CCQI quality improvement and accreditation networks privacy notice
The Royal College of Psychiatrists’ (the College) Centre for Quality Improvement (CCQI) runs several projects (including quality improvement and accreditation networks) which aim to improve the quality of care provided for people with mental health conditions and problems.
CCQI projects work with individual services within an NHS Trust or organisation, or with the NHS Trust or organisation overall. For the purpose of this notice, both of these will be referred to as NHS Trusts or organisations as they hold overall
control for the information submitted as part of CCQI projects
The College is the data controller for the information you provide to us as part of a CCQI project.
If you have any queries about the process or how we handle your information, please contact us at email@example.com.
Information is submitted to the CCQI project from a number of sources
NHS Trusts or organisations submit information on organisational processes and service users' care as part of their participation.
Some of this information is collected from hospital records, although most of the information on organisational processes is collected specifically for their participation in the project. Data is submitted via secure web-based tools.
Security and confidentiality maintained through the use of passwords and registration processes.
Where NHS Trusts or organisations submit data about service users’ care, the data is pseudonymous or anonymous.
The project teams cannot identify the individual service user from the information they receive.
Where the data is pseudonymised, the individual NHS Trusts or organisation, hold the information needed to link a service user to the information submitted about the individuals care.
The projects also gather registration information directly from NHS Trusts or organisations to support the management of the CCQI project, such as contact details for the local individuals responsible for the Trust or organisations in the project.
Most CCQI projects collect information from other sources, such as staff providing care and treatment, from service users, their family members, friends or carers, or organisations and individuals who work closely with the Trust/organisation in question.
Data is submitted via a third party secure web-based tool or paper questionnaires received by pre-paid post.
The data collected from these sources anonymous.
All of the information you provide will only be used for the purpose for which you provided it or to fulfil business, legal or regulatory requirements if necessary.
The projects will not share any of the information provided to us with any third parties for marketing purposes.
Information is held in secure data centres in the EU and US which comply with ISO 27001 security standards.
The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
All the data is accessible only to staff members working on the individual project and data processors by approval.
All data is held within restricted areas, is password protected and encrypted.
The projects produce public reports on the aggregated data at NHS Trust or organisation and national levels at specific points during the project.
Individual team, service or NHS Trust or organisation reports are only made available to the NHS Trust or organisation who provided the data.
CCQI projects may also publish data on its website and in appropriate scientific journals.
We will use the staff contact details at the NHS Trust or organisation provided to us at registration to contact you and in connection with ongoing relationship with the relevant project.
You can request for the information to not be used to communicate with you about events or other communications such as newsletters.
CCQI projects do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to either maintain a record of you and to contact you, or for the purpose of assessing compliance against the agreed standards and providing reports on compliance and performance.
- service user information such as age, gender, ethnicity, diagnosis
- care data including date and time of admission, interventions received (e.g. medication, psychological therapies), processes of care such as medication reviews
- outcome data including date of discharge, re-admission, discharge destination and clinical improvements (e.g. scores on outcome measures such as HoNOS)
- data on organisational processes and procedures such as the use of staff supervision
- information waiting times and length of stay
- feedback on service user’s and/or their family member, friend or carers’ experiences of care provided by the relevant NHS Trust or organisation
- feedback on staff members experiences of support, training, supervision and organisational processes
- feedback about the experience of organisations and individuals who work closely with the Trust/organisation in question.
Data processors are third parties who process data for us. We have contracts in place with our data processors.
This means that they cannot do anything with the information unless we have instructed them to do it.
All the information provided to our data processors is pseudonymised and they will not share your personal information with any organisation apart from us.
They will hold it securely and retain it for the period we instruct.
The data processors we use are:
- software providers/hosts for databases which hold the data
- external statisticians for detailed analysis of anonymised sections of data.
The CCQI adheres to the timescales specified in the College’s Record Retention Schedule.
If you wish to learn more about our retention periods, please contact us using the details below.
Some meetings organised by the College attended by members may be recorded. Recording of meetings is carried out as a backup for minuting purposes. The minutes are the official record of the meeting and as such the recording is deleted immediately after the minutes relating to the recording have been approved. If inappropriate behaviour is captured in a meeting recording, that recording may be retained by the College.
CCQI projects process data under the contract the NHS Trust or organisation has entered with us or with consent from the individual providing the data (for example the staff member, service user, family member, friend or carer submitting feedback).
The information received and managed by the project teams is treated as confidential.
The information is available to the project teams in an anonymous or pseudonymised format.
In the case of pseudonymised data, individual patients are only identifiable by the submitting NHS Trust/organisation using their coded service user lists which are held by them.
The project teams do not have access to these lists.
The project teams will not publish information that can enable individual service users, family, friends or carers, or staff to be identified, nor allow third parties to access the data.
The confidentiality and security of information is maintained in the following ways:
- All reports include aggregated data at the relevant level (national, NHS Trust/organisation).
- Reports on individual services, NHS trusts or organisations is only shared with the relevant organisation concerned.
- Small numbers are suppressed, and qualitative feedback is either aggregated or shown only where there is no identifiable information.
- Occasionally, we may share information with Regulatory or Public Authorities, for example: NHS Trusts, the Care Quality Commission or other equivalent bodies.
We will only do this where we have a statutory or regulatory requirement to do so, for example where we identify that staff or patients may be in imminent danger, concerns about unsafe practices or where they may be breaches of human rights.
Further information on situations where we may do this available on our website or in the terms and conditions of membership.
Under the Data Protection Act 1998, and incoming General Data Protection Regulation (GDPR) you have rights as an individual which you can exercise in relation to the information we hold about you.
Service users, family members, friends or carers, or staff members can choose to opt-out of the project.
Opting out of the audit will not affect the care an individual receives or their employment with the relevant organisation.
For more information about how to opt-out of the audit, please contact you the person responsible for the project in your local NHS Trust/organisation directly as the project teams do not hold identifiable information.
The College takes any complaints we receive about the way in which we use personal data very seriously.
We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
If you want to make a complaint about the way we have processed your personal information you can contact us using the details at the bottom of this notice.
You can also complain to the Information Commissioner’s Office directly:
Tel: 0303 123 1113
We keep our privacy notice under regular review. This Privacy Notice was last updated October 2020.
Data Protection Officer
Royal College of Psychiatrists
21 Prescot Street