Covid-19 Mandatory Vaccination Data for Care Home Staff Privacy Notice
This privacy notice explains how personal information is collected as part of the mandatory COVID-19 vaccinations programme for staff that work or visit a CQC registered care home.
Under the Health and Social Care Act 2008 (Regulated Activities) (Amendment) (Coronavirus) Regulations 2021, employers of all CQC registered care homes must ensure that all staff working within the care home, or professionals, such as healthcare workers, tradespeople, hairdressers, beauticians and CQC inspectors, visiting the care home, have been fully vaccinated against Covid-19.
Staff or professionals that have certain allergies to the vaccine ingredients or conditions which are medically recognised as reasons not to administer the vaccine, will need to follow the process outlined in the UK Government’s operational guidance to apply for an exemption certificate.
Detailed operational guidance has been published by the Department of Health and Social Care (DHSC) on the implementation of the Regulations. Subsequently Skills for Care have also produced their own guidance, including a set of frequently asked questions (FAQs).
The new rules came into effect on the 22 July 2021. However, there is a 16 week ‘grace period’ in place to allow unvaccinated staff to get both vaccine doses before the mandatory vaccination requirement actually commences on 11 November 2021. This means that the last date for workers to get their first dose, so they are fully vaccinated by the time the regulations come into force is the 16 September 2021. After that date, any individual who is not fully vaccinated will not be able to enter a CQC registered care home in order to work or to carry out duties within their role.
What personal information we collect
In order for us to maintain a record of the vaccination status of all staff and professionals that work in, or visit one of our CQC registered care homes, we will collect some personal information:
- employee number
- job title
- vaccination status, this will include the dates of vaccinations, sources of evidence and date of booster when applicable
- reason for not being vaccinated (if applicable) – this will include an option for the individual to state they prefer not to say. Where Clinical Exemption is selected, no detail of the nature of the exemption needs to be recorded, only that the manager has had sight of the evidence of exemption.
In order to prepare for the 11 November implementation date, managers will shortly be approaching all staff that fall within the scope of the regulation to check their vaccination status. While it remains entirely the choice of individuals as to whether to have the vaccine; if any member of staff in scope of the above regulations, chooses not to do so without a clinical exemption, or chooses not to share that information, this could have consequences for continued employment.
Currently, the following groups of our staff are considered to be in scope:
- all staff working at Sutton Beeches care home
- any member of staff who visits or may be required to visit a care home as part of their duties (currently defined as social workers, social care assessors, occupational therapists including trainees and assistants and relevant managers)
Who we share your information with?
When required by law, we will share minimum amount of personal information with the following partners and agencies:
- health service providers including NHS agencies
- care providers, e.g. day care, domiciliary, residential
- Government agencies (e.g. Department of Health)
The Data Controller
We are the Data Controller for this processing.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
The lawful basis for the processing
Most of the personal information we collect is provided to us by you, under Article 6 of the UK GDPR we rely on the following:
- we have a legal obligation (UK GDPR Article 6 (c)
When we collect data that is classed as special category data, under Article 9 of the UK GDPR we rely on the following:
- we need it for employment, or social protection (UK GDPR Article 9 (2) (b))
The basis in law is met by the Health and Social Care Act 2008 (Regulated Activities) (Amendment) (Coronavirus) Regulations 2021.
Protecting your information
Your information will be securely stored on our network.
How long we keep your information for
The personal information will be held in line with our retention schedule for employee data, which is during the life of your employment with Cheshire West and Chester Council and for up to six years afterwards; unless you change role in the Council to a role which is not in scope for the above regulations in which case the data will be deleted as no longer required.
If we need to use your information for research or reports, your information will be anonymised and any information taken from notes (hand written or typed) during any consultation sessions will be securely destroyed. The information will continue to be used in a summarised and anonymised form in any research reports or papers that are published. The anonymised information in the papers may be of historic interest and may be held in public archives indefinitely.
Will my data be transferred abroad?
Under UK GDPR you have a number of rights that are set out on our Data protection for you pages.
Further guidance about these rights can be found from the Information Commissioner’s Office (ICO) website.
If you are not happy about the way your personal data is being used, or you require further information about how we process your personal data, you can contact our Data Protection team:
- Contact the DPO
- By post: Data Protection Officer, 4 Civic Way, Ellesmere Port, CH65 0BE
You also have the right to complain to the Information Commissioner’s Office: