Lloyds Pharmacy Clinical Homecare (LPCH) is part of the McKesson UK group of companies.
LPCH provides care for patients with a range of conditions at home, in their place of work, or in the community. You can find out more about the range of work we do and how we do it here: https://lpclinicalhomecare.co.uk/about/
To help you understand how we treat your personal data, please read this privacy notice carefully. If you have any questions you can contact us by:
- Writing to The Information Governance Advisor, Scimitar Park, Roydon Road, Harlow, Essex, CM19 5GU
- Telephoning 0345 2636 123 (or 0345 2636 135 from Scotland)
- Completing the contact form on our website
All McKesson UK companies share a single Data Protection Officer, Paula Bennett. Her contact details are:
Tel: 02476 432 670
Sapphire Court, Walsgrave Triangle, Coventry, CV2 2TX.
If you ever have any queries or concerns about the way LPCH obtains or uses information about you, please get in touch. You can also contact the Information Commissioner if you are unhappy with how we have used your data.
- The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
The ICO’s helpline number is: 0303 123 1113
Privacy laws and practice are constantly developing, and we aim to meet high standards. Our policies and procedures are therefore under continual review. We may, from time to time, update our security and privacy policies and suggest that you check this page periodically to review our latest policies.
What is Personal Data?
Personal data is any information relating to a person who can be either directly or indirectly identified from that information and may include (but is not restricted to) name, address, email address and phone number.
The information we process
We collect, store and use (also called processing) personal data in order to provide our patients with the service(s) required.
If you are a patient who receives care we will have the following information about you:
- Contact telephone number(s) and email address if you have one
- Your NHS number if you are an NHS patient, and your LPCH patient reference number
Your date of birth
- Your gender
- Your medical condition and related history
- Your medicines and care needs
- When you have received, or are due to receive deliveries
- When you have received, or are due to receive nurse visits
- What support you have received to provide self-care where this is an option
- When you have contacted us, and when we have contacted you (including voice recordings of recent telephone calls)
- If you are a private patient we will hold financial information
Information we collect about you
We collect and process information about you from a variety of sources.
We receive information from other sources including the Hospital Trust, your consultant, doctor or others involved in your care.
In the course of receiving the services you require you may provide us with further information which we will process in accordance with this policy. This may include:
- Written or verbal information when creating an account with us
- Information via the contact us form on our website
- Information via correspondence with us by e-mail, telephone or otherwise
- Information you provide during the course of us providing our service(s) to you
- Completion of surveys
- Your social media username if you interact with us through those channels to help us respond to your comments, questions or feedback
- Anybody visiting any of our sites will also be recorded on CCTV for the prevention and detection of crime
Information about other people
If you provide information to us about any person other than yourself (i.e. authorised signatories who can sign for your medication) you confirm that you have made that person aware of how we may collect, use and disclose their information, the reason you have provided it, how they can contact us, the terms of this policy and that they have consented to such collection, use and disclosure.
Recording Telephone Calls
When you call us we may record that call, and keep that recording with your other information. We do this to ensure we provide the best possible care and customer service, and to review our services to see where we can learn and improve. Sometimes calls are audited as part of our governance function, and to provide assurances to medicines manufacturers and regulators that we meet their high standards.
How we use your information
All the personal information we obtain about you and/or any other person whose details you provide will be recorded, processed and protected in accordance with current data protection legislation.
We will keep your data confidential, use it lawfully, fairly and with transparency and protect your data keeping it secure. We will only retain your data for as long as necessary.
