Healthy lives for young people

Privacy and confidentiality

All young people have a right to confidential sexual health advice and services

This page contains information about privacy and confidentiality when using Brook services. For information about privacy and data protection when using our website, receiving communications or applying for jobs, please view the privacy policy.

Confidentiality at Brook

At Brook we offer a confidential service. This means that we do not talk about your visit to anyone outside Brook without your permission unless you or another young person are in serious danger. If you have any worries or questions about confidentiality, don’t hesitate to ask us.

Read general information about your rights when visiting other sexual health services.

At Brook we have a Caldicott Guardian, this is a senior staff memeber responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly. If you need to contact the Caldicott Guardian please email dataprotection@brook.org.uk.


How we use your information when visiting a Brook service

When you use a Brook service, whether that’s by attending a clinic or participating in education programmes, any information you provide will be given to Brook Young People (which is Brook’s full legal name). This means that Brook is the ‘Data Controller’  for your data and we are responsible for keeping it safe. You can find the contact details for Brook’s Data Protection Officer below.

Our promise of confidentiality relates to the organisation as a whole. To make sure that we provide you with the best care members of staff have to share information about you with other members of the Brook team.

When Brook works with another health service provider

Brook services often work together with another Health Service provider in a partnership arrangement. Should this be the case in the service you access, the information about you will be shared with them, but your rights to confidentiality remain exactly the same. You can ask your local service for information on any partners that your data will be shared with.

How will we contact you

We will not send test results or contact you at home unless you have given us your permission. That’s why we always ask if we can write to you at home. It’s important that we have some way to contact you so we will always ask if there is another address we can use or some other way to contact you such as email or mobile phone.

We will never leave messages for you with someone else, or on voicemail, unless you have told us that was OK.

We may be able to send you a text with your STI test results. If we can do this at the service you are visiting, we will tell you first. Where we use an external SMS provider, we will make sure they won’t share your phone number or use it for anything else.

Will you contact my doctor?

We won’t tell your family doctor about your visit if you don’t want us to.

You might be asked each time you visit us whether it’s OK for us to contact your doctor. If you don’t want your doctor to know you are a client of Brook we would encourage you to contact us if your doctor gives you any medicine just in case it interferes with any contraception we have given you.

Who can see my Brook record?

You can see your records but we won’t show them to anyone else without your permission – even your parents, guardian or carer. 

All our staff are specially trained to keep your confidentiality and they have all agreed to stick to our policies.


Are there any exceptions?

If you are or others are at risk of serious harm

If we believe that you, or another young person, are at risk of serious harm we may need to talk to other people outside of Brook so that you can get additional support to protect you. We will always discuss this with you first before talking to anyone else.

Violent or criminal behaviour

If a client behaves in a violent, aggressive or anti-social way or commits a crime against another Brook client, a member of staff or against Brook property we may have to call the police and give them the name of the client. We would not give the police any information about the reason for the client’s visit to us.

Required by law

Sometimes we may be required by law to share information about you. This may happen if the police or a court orders us to disclose information.

Inspections

In some cases people who work for approved organisations who are also legally required to maintain your confidentiality may also have the right to see your records as part of their job. This can happen when an organisation like the Care Quality Commission inspects us to ensure the quality and safety of our services or if an inquiry has been ordered into the serious injury or death of a child or young person.

Female Genital Mutilation (FGM)

In England, if someone aged under 18 tells one of our doctors or nurses that they have experienced Female Genital Mutilation we have to tell the police.  We wouldn’t do that without telling you first.

STI treatment

Sometimes we are contacted by STI testing providers to ask if specific people have come to us for treatment. If you have been to us for treatment and the testing provider gets in touch, we would confirm you had been treated. We would not provide any further information.


What information do we collect about you and why?

At Brook we want to provide you with the best quality care. To do this we need to keep records about you and the advice and treatment we have given you. The information in your records will include:

  • basic details about you, such as your name, date of birth and contact details;
  • contacts we have had with you, such as clinic visits;
  • notes about your health;
  • details of the advice and treatment (e.g. contraceptive pills) we have given you;
  • results of tests we have taken;
  • information about any risks to your safety.

