Patient Privacy notice

This page describes how F.A.S.T Ambulance Services Ltd (‘F.A.S.T Ambulance’), uses and manages the information it holds about its patients, including how the information may be shared with NHS and non-NHS organisations, and how the confidentiality of patient information is maintained.
F.A.S.T Ambulance collects and holds personal data about patients for the purposes of providing Patient Transport Services. To provide this service in a safe and effective way, F.A.S.T Ambulance will need to process personal information and also information in relation to health or social care and treatment.
This helps to ensure that the transport service can be conducted safely and that the patient’s needs and wellbeing are taken into account. In order to provide this service, F.A.S.T Ambulance work effectively with others providing patients with care.

We may use your information to:

  • Manage the Patient Transport Service effectively
  • Provide you with a safe environment
  • Assess the quality of service F.A.S.T Ambulance provides
  • Protect the health of the general public, for example by reporting infectious diseases
  • Help investigate any concerns or complaints a patient or their family may have
  • Carry out surveys to inform us of your experience as a patient of F.A.S.T Ambulance (optional)

F.A.S.T Ambulance is registered with the Information Commissioner’s Office as a Data Controller: reference Z3218317.

What kind of information F.A.S.T Ambulance holds about patients

F.A.S.T Ambulance holds both personal data (information which can be sued to identify or contact you) and special category data (such as health information).

  • Name, date of birth, NHS Number
  • Address, telephone, email address
  • ‘Next of kin’: the contact details of a close relative or friend
  • Details of any contact we have had with a patient
  • Details of assessments completed for each journey – includes things such as respiratory rate, heart rate and oxygen saturations, blood pressure
  • Notes and reports about a patient’s health and treatment received from the health provider prior to the journey, including clinic and operational visits and medicines administered
  • Information about any allergies and health conditions.

F.A.S.T Ambulance will use contact details received to provide service information to patients as required, i.e. by letter (postal address), by voice-mail or voice-message (telephone or mobile number), by text message (mobile number) or by e mail (e mail address). F.A.S.T Ambulance are compliant with the Privacy and Electronic Communications Regulations and will not use your contact information for marketing purposes.
Patients have the right to access personal information about them held by F.A.S.T Ambulance – see below.

How patient records are kept confidential

F.A.S.T Ambulance has a duty to:

  • Maintain a full accurate record of the journey and any care given to a patient
  • Keep records confidential, secure, accurate and accessible
  • Dispose of your information confidentially when it is no longer needed
  • Provide copies of healthcare information in an easy to understand format

Everyone working for, or with the NHS, is subject to the Common Law Duty of Confidence, the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Patient information is shared between the provider of your health or social care (for example, your Hospital, GP, Care Home) and F.A.S.T Ambulance to support your on-going care and treatment.
This sharing is based on the following lawful bases under data protection law:

  • Article 6(1)(e) – for the performance of a task carried out in the public interest, or in the exercise of the official authority of the data controller; and
  • Article 9(2)(h) – the provision of health or social care or treatment or the management of health or social care systems

Any sharing of information for purposes beyond enabling direct patient care will only occur where advised and consented to by the patient, except in circumstances where the law requires or allows F.A.S.T Ambulance to act otherwise.
Under the Confidentiality Code of Conduct, all staff are required to protect patient information, to keep patients informed of how their information will be used, and to allow patients to decide about how their information can be shared.

How patient records are shared

F.A.S.T Ambulance shares patient information with a range of organisations or individuals for a variety of lawful purposes, and may send information to, or receive it from:

  • GPs, other NHS staff or private healthcare providers for the purposes of providing transport services which supports direct care and treatment to the patient
  • Social workers or to other non-NHS staff involved in providing healthcare
  • Those with parental responsibility for patients, including guardians
  • Carers without parental responsibility (subject to explicit consent)
  • Medical researchers for research purposes (subject to explicit consent, unless the data is anonymous);
  • Bodies with statutory investigative powers – e.g. the Care Quality Commission, the Audit Commission, the Health Service Ombudsman
  • Organisations processing data on our behalf for the purposes of your care and managing the service

Also, where necessary and appropriate, to:

  • Non-statutory investigators – e.g. Members of Parliament
  • Government departments other than the Department of Health
  • Solicitors, the police, the Courts (including a Coroner’s Court), and tribunals and enquiries
  • The media (normally the minimum necessary disclosure subject to explicit consent)

Confidential patient-identifiable information is only shared with other organisations where there is a legal basis for it as follows:

  • When there is a Court Order
  • When there is a statutory power to share patient data
  • When the patient has given his/her explicit consent to the sharing
  • When the sharing of patient data without consent has been authorised by the Confidentiality Advisory Group of the Health Research Authority (HRA CAG) under Section 251 of the NHS Act 2006

Patient information may be shared, for the purposes of providing direct patient care, with NHS ‘provider’ organisations, such as NHS Acute Trusts (hospitals), NHS Community Health (primary care), NHS general practitioners (GPs), NHS ambulance services etc.
In such cases, the shared data must always identify the patient for safety reasons.