We primarily use your personal information in the following ways:
- To create, maintain and securely store your patient record
- To communicate with your hospital and doctors where necessary
- To communicate with you regarding your deliveries and in the event we need to inform you of any issues regarding our service to you
- To arrange to visit you and to provide you with care. Sometimes our nurses will help you learn how to care for yourself and keep records of how well you are doing
- To carry out market research and conduct patient surveys
- To deal with any queries or complaints, details of which will be recorded on your patient record to demonstrate our compliance with our contractual or legal obligations and our legitimate interests in providing you with the best service
- Governance will regularly undertake audits, monitor calls and deal with complaints for quality control, training and service improvement
- Finance to coordinate spending on patient care with NHS organisations and other partners and ensure we charge NHS (or other bill payers) correctly for the services we provide to you
- Prescription Management to ensure all prescriptions are reviewed, renewed and are for the correct medicines
- Warehouse and Packing to prepare packages of medicines and equipment for delivery
- Transport to plan routes and ensure drivers make deliveries to patients or their authorised representatives
- Our Pharmacovigilance team will investigate any adverse reaction to medicines and report such events to manufacturers and regulators in order to improve patient safety
- CCTV footage at LPCH premises is recorded and stored for the purposes of the prevention and detection of crime
- For the safety of our off-site staff we utilise secure recording devices which may be activated in emergency situations
Lawful grounds for processing your Information
In order to process your data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon for the processing of your personal data include:
- Consent: Your consent to processing activities, for example where you have consented to us using your information to invite you to participate in surveys. You are able to change your mind at any time by getting in touch using the details above
- Contract: When we enter into a contract (or prior to entering into a contract) we use personal information for the performance of that contract
- Legal Obligation: There may be occasions where we are required to process information for compliance with an applicable law. An example of this is our legal requirement to report any adverse reactions to medicine to the relevant regulator and the medicine’s manufacturer
- Public Task: We will process patient data which includes special category data regarding the health of our patients in order to carry out our official function as a healthcare provider
- Vital Interests: If we discover one or more people are at risk of harm we will process personal information to ensure the safety of these individuals, acting in that person’s vital interest
- Legitimate interests: If we have a legitimate interest in something that we need to use your information to do, then we can rely on that interest as a lawful basis except where such interests are overridden by your interests and fundamental rights
Disclosure of your personal data
There are circumstances where we wish to disclose or are compelled by law to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed. These scenarios include disclosure to:
- Our subsidiaries, branches or associated offices
- Our Group companies who may contact you by email, phone or post about other products and services (including those from other organisations) in which you may be interested (where you have consented to such communication)
- Our outsourced service providers or suppliers to facilitate the provision of our products and/or services to you, for example:
- our panel of medical experts, printing companies and mailing houses
- manufacturers of the goods in the efforts to understand customer preferences, ensure satisfactory stock levels, to improve products and services and to calculate any volume discounts or rebates which may be applicable to your account
- our data centre provider for the safe keeping of your personal data, webhosting provider through which your personal data may be collected
- third party logistics companies where required to ensure continuity of our service to you
- identity verification partners in order to verify your identity against public databases
- Pharmaceutical companies and health authorities are legally required to collect reports of potential side effects or adverse events that happen to patients whilst taking their products to ensure patient safety. Your information is very important for public health and will not be used for any other purpose than the detection, understanding and prevention of side effects or adverse effects. Your contact details will not be shared without your consent
- Third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons
- Public authorities where we are required by law to do so, or for reasons of public interest regarding public health or for research purposes.
- Our regulators where it is a requirement to do so
- If required, in order to receive legal advice; and
- Any other third party where you have provided your consent
We take the security of personal information very seriously. We employ security technology, including firewalls, and Secure Socket Layers to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.
International Transfer of Personal Data
In the course of the matrix structure of our Group, your data will also be processed within our Group companies that are based in third countries, meaning in countries outside the European Economic Area. These data transfers are covered by an adequacy decision of the European Commission (Article 45 GDPR). Where this is not the case, e.g. when it comes to transfers to the USA, the data transfers are especially based on standard data protection clauses/standard contractual clauses in line with the templates adopted by the European Commission (Article 46 Para. 2 lit. c, Para. 5 S. 2 GDPR) or by an exemption according to Article 49 GDPR.
The same applies to external service providers who work on behalf of us (for example IT service providers or data centres) or third parties, insofar as they come into contact with your personal data and are based in third countries. This means that we transfer your IP address, for example, as part of the use of the TrustArc and Google Analytics tools, or your shortened IP address to countries outside the European Union, among others in the USA.
Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations.
Upon request, we will gladly provide you with appropriate detailed information.
Retention of Personal Data
We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
You have a number of rights regarding how your information is used, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, your personal data. These rights will not all apply in every situation but to exercise them at any time, please contact us using the information above.
You also have the right to lodge a complaint with the relevant data protection authority if you believe that your personal data is not being processed in accordance with applicable data protection law. To contact the Information Commissioner’s Office (the supervisory authority in the United Kingdom), please see their details above.
Right to make subject access request (SAR). You have the right to ask us for copy of the information we have about you, whether in paper, or electronic form. Each such request will be dealt with on an individual basis.
Your right to rectification. You may request that we rectify any inaccurate and/or incomplete personal data.
Your right to erasure. You have the right to ask us to erase (delete or destroy) your personal information in certain circumstances. We will comply unless there is an overriding legal obligation we must comply with which requires us to retain your data.
Your right to object to processing. You have the right to object to us processing your data – including automated processing and profiling. You may, as permitted by applicable law, request that we stop processing your personal data. We may refuse your request to restrict processing if we have to use your information to provide you with care, or if it is in your vital interests for example. In relation to automated processing and profiling, you may object to the processing and you will have the right to obtain human intervention.
Your right to data portability. In some circumstances you may request that we provide your personal data to you in a structured, commonly used and machine-readable format and have it transferred to another provider. We will comply with such transfer as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your personal data which may still be required for legitimate and lawful purposes.
Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.
In common with many other website operators, we may use standard technology called ‘cookies’ on this site. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate this website on each visit.
Most browsers automatically accept cookies, but you can usually change your browser to prevent cookies being stored. Please note, if you do turn cookies off this will limit the service that we are able to provide to you and may affect your visitor experience.
For further information on cookies and how to switch them off see www.allaboutcookies.org