At ILLY we take great care to help manage vulnerable clients and their families. Central to this is their confidentiality and also the importance of how their information is shared by fellow professionals who are helping them recover.
Often the client's vulnerability fears are heightened by both physical and mental health issues. Its for these reasons, commissioners through their tendering are very clear about client consent, data ownership and who has the right to process this.
A Data Processing Agreement (DPA), is a legally binding document between the Controller (Person or Organisation responsible for the client) and the Processor (Person or Organisation working on behalf of the Controller) to provide the service needs to support the clients through their recovery. Most of this is usually arranged by the Local Authorities as part of the contract award and sharing of the data is managed by the award winner.
At ILLY we already have DPA agreements with a large number of Local Authorities, NHS Trusts and Services providers with whom we have long and established working relationships.
For PHE's Rough Sleeping initiative, we will happy engage with Local Authorities and signup to their locally agreed DPAs or use one that we have already drafted. Either way, we will be, like the other service providers, processors of the data.
Note: ILLY is already ISO 9001:2015, ISO 27001:2017 certified and fully compliant with compliant with NHS Data Security and Protection Toolkit - Organisation code: 8J642