We promise that:

  • we will only collect the information we need to provide you with the service you want and to keep you safe;
  • we will keep your information secure and protect it from being lost, damaged, or being seen by people who aren’t allowed to see it;
  • we will keep your information up to date and accurate – this means that you need to give us accurate information and let us know if your information changes;
  • we won’t keep your information for any longer than we need.

Sometimes information about you may be given to us by other organisations. This is the case if you are referred to Brook’s services, for example by another healthcare provider, or a school.  Sometimes information may be shared with us by other organisations if they are concerned that you are at risk of harm.


How your records are used

We will use your information to:

  • decide the best advice and treatment to give you;
  • check if you (or anyone else) is in serious danger;
  • assess the type and quality of care you have received.

We may use your information to:

  • investigate your concerns if you need to complain about our services;
  • refer you to another support service (in consultation with you);
  • check the quality of care we provide (this is known as clinical audit and involves us reviewing client records.  This is done in such a way that you can’t be individually identified);
  • investigate serious incidents (this is when we notice that something has gone wrong, or nearly went wrong, with the service we provide to you);

​We use information you give us to help us to plan our services to make sure we meet the needs of local young people, and also to report on our performance to the organisations who fund us and to the Department of Health. When we do this, we only use your information in a way that means you can’t be individually identified.

Sometimes Brook would like to use your information in other ways, but we will only ever do after contacting you, and only if you give your consent. This will include:

  • conducting health research and development;
  • communicating publically about the difference that we make to young people. This would never be done in a way that would identify individual young people without their explicit permission.

In addition to the staff who work in our clinics and education teams, our managers and our small team of data analysts may have access to your data. Everyone who works at Brook has signed an agreement to keep your information confidential.


How do we store your records?

Paper and electronic records

We store your information in computer systems and in paper records. Paper records are kept in locked cabinets. Electronic records are saved on a secure database.

When we work in partnership with another Health Service provider your electronic record will either be held on a secure database owned by that partner, or the partner will have access to Brook’s database.  This is so that the partners can provide you with the best possible care and help to keep you safe.  Where information is shared between partners in this way there will always be a contract in place, and both partners are required to keep your information confidential.

Our database of electronic records sits within our IT network. We outsource our IT support services to an external organisation. This company is based within the European Economic Area and they are also required to comply with UK data protection legislation to keep your information safe.

How long do you keep the records?

We follow NHS guidelines for retaining records.  This usually means that we keep your records for either 10 years after you last accessed our services or until your 25th birthday, whichever is longer. After that time they are securely destroyed.

Currently there is a national Inquiry into Child Sexual Abuse.  Organisations that hold records that may be of use to the Inquiry have been asked not to destroy any records that they have.  This means that at the moment, we are required to hold on to your records indefinitely.  This will change once the Inquiry tells us that it’s ok to start following standard procedures again.

All staff who have access to your records have been trained to work to the same confidentiality policy where your rights to confidentiality are adhered to.


Further information and contact

Brook Young People is registered with the Information Commissioner’s Office as a Data Controller (registration number ZA022088).

If you have any questions about the use of your data you can contact Brook’s Data Protection Officer at dataprotection@brook.org.uk or you can write to us at Data Protection Officer, Brook, 81 London Road, Liverpool, L2 8JA.

You have the right to make a complaint if you feel unhappy about how we hold, use or share your information. It would be helpful if you contact Brook’s Data Protection Officer in the first instance so we can try to fix the problem.

If you remain dissatisfied, you may then wish to contact our supervisory authority, the Information Commissioner’s Office (ICO).  You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; 0303 123 1113; www.ico.org.uk/concerns.

We will regularly review this privacy notice. Please do check this page for updates.

OUR FRIENDLY STAFF ARE HERE TO HELP

Find a Service near you

100% FREE & CONFIDENTIAL