Refusing or withdrawing consent for using patient information

In those instances where the legal basis for sharing of confidential personal information relies on the patient’s explicit or implied consent, then the patient has the right at any time to refuse their consent to the information sharing, or to withdraw their consent previously given.
In instances where the legal basis for sharing information without consent relies on HRA CAG authorisation under Section 251 of the NHS Act 2006, then the patient has the right to register their objection to the disclosure, and F.A.S.T Ambulance is obliged to respect that objection.
In instances where the legal basis for sharing information relies on a statutory duty/power, then the patient cannot refuse or withdraw consent for the disclosure.

The National Data Opt-out

NHS Digital has developed a system to support the national data opt-out which will give patients more control over how their identifiable health and care information is used.
The system offers patients and the public the opportunity to make an informed choice about whether they wish their identifiable data to be used just for their individual care and treatment or also used for research and planning purposes.
Patients can view or change their national data opt-out choice at any time by using the online service on the NHS website: Your NHS data matters (www.nhs.uk/your-nhs-data-matters).
For more information please see the NHS Digital website: National data opt-out programme (https://digital.nhs.uk/national-data-opt-out).

How long health records are retained

All patient records are destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS record is retained.
F.A.S.T Ambulance does not keep patient records for longer than necessary.
All records are destroyed confidentially once their retention period has been met, and F.A.S.T Ambulance has made the decision that the records are no longer required.
Occasionally measures may have to be put in place to secure the retention of all documents and information relevant to a public inquiry. In this case, F.A.S.T Ambulance will not destroy or delete any health records which may be relevant until notified to do so.

Patient rights

If F.A.S.T Ambulance holds information about a patient, they have the right to:

  • Restrict or object to the use of their data in certain circumstances
  • Request a copy of their records held in paper and/or electronic format (see below)
  • Ensure that accurate information is held by F.A.S.T Ambulance
  • Be advised of how long their information will be stored before destruction
  • Seek advice from or make a complaint to the Information Commissioner’s Office (ICO) who is the UK data protection regulator

Accessing information

You have the right to access your information; you can request for a copy of the information that F.A.S.T Ambulance holds or for us to correct any information if it is not right.
In order for your request to be processed efficiently we would advise that a request should be made in writing.
If you wish to make a request, we will need the following information:

  • A description of the data that you would like e.g. information relating to your most recent journey, your entire record
  • Your name, address and a valid identity card (this will ensure that the data is not sent to the wrong person)
    Email address. Requests are sent electronically unless requested otherwise
  • If someone is acting on your behalf, we will need signed consent from you stating that someone is acting for you or the legal documentation confirming that they have the authority to act for you (e.g. a power of attorney form)
  • Fee, only for repeat or excessive requests. There is no fee for standard requests.

We will comply with your request without delay and at the latest within one month. Where requests are complex or numerous, we may contact you to inform you that an extension of time is required.
Access requests should be made by email to:compliance@fast-services.co.uk.
In writing to: 1 CHURCH WALK, TROWBRIDGE, WILTSHIRE, BA14 8DX

Security

CCTV (closed circuit television) is utilised to protect the safety of our patients, staff, members of the public and our property.
F.A.S.T Ambulance remains the data controller of this data and any disclosures to third parties such as the police, will only be done with the permission of F.A.S.T Ambulance.

Raising a concern

If you wish to raise a concern or inaccuracy within your record or would like to restrict who your medical data is shared with, please speak to the data protection compliance team by contacting: compliance@fast-services.co.uk.
Or, in writing to: 1 CHURCH WALK, TROWBRIDGE, WILTSHIRE, BA14 8DX
If you feel as though your concern has not been handled appropriately, or there has been an unnecessary delay in the access process, or you are dissatisfied with the way F.A.S.T Ambulance has handled or shared your personal information, you have the right to complain to the Information Commissioner:
The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 or 01625 545745
Please see the Information Commissioner’s Office website for more information: www.ico.org.uk