Date: May 2018
Revision: May 2020
Ref Number: E-11/corporate/JA/how we manage your personal information v4
Why do we ask for your information?
We keep information about you, your health, treatment and care. We have a legal duty to keep accurate health records. This personal information forms part of your health record and will be kept to ensure your proper care in the future.
What is your personal information?
Personal information is information that can identify you. It includes your name, date of birth, address, phone numbers, email address, hospital / NHS number, medical history and treatment.
We may also ask for other information, e.g. whether you have a disability, your religion or beliefs, sexuality and race. If you follow a particular religion, there may be ways in which we can help you observe these during any treatment you have, or if you have a disability we will know that you may require additional support. It is important we have as complete a picture of you as possible to ensure that we are aware of and can plan to meet any particular care needs.
Data Protection Legislation and Regulation
We will manage your personal information in line with UK Data Protection Legislation and the EU General Data Protection Regulation (GDPR). We must be clear about the legal basis for processing your information and we record this.
How do we use your information for direct care?
Staff involved in your treatment need to have accurate and up to date information to assess your health and provide you with care. As an NHS hospital we have been authorised by the government to provide healthcare and as such must keep accurate records for this care. Under GDPR our legal basis for holding this information is Article 6(1) (e) and Article 9(2) (h).
You may receive care from staff from other care organisations and it will be necessary for us to share relevant information with them. This will include other health care, social care and educational organisations. Your identifiable information will only be shared for direct care purposes
What we do not use your information for.
Your health information is never collected for direct marketing and is not sold on to third parties. We do not use your information to make automated decisions with no human intervention.
How long do we keep your health record for?
This personal information forms part of your health record and will need to be kept in case we need to see you again. Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care 2016.
How do I know information about me will be kept in a confidential way?
Your personal information is valuable, so you should treat it just as you would any valuable item. We ensure the security of your information held on our computer systems and areas where paper records are held are robust to prevent unauthorised access.
Other uses of your information
Sometimes we need to pass on your information by law, for example:
- To notify a birth.
- When an infectious disease is encountered that may endanger the safety of others (such as meningitis or measles (but not HIV/AIDS).
- Where a formal court order has been issued.
- For Prevention and Detection of Crime
- Where Female Genital Mutilation is diagnosed.
Other uses of your information
Further information is available on the Trust’s website under our Privacy Notices.