How we manage your personal information
Date issued: September 2023
Review date: September 2025
Ref: E-11/corporate/JA/how we manage your personal information v10
PDF: How we manage your personal information final September 2023 v10.pdf[pdf] 145KB
Why do we ask for your information?
We keep information about you, your health, treatment and care. We have a legal duty to keep accurate health records. This personal information forms part of your health record and will be kept to ensure your proper care in the future.
What is your personal information?
Personal information is information that can identify you. It includes your name, date of birth, address, phone numbers, email address, hospital / NHS number, medical history and treatment.
We may also ask for other information, e.g. whether you have a disability, your religion or beliefs, sexuality and race. If you follow a particular religion, there may be ways in which we can help you observe these during any treatment you have, or if you have a disability we will know that you may require additional support. It is important we have as complete a picture of you as possible to ensure that we are aware of and can plan to meet any particular care needs.
Data Protection Legislation and Regulation
We will manage your personal information in line with UK Data Protection Legislation and the EU General Data Protection Regulation (GDPR). We must be clear about the legal basis for processing your information and we record this.
How do we use your information for direct care?
Staff involved in your treatment need to have accurate and up to date information to assess your health and provide you with care. As an NHS hospital we have been authorised by the government to provide healthcare and as such must keep accurate records. Under GDPR our legal basis for holding this information is Article 6(1) (e) and Article 9(2) (h).
You may receive care from other organisations such as health/social care and education. It will be necessary for us to share relevant information. Identifiable information will only be shared for direct care purposes.
What we don’t use your information for?
Your health information is never collected for direct marketing and is not sold on to third parties. We do not use your information to make automated decisions.
How long do we keep your information?
Information is held for specified periods of time as set out in the Records Management Code of Practice 2021.
How do I know information about me will be kept in a confidential way?
Your personal information is valuable, so you should treat it just as you would any valuable item. We ensure the security of your information held on computers and in paper records.
How does your information help us to improve services?
We may use your information to help look after the health of the general public and to make sure that our services can meet future patient needs, for example:
-
Review the care we provide to ensure it is of the highest standard
-
Teach and train our staff
-
Audit NHS accounts and services
-
Investigate complaints, legal claims or untoward incidents
Other uses of your information
Sometimes we need to pass on your information by law, for example:
-
To notify a birth.
-
When an infectious disease is encountered that may endanger the safety of others (such as meningitis or measles (but not HIV/AIDS).
-
A formal court order has been issued.
-
For Prevention and Detection of Crime.
-
Female Genital Mutilation diagnosis.
-
In order for the Care Quality Commission (CQC) to inspect the Trust.
National Data Opt-Out Programme
You can opt out of your personal information being used for some research and planning purposes. To find out more visit NHS Digital’s website.
What are your information rights?
You have the right to know how we will use your personal information and to ask us to consider changing the way we use it. Further Information is available on our website in our Patient Information Privacy Notice.
Access to information held about you
UK Data Protection Law gives you the right to apply to see or have a copy of personal information held in your health record.
The Access to Health Records Act 1990 gives a patient’s representative the right to access health records of a patient after death.
For further information and application forms for obtaining copies of your personal information, please contact:
Disclosure Team
Central Records Library, Bush Park
Plymouth, Devon, PL6 7RG
Telephone: 01752 431678
Email: uhpdisclosureteam@nhs.net
Please note: Under the EU General Data Protection Regulation (GDPR), there will be no charge for these requests except in specific circumstances, such as if the requests are manifestly unfounded, excessive or if it is a request for further copies.
Contacts and further information
Privacy notices are on the Trust website
https://www.plymouthhospitals.nhs.uk/
If you have any questions or concerns about how we manage your information then please contact us:
Data Protection Officer
Head of Information Governance
University Hospitals Plymouth NHS Trust
Ground Floor
Brittany House
Brest Road
Plymouth PL6 5YE
Tel: 01752 437284
Email: informationgovernancepht@nhs.net
The UK regulator for Data Protection Legislation can be contacted as follows:
Information Commissioner’s Office (ICO)
Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow SK9 5AF
Website: www.ico.gov.uk
Tel: 03031231113
Email http://www.ico.gov.uk/
