How the Trust manages your personal information?

Patient Information Privacy Notice

The Trust keeps information about you, your health, treatment and care.  Health records are held on paper and electronically. We have a legal duty to keep accurate health records. Personal Information must be kept confidential and secure in line with Data Protection Legislation.

Under this legislation University Hospitals Plymouth NHS Trust is the data controller of this information.    

What sort of personal information do we collect about you?

  • your name, date of birth, address, phone numbers and email address
  • your hospital number and NHS number
  • information about your health, care, treatment and results of investigations
  • information about your GP

We may also ask for other information, e.g. whether you have a disability, your religion or beliefs, sexuality, ethnicity and race. It is important we have as complete a picture of you as possible to ensure that we are aware of and can plan to meet any particular care needs.

Data Protection Legislation and Regulation

The Trust must manage your personal information in line with the:

  • UK Data Protection Act 18
  • UK General Data Protection Regulation (GDPR)

We must be clear about the legal basis for processing your information and we record this. 

Our staff members are trained to handle your information correctly and protect your privacy.  We aim to maintain high standards and we regularly check and report on how we are doing. Where we fall below the acceptable standards we investigate and report serious incidents to the Information Commissioner’s Office (ICO)

How do we use your information for direct care?

Staff involved in your treatment need to have accurate and up to date information to assess your health and provide you with care. As an NHS hospital we have been authorised by the government to provide healthcare and as such must keep accurate records for this care.

Under GDPR our legal basis for holding this information is:

  • Article 6(1)(e) – processing is necessary for the performance of public tasks we carry out as a hospital
  • Article 9(2)(h) – processing is necessary for us to provide you with healthcare

You may receive care from staff from other care organisations and it will be necessary for us to share relevant information with them. This will include other health care, social care and educational organisations. Your identifiable information will only be shared for direct care purposes.  

The Trust also has contracts with third party companies in order to support the delivery of your care. 

What we do not use your information for.

Your health information is never collected for direct marketing and is not sold on to third parties. We do not use your information to make automated decisions with no human intervention.

How long do we keep your health record for?

This personal information forms part of your health record and will need to be kept in case we need to see you again. Information is held for specified periods of time as set out in the

NHSE Records Management CoP 2023 (

How do I know information about me will be kept in a confidential way?

Your personal information is valuable, so you should treat it just as you would any valuable item. 

We ensure the security of your information held on our computer systems and areas where paper records are held are robust to prevent unauthorised access.

What are your information rights?

You have a number of rights under the Data Protection Legislation.

The table below explains which rights you have when we process your personal data for healthcare purposes:

What are your information rights?

Information Rights

Applicable to healthcare?

To be informed why, where and how we use your information


To ask for access to your information

Yes, see Access to Medical Records

To ask for your information to be corrected if it is inaccurate or incomplete

Yes, see Access to Medical Records

To ask for your information to be deleted or removed where there is no need for us to continue processing it

Yes, you have the right to request this, and it will be considered. Please email

To ask us to restrict the use of your information in certain circumstances

Yes, you have the right to request this, and it will be considered. Please email

In limited circumstances to ask us to copy or transfer your information from one IT system to another


To object to how your information is used


To challenge decisions made without human intervention (automated decision making)

Automated decision making and profiling is not used in the Trust.


Private Hospitals used during Covid-19 pandemic

During the Covid-19 pandemic some of our NHS services were moved to operate at the following private hospital sites:

As part of this, private hospitals have retained a record of activity that took place on their premises. If you would like to know more about a specific organisation’s legal basis for processing and holding records please read the organisation’s privacy notice (see links above).

If you were a patient who received treatment at one of these organisations during the Covid-19 pandemic and would like to know exactly what information is held about you, you can make a subject access request direct to the relevant organisation. Details of how to do this will also be found in each organisation’s privacy notice.

Other uses of your information

Sometimes we need to pass on your information by law, for example:

  • In order for the Care Quality Commission (CQC) to inspect the Trust. CQC: privacy notice).
  • To notify a birth.
  • When an infectious disease is encountered that may endanger the safety of others (such as meningitis or measles (but not HIV/AIDS).
  • Where a formal court order has been issued.
  • For Prevention and Detection of Crime.
  • Where Female Genital Mutilation is diagnosed.

How does your information help us to improve both our and the wider NHS services?

We may use your information to help look after the health of the general public and to make sure that our services can meet future patient needs. 

We share patient information with other health and social care organisations in order to improve services provided to people across the region. This is sometimes known as Population Health Management. 

Your information may also be used to help us to:

  • Review the care we provide to ensure it is of the highest standard
  • Teach and train our staff as well as students on placement
  • Accredit our services
  • Audit NHS accounts and services
  • Investigate complaints, legal claims or untoward incidents
  • Support future commissioning decisions

Other Trust departments who use information for purposes other than direct care

Teams such as Research and the Charity team explain how they use information on their web page. Please see their webpages for more information;

Summary Care Record

The Trust utilises the Summary Care Record (SCR) system to support patient care. The SCR is a copy of key information from your GP record. It provides authorised healthcare staff with faster, secure access to essential information about you when you need unplanned care or when your GP practice is closed. You can find out more about SCR here Summary Care Record

National Data Opt-out Programme

The NHS offers patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. To find out more:  NHS Digital national data opt out

Contact for Data Protection Questions or Concerns

If you have any questions or concerns about how we manage your Information then please contact the Data Protection Officer for the Trust.

Data Protection Officer
University Hospitals Plymouth NHS Trust
Information Governance Team
Ground Floor, Brittany House
Brest Road


Should you be unhappy with how the Trust manages your personal information you have the right to complain to the UK regulator for Data Protection Legislation:

Information Commissioner’s Office (ICO)
Information Commissioner’s Office
Wycliffe House Water Lane


Tel: 0303 123 1113


Was this page helpful?

Was this page helpful?

Please answer the question below, this helps us to reduce the number of spam emails that we receive so that we can spend more time responding to genuine enquiries and feedback. Thank you.