Optum Health & Technology UK Limited, and its subsidiaries and affiliated companies (collectively, the “Optum UK”, “Company”, “We”, or “Us”) strive to properly address applicable data protection requirements.
Scope
This Optum UK> Privacy Policy (“Policy”) provides the individuals who receive our services, including but not limited to, commissioning support services, ScriptSwitch, referral services, Optum GP Empower, integrated care systems and other services (“You” or “Participant”) with certain important information about how the Company handles his/her personal information (including sensitive personal information). Optum Health & Technology UK Limited is the primary data processor for processing of Personal information.
Types of Data Processed
Personal information processed might include the following types of personal information:
When you are a client, we process client contact information.
Client Contact Information is personal information related to contacting a Client who would like to learn more about available products and services or for the administration of contracts and payments. Client Contact Information includes personal information such as name, email address, telephone number, or fax number. Client Contact Information is collected via telephonic, face-to-face, or online interactions and is held in administrative systems and files.
When you are a service provider, we process service provider information.
Service Provider Information is personal information related to medical or health care providers, community providers, or other types of providers or consultants that we triage services with, provide services to, or which provides services to our business. Service Provider Information includes personal information such as name, address, email address, or telephone number. Service provider information may be captured in a patient’s medical record, assessment reports, assessment results, and administrative systems.
When you are a patient of a general practice or employee- of a clinical commissioning roup, we process personal information.
Patient Information is personal information related to patients of a General Practice (GP) who may be part of a Clinical Commissioning Group (CCG) that we have a contract with. Patient Information that we process may include but not be limited to patient name, address, date of birth, email address, telephone number, gender, NHS number, health data, genetic data and biometric data. Employee data we process on behalf of the CCG may include but not be limited to name, address, date of birth, email address, telephone number, gender, CV, employment history, NHS number, marital status, banking data, and trade union membership.
Purpose of Personal Information Processing and Legal Basis for Doing So
Our use and processing of Personal Information – Our personal information processing includes:
Commissioning Support Services
We use personal information to deliver provider contract management services, administrative services, and finance and business intelligence services to CCGs.
Scriptswitch
Depending on what functionality has been purchased by the CCG/GPs, the tool may use personal information to support clinicians so that they can make informed decisions at the point of prescribing.
Refferal services
We use personal information to help CCGs and GPs by delivering referrals to secondary care.
Optum GP Empower
We use personal information to assist GPs by providing administrative tools, data and insights.
Integrated Care Services
We use personal information to support health systems to deliver integrated health care.
Quality Management
We use personal information for Quality Management such as ensuring the quality of service delivery, including call monitoring and recording, case consultations, and service feedback. Call recording is performed and quality monitoring is performed. De-identified personal information may be shared with a supervisor or senior member of the staff in order to provide consultation on customer cases.
Client Reporting
We use personal information for Client Reporting such as providing aggregate statistical reports to client organisations related to overall service delivery information, trends within and across organisations, and anonymized customer satisfaction and feedback information.
Client Requests
We use personal information to respond to Client Requests such as responding to requests for more information about products and services.
Business Administration
We use personal information for business administration such as responding to requests for more information about products and services.
Accreditation and Legal Requirements
We use personal information for Accreditation and Legal Requirements such as complying with accreditation requirements and achieving the legal basis of our personal information processing.
The legal basis of our personal information processing - The legal basis of our personal information processing includes processing that is:
- Necessary for the Company’s legitimate interests, including those described above;
- Necessary for compliance with Company’s legal obligations, including the provision of Optum UK services to Participants;
- Necessary for medical diagnosis, the provision of health or social care or treatment of the management of health or social care systems or services;
- Necessary for the establishment, exercise or defense of legal claims;
- Necessary in order to protect the vital interests of the Participant of another natural person;
- Necessary for reasons of public interest in the area of public health; or,
- Based on consent by the Participants, which may subsequently be withdrawn at any time by contacting us at the address listed below in the “Contact Information” section without affecting the lawfulness of processing based on consent before its withdrawal.
