Everything you need to know

Data sharing agreement

Data sharing agreement

The referring optometrist will provide a referral and post-operative report for refractive surgery (cataract and RLE).

1. Price and Payment

Vision Scotland will pay the Fees:

Bilateral cataract surgery or bilateral RLE post operative report – £135 Bilateral cataract surgery or unilateral post operative report – £95

It is a pre-requisite that we already have a referral with relevant diagnostic measurements in order tmake payment for the post op report.

2. Optometrist Obligations

2.1 The referring Optometrist shall:-

2.1.1 use reasonable endeavours to provide the Service in accordance with Schedule 1.

2.1.2 obtain and maintain all necessary licenses and consents and comply with all applicable laws, enactments, orders, regulations and guidance;

2.1.3 perform its obligations under this Agreement in compliance with all applicable laws, enactments, orders, regulations and guidance; and

2.1.4 throughout the term of this Agreement and for as long time thereafter as may be regarded as necessary and customary in the health care sector, maintain an appropriate public liability and professional negligence insurance relating to the provision of the Service with an insurance carrier of good standing against whom Vision Scotland can raise no reasonable objection.

3. Vision Scotland Obligations

3.1 Vision Scotland shall co-operate with the referring optometrist in all matters relating to the Service and appoint a Main Contractor manager who shall have the authority contractually to bind the Main Contractor on matters relating to the Service.

4. Liabilities

4.1 Neither Party limits its liability for death or personal injury caused by its negligence or that of its employees, agents or subcontractors as applicable.

4.2 Neither Party shall be liable to the other for any indirect or consequential loss or damage including, without limitation, any indirect loss of business or profits in each case whether arising from negligence, breach of contract or otherwise.

5. Intellectual Property Rights

5.1 All Intellectual Property Rights belonging to a Party prior to the execution of this Agreement shall remain vested in that Party.

5.2 Each Party will grant to the other a non-exclusive, non-transferable and revocable right to use and reproduce its name and trade mark solely as necessary to permit the other’s performance of its obligations under this Agreement.

5.3 Neither Party shall use any name or trade mark belonging to the other Party or their Affiliates in any way that may damage the goodwill of the other Party or that of its Affiliates.

6. Confidential Information

6.1 Each of the Parties agrees that it shall keep any information designated as confidential or which is otherwise clearly confidential in nature received by it from the other before or during the term of this Agreement and which relates to the business, assets, affairs, financial results, plans, customers and suppliers of the other Party or its Affiliates or of any third party strictly confidential and that it shall not use any such Confidential Information for its own benefit (save as is necessary in order to perform its obligations and/or exercise its rights under this Agreement) or disclose any such Confidential Information to any third party and that it shall ensure that no third party shall have access to it. Notwithstanding the foregoing, the Parties shall be entitled to disclose the Confidential Information to its employees, or to the employees of its Affiliates, to the extent that those employees have a genuine need to know the same to enable the Parties to perform their obligations or exercise their rights under this Agreement and who have been advised of the existence and terms of this Agreement, and who are legally obligated to protect the Confidential Information from unauthorised disclosure or use on terms at least as stringent as those contained herein. The recipient shall be liable for acts by any of its Affiliates in violation of this Agreement as if they were actions or omissions of that Party.

6.2 The restrictions in clause 6.1 shall not apply to any Confidential Information which:-

6.2.1 the recipient can prove is already known to it at the time of disclosure of the Confidential Information to it;

6.2.2 is in the public domain at the time of disclosure of the Confidential Information to the recipient or which subsequently comes into the public domain through no fault of the recipient;

6.2.3 is subsequently disclosed to the recipient (other than subject to conditions of confidentiality and without any restriction on disclosure) by a third party which is itself not subject to any restriction on disclosure imposed by the disclosing party hereunder; or

6.2.4 is required to be disclosed as a matter of law or by the rules of a recognised stock exchange provided the recipient notifies the disclosing party, if legally permissible, as soon as possible following any relevant demand or request for disclosure.

7. Data Protection

7.1 The Parties agree that in relation to:

7.1.1 Personal Data processed by the referring optometrist in providing Services under this Agreement (for example, patient details, medical history and treatment details), the referring optometrist shall be the sole Data Controller; and

7.1.2 Personal Data, the processing of which is required by VS for the purposes of quality assurance, performance management and contract management, the referring optometrist and VS will be independent Data Controllers (as applicable).

7.2 Schedule 1 sets out the categories of Data Subjects, types of Personal Data, Processing operations (including scope, nature and purpose of Processing) and the duration of Processing.

7.3 Each Party shall comply with all the obligations imposed on a Data Controller under the Data Protection Laws in relation to all Personal Data that is processed by it in the course of performing its obligations under this Agreement.

7.4 Any material breach of the Data Protection Laws by one Party shall, if not remedied within fourteen (14) days of written notice from the other Party, gives grounds to the other Party to terminate this Agreement with immediate effect.

