Kent and Medway Care Record

The information that will be available for professionals at our partners to view through the record is shown below. All access to information is restricted to those who have a requirement to view it for their role.

• Information such as your name, address, date of birth and NHS number
• People to contact in an emergency
• Social care assessment information
• Care providers and the services you’ve used
• Any safeguarding information designed to protect you
• Your legal status for being in the UK
• Any conditions or illnesses you’ve been diagnosed as having
• Any operations you’ve had
• Your medication
• Any alerts or risks relevant to your care
• Your medical and maternity history
• Any birth and neonatal details
• Records of care you’ve had as an inpatient or outpatient
• Your appointments
• Documents such as discharge summaries, clinical letters, care plans, risk assessments and referrals
• Results of investigations, scans and laboratory tests
• Reports such as those from radiology scans or x-rays
• Examinations, for instance, to check your blood pressure
• Trials or studies you might be part of
• If you’ve been sectioned under the Mental Health Act
• Details of supportive care, such as your end-of-life preferences
• A summary of the care you’ve had from a service, such as a hospital, when your care with that service is finished.
   

By bringing health and social care information together in one place, any authorised professional that may need to deliver treatment or care to you, will be able to have access to important information such as medication, allergies etc., more quickly without the need to contact other professionals meaning that care can be delivered at the right time, improving the quality of care provided to you. 
This could be critical in an emergency.

Historically your records are kept by individual organisations involved in your care. For example, your GP holds information about you in relation to the treatment and care that has been provided to you by your GP. Similarly, your hospital will hold a hospital record about any care or treatment you have received there. If you use adult or children’s services provided by the local authority, they too hold a separate record. 

These records have not been shared as a matter of course, so a complete picture about all of the care or treatment you have received from different professionals is not necessarily available. Bringing these electronic records together in one place will provide a more complete view of your health and care needs.

Your personal data will only be shared between the health and social care organisations that have signed the KMCR Joint Controllers Agreement (JCA) or Data Processing Agreement (DPA) to support the delivery of direct care or treatment to you. 

These include: 

• Primary care (your GP practice)
• Community services
• Mental health services
• Local authority social care departments
• Secondary care (hospitals)
• Specialist services (ambulance service)
• Hospices

Staff who need information to deliver direct care or treatment will access the KMCR through their own system where controls are applied about the level of access a member of staff is allowed to do their job and what information they can see. These same controls are applied within the KMCR, which means that a member of staff can only access information based on their authorised level of access and specific job role. Each member of staff, under contract, has a duty of confidentiality which they must abide by.

The data within the KMCR may be used for the following reasons:

• protect the vital interests of patients and service-users and those of their associated carer(s).
• support the provision of health or social care treatment or services to individuals, including their diagnosis and treatment, and the management of their care and support.
• identifying those at risk of illness and disease and to provide preventive care
• activate and empower individuals in their own care by providing a personal health record
• coordinate, improve and optimise patient flows
• help management of health or social care services
• provision of a personal health record
• grant access to treatment escalation plans
• allow use of KMCR analytics to guide care, improve allocation of resource and prevent harm to patients.

For more information about how your data is used, please see the KMCR privacy notice.

The organisations providing your care locally are the controllers of the data they hold about you and are working in partnership to ensure it is available for sharing within the KMCR when needed to benefit your care and treatment. 

If you have any concerns about data sharing, please speak to the local care organisations who hold your records or contact the KCHFT Information Governance team
 

You have a right to request information (Subject Access Request) that is held about you. To access records of your care, please contact the organisation(s) that have been or are currently providing your care, or alternatively contact the KCHFT Information Governance team

For more information on this or any of your rights under UK Data Protection Legislation, please see the KMCR Privacy Notice.
 

You are able to opt-out of having your confidential patient information being used for research and planning, via the NHS National Data Opt-Out. More information can be found on the objections page.

Opt out of sharing your health records

If you have opted-out of the Summary Care Record you will not automatically be opted-out from the KMCR.

The KMCR provides a more detailed view of your health, care and treatment records and is a summary of the treatment and care provided to you by local health and social care organisations in Kent and Medway.

More information about your opt-out rights are available on the objections page.

You have a legal right to lodge a GDPR objection (Article 21) with regard to your data being processed. This means you can object to your data being shared for direct care. Your objection will be considered on a case-by-case basis. When reviewing your objection, consideration will be given as to whether you can still be provided with safe individual care. This is not automatic, as further information must be provided to assess whether the objection is upheld. An objection can be lodged with your GP or care provider, with the final decision being made by a clinician. 

For more information on your rights on the objections page.
 

No, under no circumstances will your data be sold to third parties.

No data will be sold to any third party. The system provider is contractually bound to this.

