Information we collect

We gather and maintain personal information about you whenever you interact with our services.

This typically includes details such as your name, date of birth, NHS number, contact information (like your address and phone number), religion, gender, ethnic background, and details concerning your health and the treatments you have received.

This information may be collected from you, your family members, cares, or other health and social care services.

The data is stored electronically within our systems or, in some cases, in paper format, depending on the services accessed.

Full list of information we collect

To effectively support your healthcare, we collect the following types of information:

  • Basic personal information: This includes your name, address, date of birth, next of kin, and GP.
  • Contact details: Phone numbers (both home and mobile) and email addresses provided for communication purposes.
  • Contact records: Dates of our interactions, such as visits to outpatient clinics, the emergency department (A&E), or hospital stays.
  • Clinical documentation: Notes created by doctors and other healthcare providers during your visits, detailing symptoms, allergies, medications, diagnoses, treatments, and chronic conditions like diabetes or asthma, along with examination results.
  • Test results: Outcomes from tests, including blood tests, X-rays, scans, and vital sign measurements such as heart rate and blood pressure.
  • Visual media: Photos, images (including 3D), and videos.
  • Information from other professionals: Input from other healthcare providers involved in your treatment, such as your GP.
  • Lifestyle factors: Relevant lifestyle information, such as smoking habits, alcohol use, or drug use.
  • Occupational and living environment: Details about your job and home situation, which may impact your health.
  • Ethnic background: Information about your ethnicity, as it can relate to specific health issues.
  • Religious beliefs: Information regarding your religious beliefs, which may influence your treatment preferences.
  • External caregivers: Information from family members or others involved in your care.
  • Personal data about 0thers: Data about individuals who are part of your health and social care network, such as family, friends, or companions.

Providing your Information

We require your information to deliver effective healthcare. The details you share help us understand any health conditions you may have.

If you choose not to provide us with certain information or wish to restrict sharing, that is entirely your decision. However, please be aware that this could significantly impact the quality of care we can offer, and in some cases, we may be unable to provide treatment.

If you have concerns about sharing specific information, especially regarding referrals to other services, please discuss this with the healthcare professional overseeing your care. We will do our best to address any concerns you may have.

Safeguarding your information

We prioritise the security of your information, adhering to stringent regulations regarding its usage.

In compliance with the UK General Data Protection Regulations (GDPR) 2021 and the Data Protection Act 2018, we ensure that your health records remain secure and confidential.

Every staff member associated with the NHS has a responsibility to maintain your privacy. We will only share your information with other organisations as permitted by law and only when it enhances the quality of your care.

We strive to keep your information accurate and updated, verifying it with you during your visits to our facilities. Our goal is to retain your information for your lifetime, or for the maximum duration allowed by law, to ensure continuity of care.

We expect our partner organisations to uphold the same high standards of security for your records, and we ensure that such protections are established before any information is shared.

Retention of your information

The duration for which we retain your information is determined by the type of information and its intended purpose.

We adhere to the guidance outlined in the Records Management Code of Practice 2023, which informs our practices concerning records management, including retention periods based on current legal requirements and best practices. We keep records for at least the minimum retention periods mandated.

Extensions to the minimum retention periods are requested by relevant clinical leads and approved on a case-by-case basis.

Using your information for your care

Our objective is to provide you with safe, high-quality care. We use your personal information to:

  • Arrange and facilitate optimal care for you
  • Guide decisions regarding your treatment
  • Ensure the safety and effectiveness of your care
  • Collaborate efficiently with other professionals involved in your care, such as your GP

At times, we may engage other organizations, including international ones, and we have strict contracts in place to safeguard your information.

Healthcare professionals maintain comprehensive records of your clinical care to create a continuous overview of your health history, aiding in the management of your care.

Your information may also be used for clinical audits, enabling the evaluation of treatment quality and outcomes, as well as for investigating incidents and complaints.

Improving care through data utilisation

We may use your information to enhance the overall quality of care provided to all patients. For instance, we may:

  • Review the care delivered to ensure it meets the highest standards
  • Report on the effectiveness of our services
  • Investigate complaints, legal claims, and adverse incidents
  • Monitor public health
  • Plan future services to address patient needs
  • Enhance patient care and outcomes through assessment and improvement initiatives
  • Ensure proper use of funds allocated to our Trust
  • Train and educate healthcare professionals
  • Conduct research, subject to review by relevant authorities when necessary
  • Compile performance statistics

We also participate in national initiatives that gather data from NHS organizations across the country. Your care team will inform you about any local or national schemes relevant to the care you receive.

When sharing information outside of your care team, we will remove any identifying details unless we have another legal basis, your explicit consent, or specific authorization from the Secretary of State for Health or the Health Research Authority via the Confidentiality Advisory Group (CAG).

Legal grounds for data use

NHS Foundation Trust processes personal data under its official authority as stipulated in the Health and Social Care Act 2012, which is essential for delivering care, treatment, and managing our healthcare systems and services.

At times, we may request your consent to utilize your data for additional purposes, which will be clearly communicated at that time and will differ from our primary objectives or any consent required for specific treatments or other NHS services provided to you.

As healthcare providers, we are permitted to process your information based on UK GDPR Articles 6 (Personal Data) and Article 9 (Special Category Data).

The Trust meets legal obligations as part of our responsibility to deliver healthcare. Depending on the activity, other legal bases may apply, such as:

  • Supporting the safeguarding of children and vulnerable adults
  • Fulfilling employer responsibilities
  • Protecting vital interests (life preservation)
  • Supporting research
  • Complying with legal requirements
  • Conducting image recording (not related to direct healthcare), such as CCTV, body-worn cameras, and automatic number plate recognition

In certain circumstances, we may seek your consent to process your information for alternative purposes not covered by existing legal bases. If this occurs, we will request your agreement prior to any such usage.

You have the right to file a complaint with the Information Commissioner’s Office, the regulatory authority for data protection in the UK.