Privacy policy
This Privacy Notice may be updated from time to time – the “last updated” date is included at the top of the Privacy Statement. We encourage you to review this Privacy Statement periodically to stay informed about how we may use and disclose your Personal Information. Any ‘material’ changes – those that affect the way your data is processed – will be notified to you directly.
Ash Lane Consulting and Your Information
Ash Lane Consulting takes privacy very seriously.
We are registered with the Information Commissioner and our registration number can be found by searching at https://ico.org.uk/ESDWebPages/Search under reference ZA564710.
If you have any questions or wish to make a request in relation to your information, please contact the Data Protection Lead at: richard@ashlane.co.uk
Ash Lane Consulting is a dedicated team specialising in reviewing healthcare customers’ clinical system data to identify if errors have been made resulting in them being incorrectly reimbursed for the drugs they have purchased and given. To provide this service, Ash Lane Consulting collect, use, store and share information about patients on the instructions of the healthcare provider.
Additionally, Ash Lane Consulting process customer personal data to maintain the customer relationship.
How Does Ash Lane Consulting Collect my Information?
Ash Lane Consulting will collect patient data, for patients of active customers in the following ways;
- From your healthcare provider when they provide us access to their systems
Your health record will remain within the clinical system at the practice. Ash Lane Consulting will take necessary extracts to perform the required assessments.
We will produce a list of patients that we have accessed and notes about any changes we have made. We can then provide this to the healthcare provider to review.
It is the responsibility of the healthcare provider to ensure that they have a lawful basis for providing us access to their systems. It is likely that they are lawfully able to do this because it is ‘necessary’ for your health or care, and you have not raised any objections.
The information includes Personal Data;
- basic details about patients, such as address, date of birth, and NHS Number
as well as Sensitive Personal Data, where it is relevant to our activities;
- notes and reports about medication and coding amendments
Ash Lane Consulting is not responsible for the accuracy of the information within your health record, and you should contact your healthcare provider with any concerns.
Ash Lane Consulting will collect data about members of the public (website visitors) in the following ways;
- Indirectly when we collect cookies, IP addresses and device information or receive messages via the website
Ash Lane Consulting collect only the device or cookie information necessary to allow the system to run properly and ensure we can investigate any security issues. We can do this lawfully because these reasons form the ‘legitimate interests’ of a system provider.
The information includes Personal Data;
- IP Addresses
Ash Lane Consulting will collect data about customers and professional contacts in the following ways;
- Directly when contact details are provided to establish and maintain professional relationships
- Directly when telephone or email contacts are made in relation to service enquiries
The information includes Personal Data;
- Contact details, names and job titles
How Does Ash Lane Consulting Use Personal Information?
Ash Lane Consulting performs the following processing activities
Patients
- Clinical, health and safety or information incidents are managed and documented
- Health information is accessed remotely via the healthcare provider clinical system to review coding and identify errors
- Sending quality and outcome reports to the service commissioner
- Data is collected, shared and stored for the purposes of investigating and responding to complaints
Website Visitors
- Personal data is collected via the organisation website for responding to queries and ensuring the website functions appropriately
Customers / Professional Contacts
- Establishing contact with customers and maintaining the professional relationship through communication tools
- Maintaining a list of those who make contact with ALC, seeking details of services to used, for future contact
Ash Lane Consulting will use this information only to deliver the activities described and will largely use the lawful basis of ‘legitimate interests’ or, the lawful basis selected by the healthcare customer.
Who Does Ash Lane Consulting Share My Information With?
Ash Lane Consulting works hard to ensure that only the right people have your information and that they are only given the information they need.
Ash Lane Consulting uses other companies to help us deliver some of our services such as;
Microsoft / SharePoint (storage and transmission of data)
Egress (large email sending)
Both of these companies provide technology to support our services.
Your data remains in the UK.
We have contracts in place with these organisations that prevent them from using it in any other way that how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality.
Will Ash Lane Consulting Share without Asking Me?
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.
Examples might be;
- Sharing with the police or tax authorities for the detection or prevention of crime
- Where it is in the wider public interest – to keep the public safe, for example
- To safeguard children or vulnerable adults
- Because the court has told us we must share.
What are my Information Rights?
Data protection law provides you with a number of rights that Ash Lane Consulting is committed to supporting you with.
Right to Access
You have the right to obtain:
- confirmation that your information is being used, stored or shared by Ash Lane Consulting
- a copy of information held about you
- If you only require a particular part of your record, tell us and this can reduce the time it takes to provide it
- We will respond to your request within one month of receipt or will tell you when it might take longer.
- We are required to validate your identity including the identity of someone making a request on your behalf
Right to Object or Withdraw Consent
We collect, use, store and share your information because we are permitted to by law, but you do have a right to object to us doing this.
When we collect, use, store or share your information based on your consent, you have a right to withdraw that consent at any time.
Our Data Protection Lead will be happy to speak with you about any concerns you have.
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it.
There may be occasions, where we are required by law to maintain the original information – our Data Protection Lead will talk to you about this, and you may request that the information is not used during this time
We will respond to your request within one month of receipt or will tell you when it might take longer.
Right to Portability
You can ask us to send your information to another organisation on your behalf if you wish.
Complaints
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Lead or visit the link below for more information.
For more detailed information on your rights visit https://ico.org.uk/for-the-public/.
Does Ash Lane Consulting Use Profiling or Automated Decision Making?
No, Ash Lane Consulting does not undertake automatic profiling or automated decision making in relation to your employment information.
Our Data Protection Lead will be happy to speak to you about this if you have concerns or objections.
How Does Ash Lane Consulting Protect My Information?
Ash Lane Consulting are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;
- Staff receive regular training about protecting and using personal data
- Policies are in place for staff to follow and are regularly reviewed
- We check that only the minimum amount of data is shared or accessed
- We use controlled access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
- We use encrypted or password protected emails and storage which would make it difficult for someone to ‘intercept’ your information
- We report and manage incidents to make sure we learn from them and improve
- We put in place contracts that require providers and suppliers to protect your data as well
How Long Does Ash Lane Consulting Store My Information?
Below is a grid that shows how long we keep each record produced in the course of our work.
Activity | Record(s) Produced | Retention period |
Personal data is collected via the organisation website | Email alerts | 2 years |
Sending quality and outcome reports to the service commissioner | Quality / Outcome Reports | 1 year |
Clinical, health and safety or information incidents are managed and documented | Incident reports, communication and evidence | 10 years (or 20 for serious incidents) |
Health information is accessed remotely via the healthcare provider clinical system to review coding and identify errors | None (remains within clinical system) | NA |
Data is collected, shared and stored for the purposes of investigating and responding to complaints | Complaints letters, responses and logs | 10 years |
Maintaining a list of those who make contact with ALC, seeking details of services to used for future contact | Marketing list | Indefinitely with periodic culling review |