No KMCR data is processed or stored outside of the UK. This is a contractual requirement of the service provider and is in line with national standards and requirements.

Each organisation has its own data controller and is therefore responsible for making sure the data held by it about individuals receiving treatment and care is accurate. However, Kent Community Health NHS Foundation Trust (KCHFT) as lead commissioner for the KMCR, has established a programme team responsible for auditing the compliance of partner organisations with the agreed measures.

A governance structure has been established which is responsible for developing measures to make sure we can review data quality across the KMCR and take measures to rectify, as appropriate, data quality issues identified. The governance groups are also responsible for making sure measures are in place to guarantee compliance with opt outs, consistency of data, completeness of records etc.  

Each organisation, as the data controller, is responsible for making sure its data is accurate and should be running reports on a regular basis to review its own data quality and identify any errors/issues, which they should then put right. 

All organisations have a responsibility to set out how they share data and to make this easily accessible, be this either in an electronic or paper format. This information should be publicly and easily available, ordinarily via a privacy notice. Information relating to data held within your shared care record can be viewed at the KMCR web page.

Most KMCR partners provide a link back to the Kent and Medway Integrated Care System (ICS) website from their own privacy notices, which allows to the KMCR Operations Team to review the information centrally to make sure it remains up to date and consistent.

KMCR partners can also communicate all of the information themselves through their own website and other communication channels if they prefer. 

All privacy notice information must be kept up to date on a regular basis and communicated to citizens if / when any changes are proposed to the way data is being processed, such as secondary uses. Changes to the way data is being processed, such as for secondary purposes, cannot be introduced without communication with citizens.
 

Videos and animations as well as updated bulletins will appear on the ICS website (the central point for information about health and care in Kent and Medway).

Frequently asked questions (FAQs) are regularly reviewed and updated and available on the ICS website. 

All KMCR partners’ Communication and Engagement Teams have copies of this information and are responsible for sharing this material within their own organisations to promote the KMCR and make sure it is reaching the appropriate staff and that this information is published where appropriate for citizens to view.

Work is on going to look at how we can improve the ways in which we share updates about the KMCR and its uses.

Only providers/organisations that need access to the KMCR to provide better treatment, care and support to you will be considered to join.

They will then have to satisfy strict procedures and processes, prove that they have the necessary controls in place and are compliant with appropriate legislation. 

If they don’t meet these standards they will not be able to join the KMCR. 

A list of all providers with access to the KMCR will be shared via the ICS website.

The KMCR Data Protection and Confidentiality Policy sets out the processes in place to police the system and manage concerns. 

There is an audit plan in place to ensure that those clinicians and professionals with access to the KMCR are not able to access data inappropriately and only do so in line with the requirements of their roles. The benefits of the system and some of the more common concerns are answered on the Kent and Medway Care Record page.

Any organisation whose staff have access to the KMCR to deliver treatment, care and support are required to have strict Role Based Access Controls (RBAC) in place, as well as other legally required systems and procedures.

Functionality regarding the printing, downloading and storing of information from within the system is managed via system controls and monitored closely.

Any new organisation that wishes to join the KMCR, must undergo a stringent process called on-boarding, which will review and scrutinise their compliance with legislation and processes. They will be required to demonstrate they meet a number of mandatory requirements. If they are unable to, they will not be able to join. 
At the present time no VCSOs are able to view information held in the KMCR, although this may change in the future. Each application for access to the system will be reviewed on a case-by-case basis regardless of sector.

While procedures are in place to prevent and manage incidents if they do occur, no system can prevent every breach. 

The data within KMCR is reliant on the data submitted by the KMCR partner organisations. While there is an audit process in place to review compliance, partner organisations are required to have their own monitoring, auditing and reporting processes in place to report breaches to the appropriate body.

In addition, KMCR partners are bound by their own professional registrations and terms of their own employment contracts, which identifies that only data required for their roles should be viewed and processed appropriately. Any breach of these controls or policies would lead to disciplinary action being taken.

You have the right to view or access your records for your own purposes if you wish to. Controllers have a responsibility to make your data available to you at the earliest possible point when responding to a request, but no longer than one calendar month. If you would like to know how to access your information contained within KMCR please contact KCHFT Information Governance team and we can help direct you to the appropriate controller. 

If the data you require access to is data created within KMCR, this can be provided directly by contacting the above email address. 

In the majority of cases, data stored within KMCR, is data that comes from other clinical and social care systems. All providers of this data are required to have their own data quality processes in place however, the KMCR Operational Team also has processes in place to monitor the quality of data flowing into the KMCR. Work is also progressing to develop automatic ways of reporting on the quality of all data flowing through KMCR so that any issues can be identified and dealt with quickly.