Privacy and Cookies

The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data.
For more information, please visit the Offical GDPR Web Site.

Protection and confidentiality of Patient's Information is the Key Element in all our business activities, therefore Sonar Informatics has re-assessed its Network and Security Infrastructure to ensure safeguarding of Patient's Information, also reviewed and updated all current procedures and policies to comply with the New GDPR Regulations:

• Information security
• Data storage and destruction
• Changes to our Privacy Notice (Changes are marked with: new)

 

**Patient's Rights are described in our Privacy Notice

Mr. Gabriel Castillo is responsible for all matters related to data protection and GPDR compliance.
DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.

Contact details:
Mr. Gabriel Castillo
gabriel.castillo@sonarinformatics.com

The New GDPR Regulations give Data Subjects enhanced rights to their Personal Information and/or other Related Information held/used by Data Controllers and Data Processors, than the stipulated in the current Data Protection Act 1998 (DPA):

Some of the new rights are; recall of consent, data transfer and erasure of data (subject to the public interest vs rights).

 

**Patient's Rights are described in our Privacy Notice

 

These rights can be requested by the client to Sonar users. Providers are urged to confirm identity of person making these requests and to contact Sonar DPO; If the information is not readily available on the Sonar system. Our DPO will support these requests, but all information you record on the sonar system is easily available direct to you as a user of the sonar system. Sonar is working to create an easy download options for individual patient requests made to our users from patients. The GDPR requirements for sonar will form part of our privacy policy. Sonar is registered with the ICO.
Sonar keeps records for the mandated period for each type of record. Sonar does not use any outside sub-contractors to perform any services.

We only collect and use your information for the purposes of public health services of NHS England. These purposes include:

• Accounts and records
• Health administration and services
• Information and databank administration
• Research

 

What types of personal data do we handle?

We process personal information to enable us to support the provision of healthcare services to patients.

 

We also use information to support and monitor the health services commissioned in England to enable the delivery of high quality healthcare. This type of information will usually be provided to NHS England in an aggregate or anonymised form, so that we cannot identify an individual.

 

The types of personal information we use include:

• personal details such as names, addresses, telephone, NHS numbers
• family details for example next of kin details
• education, training, mostly frequently of clinicians such as GPs
• employment details, for example as to what occupational category
• services, for example details of the services access or offered by providers
• lifestyle and social circumstances
• details held in the patient's record, where we hold or manage the patient’s record
• responses to surveys, where individuals have responded to surveys about healthcare issues

 

We also process sensitive classes of information that may include:

• racial and ethnic origin
• religious or similar beliefs

 

In terms of patient information, information may include:

• physical or mental health details
• sexual life

How will we use information about you?

Your information is used to run and improve the NHS in England. It may be used to:

• Check and report on how effective NHS England and the services it commissions has been
• Investigate complaints, legal claims or important incidents
• Make sure services are planned to meet patients' needs in the future
• To improve the efficiency of healthcare services, by sharing information with other organisations for a specific, justified purpose and approved by Sonar Informatics' Caldicott Guardian.

Whenever possible all information that identifies you will be removed.

 

Sharing your information

There are a number of reasons why we share information. This can be due to:

• Our obligations to comply with current legislation
• Our duty to comply with our NHS Commissioners
• You have consented to disclosure

 

We only share information where necessary and lawful. Recipients may include:

• NHS England, GP Practices, Community Pharmacies
• Healthcare Professionals

Retaining information

We will only retain information for as long as necessary. Records are maintained in line with the NHS England retention schedule which determines the length of time records should be kept.

 

Security of your information

We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible.

We have appointed a "Senior Information Risk Owner" (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a "Caldicott Guardian" who is responsible for the management of patient information and patient confidentiality.

 

Sonar uses industry recognised security controls including:

• Encrypted communications, multi-factor authentication, audit logging
• Routine security monitoring, penetration testing, etc

These measures help protect information from unauthorised access, loss, alteration or disclosure.

The Data Protection Act 1998 gives you the right to see the information that Sonar Informatics holds about you and why. Requests must be made in writing and you will need to provide:

• adequate information [for example full name, address, date of birth, NHS number, etc.] so that your identity can be verified and your information located.
• an indication of what information you are requesting to enable us to locate this in an efficient manner.

For all other personal information held by Sonar Informatics, requests should be sent to the Customer Contact Centre.

 

We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act 1998.

We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through the Customer Contact Centre.

If you are receiving support from a public health service e.g. The London Pharmacy Vaccination Service, New Medicine Service (NMS), Medicine Use Review (MUR), etc. Then we may share your NHS Number with the relevant clinician (GP, Pharmacy, Hospital, etc.) (Only if you have given explicit consent). This is so that SonarHealth and the relevant clinician (GP, Pharmacy, Hospital, etc) are using the same number to identify you whilst providing you care.

 

Your NHS Number is accessed through an NHS Service called the Personal Demographics Service (PDS), SonarHealth sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in the SonarHealth System.

 

The addition of the NHS Number to public health data will bring additional benefits:

• Better coordinated and safer care across public health care bodies enabled through the sharing of real-time information.
• Less paperwork and more efficient use of public health care resources.

 

You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options you have.

 

If you wish to opt-out from the use of your NHS Number for public health care purposes, please contact us.

The New GDPR Regulations gives you the right to recall of consent (when explicitly given to any service provider using SonarHealth) or to request your information be removed from the SonarHealth system. Requests must be made in writing and you will need to provide:

• adequate information [for example full name, address, date of birth, NHS number, etc.] so that your identity can be verified and your information located.
• an indication of what information you are requesting to enable us to locate this in an efficient manner.

For all other personal information held by Sonar Informatics, requests should be sent to the Customer Contact Centre.

 

We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act 1998.

We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know through the Customer Contact Centre.

Sonar Informatics is committed to protecting you and any data (anonymous or otherwise) that we collect about you online. This section tells you how we use cookies and why. We call it our “Cookies Policy”. Among other things, cookies allow you to log on to SonarHealth Web Site.

As you may be aware, recent legislation requires websites to gain visitors' consent to use certain cookies.

Cookies are files containing small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, and generally improving your online experience.

 

There are different types of cookies. They all work in the same way, but have minor differences:

 

 

For full details about our cookies, we’ve put together a list of the cookies we use.

 

By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings. For more information on how to do this you may wish to read How to Block All Cookies Except for Sites You Use article which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari).

Below is a full list of the cookies used by Sonar Informatics Ltd along with a description of what they are used for:

 

If you wish to restrict or block the cookies which are set by any website - including SonarHealth Web site, you should do this through the browser settings for each browser you use, on each device you use to access the Internet. Please be aware that SonarHealth Web site will not function if your browser does not accept cookies.

 

However, you can allow cookies from specific websites by making them “trusted websites” in your Internet browser. For more information on how to do this you may wish to to read How to Block All Cookies Except for Sites You Use article which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari).

 

Alternatively, you may wish to visit www.allaboutcookies.org which contains comprehensive information on how to do this on a wider variety of browsers.