We are dedicated to protecting your personal data. Please read the notice below to understand how we collect and manage data and how to contact us should you have any questions.
To support our clients in change, TN undertakes detailed analysis of hospital data. We are regulated under and compliant with GDPR and have a strict data policy to ensure the information is handled with utmost care:
- We hold and process data that has been either anonymised or pseudonymised prior to being sent us, the latter meaning that the parts of data which could potentially be used to identify an individual are replaced by a key. We are not able to access these sections and therefore cannot identify patients from the pseudonymised data.
- The pseudonymised patient-level data we use for our analysis is provided by our NHS Clients, where we act as the data processor and our client as the data controller whom are acting in the interest of the public.
- Whilst in use, the data is stored securely. We have been certified as compliant with the requirements of the Cyber Essentials Scheme (Certificate Number: IASME-A-06934). The Cyber Essentials scheme is a cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
- We never share client data with third party organisations.
- The data we share with our NHS clients will not be identifiable unless specifically requested to do so by the data controller (the Client): the data is pseudonymised and typically presented in aggregate form in our analyses.
- We keep pseudonymised data provided to us by our NHS clients for a maximum of 3 months after the end of our contract of work, after which time data is deleted.
- We are registered with ICO (Reference number: ZA473713; Tier: Tier 2). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
