How your personal information is used
Your clinical care team and other health and care professionals caring for you keep records about your health and any treatment and care you receive from the NHS and other related agencies. The data we hold about you includes basic information such as name, address and other contact details. We also collect sensitive confidential data (known as ‘special category personal data’). This includes your health information, and if we need this information to care for you, your religious beliefs and sexual preferences. Your health information may include:
- Details about you such as your address, carer, legal representative and emergency contact details
- Contacts we have had with you – appointments, clinics, in-patient stays
- Details about your health, treatment and care
- Relevant information from other professionals, relatives or those who care for you
How do we lawfully use your data?
We need this information to help provide you with the best possible healthcare.
We process and share information in line with the Health and Social Care Act 2015, the Data Protection Act 2018 and the GDPR (General Data Protection Regulation) article 9 (processing of special categories of personal data):
9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.
Your information is shared for health and social care purposes. Not sharing information may lead to clinical risk, safeguarding issues or concerns about your care, and may have an impact on the care and treatment that we or our partners are able to provide. Where it supports your care we may also share your information with education and voluntary and private sector agencies (including care homes) working with us. In most other circumstances we will seek your consent to share your information.
We may be required by law to share information about you. This includes preventing and detecting fraud, disclosure under a court order, sharing with the Care Quality Commission for inspection purposes, with the police for the prevention and detection of serious crime, or where there is an overriding public interest to prevent abuse or serious harm to others.
If we use the information for research purposes that identifies you we will seek your consent first. If you do not want your information to be used for research purposes you can also register your choice nationally through the National Data Opt-Out initiative at www.nhs.uk/your-nhs-data-matters.
You may want to consider treatment through another provider if do not agree with the above.
What formats do we use to keep your information safe?
The records we hold about you are mostly electronic, but some may be kept on paper (especially older records). We use a combination of working practices and technology to make sure your information is kept confidential and secure.
If you give us your email address we will use that to contact you. If you give us your mobile phone number we may use it to send you SMS messages about your appointments. We will never disclose any special categories of your personal data in a text message.
How long will we store your information?
We keep your personal information according to the NHS records management code of practice.
We do not store or routinely send your information overseas. If you need a copy of your records to be transferred out of the UK please discuss this with us.
How can you access your personal information?
You have a right under Data Protection legislation to request a copy of the information we hold about you or to ask to see it. If you are currently receiving care from us, speak to someone in the team where your care is taking place and they will be able to help you. Otherwise please send your request to firstname.lastname@example.org
You will need to give us adequate information about you to verify your identity (name, address, date of birth, NHS number and what information you are requesting). We may ask you to provide documents to confirm your identity.
There is no charge for this. We will respond to you within one month.
If your personal information changes, please tell the team where you are receiving your care so we can update your records.
If you think the information we hold about you is inaccurate please state this clearly in writing to email@example.com We can change factual information if it’s incorrect. We are not able to change clinical opinions. If you think these are wrong please set out why you think this and we will add it to your clinical record to make this clear.
Where you have given consent for us to process your information (such as for research purposes) you can withdraw your consent. Please put this in writing to us.
Objections and complaints
If you have any concerns about how your information is managed you can speak to the clinical team where you are receiving your care.
Alternatively, our Patient Advice and Liaison Service (PALS) can help. They can be contacted at firstname.lastname@example.org
Our Data Protection Officer can also listen to your concerns or give you advice about your rights in respect of the data we hold about you. Contact her by email at email@example.com or by phoning 020 7655 4000 and asking to speak to the Data Protection Officer.
If you are still concerned you have the right to complain to the Information Commissioner:
Call their helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers). Or see the ICO website https://ico.org.uk/