified the Information Commissioner that we process personal data and the details are publicly available from the Information Commissioner’s Office
How to contact us
Please contact us if you have any questions about our privacy notice or information we hold about you:
What information do we collect about you?
We only collect and use your information for the purposes of public health services of NHS England. These purposes include:
- Accounts and records
- Health administration and services
- Information and databank administration
- Research
What types of personal data do we handle?
We process personal information to enable us to support the provision of healthcare services to patients.
We also use information to support and monitor the health services commissioned in England to enable the delivery of high quality healthcare. This type of information will usually be provided to NHS England in an aggregate or anonymised form, so that we cannot identify an individual.
The types of personal information we use include:
- personal details such as names, addresses, telephone, NHS numbers
- family details for example next of kin details
- education, training, mostly frequently of clinicians such as GPs
- employment details, for example as to what occupational category
- services, for example details of the services access or offered by providers
- lifestyle and social circumstances
- details held in the patient's record, where we hold or manage the patient’s record
- responses to surveys, where individuals have responded to surveys about healthcare issues
We also process sensitive classes of information that may include:
- racial and ethnic origin
- religious or similar beliefs
In terms of patient information, information may include:
- physical or mental health details
- sexual life
How will we use information about you?
Your information is used to run and improve the NHS in England. It may be used to:
- Check and report on how effective NHS England and the services it commissions has been
- Investigate complaints, legal claims or important incidents
- Make sure services are planned to meet patients' needs in the future
- To improve the efficiency of healthcare services, by sharing information with other organisations for a specific, justified purpose and approved by Sonar Informatics' Caldicott Guardian.
Whenever possible all information that identifies you will be removed.
Sharing your information
There are a number of reasons why we share information. This can be due to:
- Our obligations to comply with current legislation
- Our duty to comply with our NHS Commissioners
- You have consented to disclosure
Retaining information
We will only retain information for as long as necessary. Records are maintained in line with the NHS England retention schedule which determines the length of time records should be kept.
Security of your information
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible.
We have appointed a "Senior Information Risk Owner" (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a "Caldicott Guardian" who is responsible for the management of patient information and patient confidentiality.
How to access your personal information
The Data Protection Act 1998 gives you the right to see the information that Sonar Informatics holds about you and why. Requests must be made in writing and you will need to provide:
- adequate information [for example full name, address, date of birth, NHS number, etc.] so that your identity can be verified and your information located.
- an indication of what information you are requesting to enable us to locate this in an efficient manner.
For all other personal information held by Sonar Informatics, requests should be sent to the Customer Contact Centre.
We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act 1998.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through the Customer Contact Centre.
Use of your NHS Number
If you are receiving support from a public health service e.g. The London Pharmacy Vaccination Service, New Medicine Service (NMS), Medicine Use Review (MUR), etc. Then we may share your NHS Number with the relevant clinician (GP, Pharmacy, Hospital, etc.) (Only if you have given explicit consent). This is so that SonarHealth and the relevant clinician (GP, Pharmacy, Hospital, etc) are using the same number to identify you whilst providing you care.
Your NHS Number is accessed through an NHS Service called the Personal Demographics Service (PDS), SonarHealth sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in the SonarHealth System.
The addition of the NHS Number to public health data will bring additional benefits:
- Better coordinated and safer care across public health care bodies enabled through the sharing of real-time information.
- Less paperwork and more efficient use of public health care resources.
You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options you have.
If you wish to opt-out from the use of your NHS Number for public health care purposes, please contact us.
Recall of consent & data erasure new
The New GDPR Regulations gives you the right to recall of consent (when explicitly given to any service provider using SonarHealth) or to request your information be removed from the SonarHealth system. Requests must be made in writing and you will need to provide:
- adequate information [for example full name, address, date of birth, NHS number, etc.] so that your identity can be verified and your information located.
- an indication of what information you are requesting to enable us to locate this in an efficient manner.
For all other personal information held by Sonar Informatics, requests should be sent to the Customer Contact Centre.
We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act 1998.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through the Customer Contact Centre.
Understanding how and why we use cookies
Sonar Informatics is committed to protecting you and any data (anonymous or otherwise) that we collect about you online. This section tells you how we use cookies and why. We call it our “Cookies Policy”. Among other things, cookies allow you to log on to SonarHealth Web Site.
As you may be aware, recent legislation requires websites to gain visitors' consent to use certain cookies.
What is a cookie?
Cookies are files containing small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, and generally improving your online experience.
There are different types of cookies. They all work in the same way, but have minor differences:
The cookies we use are session cookies. For example, they help us to ensure the security of your internet session, and can also keep you signed in while you move between pages.
Our session cookies used for security are designed to be very difficult to read, change, access or use except by us when you have an active session. They contain no personal information that can be used to identify an individual.
Sonar Informatics does not use persistent cookies in anyway.
For full details about our cookies, we’ve put together a list of the cookies we use.
By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings. For more information on how to do this you may wish to read How to Block All Cookies Except for Sites You Use article which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari).
Cookies we use
Below is a full list of the cookies used by Sonar Informatics Ltd along with a description of what they are used for:
What if we don't want to accept cookies?
If you wish to restrict or block the cookies which are set by any website - including SonarHealth Web site, you should do this through the browser settings for each browser you use, on each device you use to access the Internet. Please be aware that SonarHealth Web site will not function if your browser does not accept cookies.
However, you can allow cookies from specific websites by making them “trusted websites” in your Internet browser. For more information on how to do this you may wish to to read How to Block All Cookies Except for Sites You Use article which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari).
Alternatively, you may wish to visit www.allaboutcookies.org which contains comprehensive information on how to do this on a wider variety of browsers.