his document sets out the way we collect, use, store and share your information and the legal reasons supporting this. The European Union General Data Protection Regulation (GDPR) replaced the Data Protection Act on 25 May 2018 and there is a new UK Data Protection Bill which mirrors GDPR. This this notice tells you about our obligations and your rights under the new legislation.
Confidentiality affects everyone: We collect, store and use large amounts of personal data every day, such as medical or personal records which may be paper-based or held on a computer. We take our duty to protect your personal information and confidentiality very seriously and work hard to ensure it is held securely and only accessed on a need to know basis.
What kind of information does the Trust hold about you?
We hold the following information about you:
Why we collect information about you
We need accurate and up to date information about you so that we can give you the best possible care and make sure we contact you at the right address and phone number. We will check your details with you when you visit and please let us know of any changes, for example, to your address or phone number or GP practice.
Your mobile phone number is an important part of your health record and the way we communicate with you. We will use this to send you text message reminders a few days before your appointment. Most of our patients appreciate these reminders and we know that it reduces the number of missed appointments but if you do not wish to receive text messages let us know when you next attend the hospital.
How we keep your records confidential
Information you give to us in confidence will only be used for the purposes described below and to which you agreed, unless there are other circumstances covered by the law.
We comply with the NHS Confidentiality Code of Conduct. All our staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
All manual and computerised records are stored in secure environments with access strictly controlled.
If someone other than you (e.g. relative or friend) contacts us to find out about your care or treatment we will not be able to talk to them unless we have your permission (apart from parents/guardians of children who are recorded as next of kin).
How we use your personal information
Your records are used to direct, manage and deliver your care so that:
We also use information we hold about you to:
We will not contact you with marketing material.
When do we share information about you?
Direct care purposes:
We will share information about you with other health and social care professionals directly involved in your care so that you may receive the best quality care. For example:
You may be receiving care from other services as well as the NHS and we may need to share some of the information we hold about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it or we have your permission. Subject to strict agreements about how it will be used we may share your information with:
We will not give your information to third parties without your permission. If you object to us sharing information please let your clinician know. However there are some exceptional circumstances when we have to share information such as when either your or somebody else’s health and safety is at risk; or the law requires us to pass on information for example, certain infectious diseases, child or adult safeguarding, formal court order, or where a serious crime has been committed.
Indirect Care Purposes:
We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. This would normally be to assist them to carry out their statutory duties.
Nationally, from 25 May 2018 NHS Digital is implementing a new system to give patients more control over how their confidential patient information is used allowing them to choose if their data can be used nationally for research and planning. See Useful Links below for more information.
Your right to object to recording or sharing information
If you feel that you are being asked for information you would prefer not to have recorded, or have concerns about how it is used or shared, please let your clinician know and we will record this in your records so that all staff involved in your care are aware of your decision. Please be aware that if you make this choice, it may make it difficult to give you treatment so talk this through with your clinician so that they can let you know of any potential impact. You can also change your mind at any time about a disclosure decision.
Your right to rectification.
This means if you think any information we hold about you is inaccurate please let us know. If your clinician is concerned that by changing your information it could cause you or our staff harm we may not change the information but we will document your objection in your records.
Your right to see your information
You have the right to see or have copies of your information – this is called a Subject Access Request. There is no charge for this and we must respond to you within one month. You must provide evidence of your identity when you make a request. See contact details below.
How long do we retain your records?
All our records are destroyed in accordance with NHS guidelines on retention and we do not keep your records for longer than necessary. All records are destroyed confidentially once their retention period has been met and the Trust has made the decision that the records are no longer required.
The Legal Bit
Under the General Data Protection Regulations the ‘Lawful Basis’ to process and use your information is:
You may have heard of a new right called the right to erasure i.e. to be forgotten. However this doesn’t apply to health data as we are using the above as the legal basis.
We have an additional requirement under the Common Law Duty of Confidentiality to keep your personal information confidential and to obtain your consent to use and share it. This includes implied consent i.e. when your GP sends us a referral it is implied that we can use and store that information. We also will get your consent to use your information for purposes other than healthcare e.g. research.
The hospital is the Data Controller responsible for keeping your information confidential and is registered with the Information Commissioner - Ref. No. Z8937486