7.5 In relation to the Processing of any Personal Data, each Party shall:

7.5.1 ensure that it has all necessary notices and consents in place to enable lawful sharing of Personal Data to the Permitted Recipients for the Agreed Purpose;

7.5.2 give full information to any Data Subject whose Personal Data may be processed under this Agreement of the nature of such Processing;

7.5.3 process the Personal Data only for the Agreed Purpose;

7.5.4 not disclose or allow access to the Personal Data to anyone other than the Permitted Recipients;

7.5.5 ensure that all Permitted Recipients are reliable and have had sufficient training pertinent to the care and handling of Personal Data;

7.5.6 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by this Agreement;

7.5.7 ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful Processing of personal Data and against accidental loss or destruction of, or damage to, Personal Data in accordance with Article 32 GDPR;

7.5.8 not transfer any Personal Data outside the European Economic Area unless the transferor ensures that (i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 GDPR; (ii) there are appropriate safeguards in place pursuant to Article 46 GDPR; or (iii) one of the derogations for specific situations in Article 49 GDPR applies to the transfer; and

7.5.9 assist the other Party (at its own cost) in responding to any request from a Data Subject and in ensuring its compliance with all applicable requirements and obligations under the Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or the UK’s Information Commissioner’s Office.

7.6 Each Party shall notify the other Party without undue delay on becoming aware of any Personal Data Breach under this Agreement.

8. Anti-corruption

8.1 Each Party acknowledges that the Party is committed to eliminating all risk of bribery and corruption in its business relationships.

8.2 Each Party acknowledges and agrees that the other Party shall not be under any obligation to carry out any action or make any omission under this Agreement to the extent that it reasonably believes would be in breach of any Anti-Corruption Legislation.

8.3 Each Party acknowledges and agrees that neither it nor any third party has breached any Anti-Corruption Legislation in order for it to enter into this Agreement.

8.4 Each Party warrants and undertakes that:

8.4.1 it will not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 or is otherwise contrary to any Anti-Corruption Legislation;

8.4.2 it has, and will maintain in place, Adequate Procedures designed to prevent any Associated Person from undertaking any conduct that would give rise to an offence under section 7 of the Bribery Act 2010;

8.4.3 it will keep accurate and detailed books, accounts, and records on all business activity conducted pursuant to this Agreement.

9. Termination

9.1 Without prejudice to its other rights or remedies which the Parties may have, either Party may terminate the Agreement immediately by written notice to the other Party, if the other Party commits a material breach of any of the terms of this Agreement and (if such a breach is remediable) fails to remedy that breach within fourteen (14) days of that Party being notified in writing of the breach

10. No Partnership

This Agreement does not create a partnership between the Parties and neither Party shall have any authority to act in the name or on behalf of, or otherwise bind, the other Party to any obligation.

11. Governing Law

This Agreement shall be governed by, construed and interpreted in accordance with Scottish law and the Parties hereby agree, for the purposes of this Agreement only, to submit themselves and any claim or matter arising under or in connection with this Agreement to the exclusive jurisdiction of the English courts.


The Service

The Service Specification

  • Provision of referral complete with patient minimum data set and relevant ophthalmic diagnostic measure
  • Provision of post-operative report complete with patient minimum data set and relevant ophthalmic diagnostic measure
  • Qualifying Optometrists must hold GOC Registration, An Enhanced DBS Check, safeguarding Adults Level 2
    record keeping
  • reporting

Management of data

Data subjects
The Personal Data processed the referring optometrist as a co-data controller and/or the Main Contractor concerns:

  • recipients of the Service
  • Optometrists, opticians, store management, store accountants
  • Main – Consultant surgeons, VS administrative staff, VS specialist optometrists, IT team for website portal

Types of Personal Data
Personal Data will be Processed by the referring optometrist under Article 6(1)(e) and Article 9(2)(h) of the GDPR and will include:

  • data which identifies the recipients of the Service – such as name, contact details (which may include address, email address or phone number) and date of birth/age;
  • data relating to the health of the recipient and details of any test or treatment (special category data);
    GP details (including name and practice details) where required
  • financial data of recipients of the Service where payment may be required for the Service
    financial data of the Parties in order to invoice and receive payment for Services.

Processing operations
Personal data will be processed by the referring optometrist and/or VS in order:
to provide the Services under this Agreement;

  • to maintain records required for provision of the Service;
  • to invoice and receive payment from the Main Contractor; and
  • quality assurance, performance management and contract management by the Main Contractor and/or the Head Contractor.

Data process

Optometrist > VS administrative staff > Consent taken for transfer to relevant hospital admin team > VS Consultant

Duration of Processing
The personal data processed by either party will be subject to the above processing operations for the duration of the Agreement and subsequently where such retention is required by applicable law or for actual or prospective legal claims or as otherwise set out by either Party.

Signed by Jonathan J Ross
for and on behalf of
Vision Scotland

To find out more information please contact Vision Scotland today.