Optum's Partners, Personnel and Cross-border Transfers
We disclose personal information to third parties ("Optum Partners"), (“Optum Partners”), such as health care providers and community providers, who help us to deliver the Optum UK services. Optum Partners also share personal information with us for these purposes. Our personnel may access (on a need-to-know only basis) and process personal information in connection with their job responsibilities or contractual obligations. Such access includes those individuals who are in charge of Optum UK program activities mentioned above and IT services as well as senior executive company managers. Where permitted, we may use some third parties, Optum Partners, and Company personnel located outside of the EEA, including in countries that may not provide the same level of data protection as your home country, such as the United States of America. We take appropriate steps to ensure that such entities are bound to duties of confidentiality and we implement measures such as standard data protection contractual clauses to ensure that any transferred Personal information remains protected and secure. A copy of these clauses can be obtained by contacting us at the address listed below in the “Contact Information” section.
Client Reporting
We provide reports to Clients (“Client Reports”). The Client Reports are aggregate statistical reports provided to Client organisations related to overall service delivery information, trends within and across organisations, and anonymized customer satisfaction and feedback information.
Your Consent and Your Responsibility
You are not required by law to provide us with your personal information. If you do not provide us with personal information and consent to our personal information processing policy, we may be unable to provide the Optum UK service that you might request. If you provide your consent, you can withdraw consent at any time. When you withdrawal your consent, we may no longer be able to provide you with Optum UK services. If you provide third-party information to us (such as information from financial institutions, information or advice from solicitors, etc.), it is you responsibility to ensure that it is lawful for you to share the information with us and obtain our further processing of the information.
Direct Marketing
We will not use your personal information for direct marketing purposes without obtaining your consent prior to doing so. If you provide your consent for direct marketing, you may request to withdraw your consent at any time. For example: On each item of marketing collateral we include instructions for withdrawing your consent to direct marketing. You may also request to withdraw your consent by following the instructions by contacting us as instructed in the “Contact Information” section below.
Retention of Personal Information
Personal information will be retained only for so long as necessary for the purposes set out above, in accordance with applicable laws.
Data Security and Data Integrity
We maintain reasonable safeguards to protect the personal information from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction. We also maintain reasonable procedures to help ensure that personal information is reliable for its intended use and is accurate, complete and current. If you are aware of changes or inaccuracies your personal information, you should inform us of such changes so that the personal information can be updated or corrected.
Your Rights in Personal Information That Concers You
You may contact us by following the instructions below in the “Contact Information” section to request access to the personal information that concerns you, to request correct any mistakes, deletion of this data or to withdraw your consent to our personal information processing, in accordance with applicable law.
We might be unable to comply with such a request where doing so would place us in breach of our obligations under applicable laws, regulation or codes of practice. However, in some circumstances, you might be able to request that your data be blocked from further processing. You might also have a right to data portability to another data controller under certain circumstances. Where we rely on your consent for our personal information processing, your consent may be withdrawn at any time, although the withdrawal might impact or disrupt the services we provide to you. Whether we comply with your request or do not comply with your request, we will prepare a response within the time permitted by law, generally within a month of receiving your request, subject to extension, when permitted, in certain situations.
You may lodge a complaint with a supervisory authority if you believe that our personal information processing infringes applicable law.
Disclosures Required or Permitted by Law
Regardless of any other provisions in this Privacy Policy, we may disclose or otherwise process personal information in the context of any sale or transaction involving all or a portion of the business, or as might be required or permitted by law or required for the purposes of any regulatory audit to which the Company may be subject from time to time.
Contact Information
By following the instructions below, you may request clarification about our Policy, complain about our personal information processing, make a request to exercise rights in the personal information that concerns you, and/or request a copy of our contractual clauses designed to protect personal information.
When you contact us, we might need to make an appointment with you, where necessary, to better understand the nature of your question or clarify a request access or amendment/correction. During this process, we must verify your identity to ensure that the request is made by the OLE you, or by another person who is authorized to make a request on your behalf, such as a legal guardian.
To contact the supervisory authority:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
To contact the us:
information_governance@optum.com
Optum Health & Technology Limited
Information Governance
10th Floor
5 Merchant Square
Paddington
London W2 1AS
United Kingdom
Attention: Data Protection Officer
Effective Date
The Effective Date of this Privacy Policy is the 23rd of May 2018. We might revise our Policy from time to time to reflect changes that we undertake in personal information processing. We will notify you of significant changes.