Research Privacy Notice
Privacy Notice- Health and Social Care Research
Who we are
St Georges University Hospitals NHS Foundation Trust is the ‘Controller’ of the personal data that you provide us with, and is registered with the Information Commissioner’s Office (ICO) for the purposes of UK data protection legislation.
What research information we collect from you and why
As an active NHS healthcare organisation research is at the core of our activity. We use personally-identifiable information to conduct health and social care research in pursuit to improve healthcare and its services. The type of personal data we collect will be specific to the nature and requirements of the research project we are undertaking however we will ensure is the data we use is relevant to the objectives of the research project. This means that when you agree to take part in a research study we are leading or collaborating in, we will use your data in the ways needed to conduct and analyse the research study.
We will collect information in many ways, which include from your healthcare professional, referrals, medical records and from you directly.
Our research is approved by the hospital Joint Research and Enterprise Service (JRES) as well as external regulators such as the Health Research Authority (HRA) where necessary to ensure you as a patient are protected.
This will include entering data onto clinical research systems to help us manage and track your research journey. These systems are like any other healthcare system, recording only essential information and accessible only by staff involved in supporting the research. We will not collect additional, non-relevant personal data about you.
Health and care research should serve the public interest, which means that we have to demonstrate that our research serves the interests of society as a whole. We do this by following the UK Policy Framework for Health and Social Care Research.
What is our legal status for collecting research data
As a publicly-funded organisation we have to ensure that it is a public task in the public interest when we use personally-identifiable information from people who take part in one of our research projects. This is known as our “legal basis” for the collection and processing of personal data under current data protection regulations (Article 6 GPDR).
Due to the sensitive nature of healthcare information it is further categorised, under current data protection regulations, as special category data. Where we collect this type of data we do so when “the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes….” (Article 9 GDPR)
How do we keep your data safe
We must ensure there are safeguards in place when we use your personal and or sensitive date in our research projects. These include:
- Policies and procedures advising our researchers and staff on how to design studies and how to collect and manage your data appropriately
- Training to ensure our researchers and staff understand the importance of data protection and integrity
- Ensuring we have effective, safe and secure physical locations to store and archive research data
- Ensuring all research undertaken is appropriately scrutinised by an ethics and or regulatory body in accordance with the UK Policy Framework for Health and Social Care Research.
- Ensuring we have contractual arrangements in place with any 3rd party organisations (within or outside the EU) responsible for managing and or processing research data.
Who we share your information with
When you agree to take part in a research study, the information about your health and care may be provided to researchers running research studies in this organisation and in other organisations. These organisations may be universities, hospitals or companies involved in health and care research in this country or abroad. We collaborate closely with a number of partners, including St Georges University of London, and often share research information when required. Your information will only be used by organisations and researchers to conduct research in accordance with the UK Policy Framework for Health and Social Care Research.
When we share information we will take every step to ensure your data is protected by either de-identifying/de-linking it to you and or by ensuring our data “processors” (3rd parties) are contractually responsible for maintaining confidentiality and data integrity.
Where we publish the results of any research it will contain no identifiable information.
How long we keep your information for
Research data will be kept for as long as it is required, to meet the objectives and requirements of the research project, and / or to meet the legal and/or ethical requirements under vigorous regulations governing clinical research. The retention schedule for each study may be different and this will be outlined to you within the participant information sheet.
It is important for us to retain research data so that we are able to refer back to it to ensure the integrity of the project, and safety of the participants, is maintained.
What your rights are
Under current data protection regulations you do have certain rights to manage your data as you see fit. However for the purpose of research your rights to access, object, change, move and or delete/erase your information are limited. This is because we need to manage the data in specific ways to ensure the research we conduct is reliable and accurate, and that we are accountable to the charities and funders provided to the organisation to undertake the research. If you withdraw your consent to participate in a research project we may not remove all your data. We may keep the information about you that we have already obtained to ensure research integrity is maintained in the public’s interest, and that publically funded research meets is goals. To safeguard your rights, we will strive to use the minimum personally-identifiable information possible.
Additional information on the nature of the research project and specifics of how your data will be managed if you participate will be contained within the participant/patient information sheet and or supplementary research transparency information sheet you are provided with. Please feel free to ask the researchers for any clarification you may require.
For more information about the general use of patient data in research in the health service please visit https://www.hra.nhs.uk/information-about-patients/
How to make a complaint
If you are unhappy with the way in which your personal data is being processed you may, in the first instance, lodge a complaint with the Trust Protection Officer using the contact details below.
If you continue to have concerns thereafter you have the right to contact the Information Commissioner for a decision. The Information Commissioner can be contacted as below
Helpline: 0303 123 1113
ICO Registration number: Z6900098
How to contact us
The Trust has a Data Protection Officer who can be contacted via
020 8672 3404 or firstname.lastname@example.org