GDPR Fair Processing Notice - Adults
Security of information
Confidentiality affects everyone. We as a Trust have a legal basis to gather, store and process large amounts of information on a daily basis. This includes medical records, personal records and computerised information for the purposes of preventive or occupational medicine; medical diagnosis; or if the process is necessary for the performance of a task carried out in the public interest. This information is used by many people throughout the course of their daily work.
Our duty to protect information and confidentiality is taken very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and the security of all information for which we are responsible, whether computerised or on paper. This includes regular staff training on the legal obligations they have to maintain confidentiality and security of information at all times.
At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.
Leeds Teaching Hospitals NHS Trusts takes staff training extremely seriously. This is to ensure that nobody will access or use your information without a relevant reason, and to stop accidental loss, damage and destruction of any of your medical, personal and electronic records.
Why do we collect information about you?
To make sure you get the best care doctors, nurses and the team of healthcare staff caring for you keep records about your health and any care or treatment you may receive from the NHS. These records help to make sure that you receive the best possible care. This information may be written down in your paper records or held on a computer. These may include:
• Basic details about you such as name, address, date of birth, next of kin, etc.,
• Contact we have had with you such as appointments or clinic visits,
• Notes and reports about your health, treatment and care,
• Results of x-rays, scans and laboratory tests,
• Relevant information from people who care for you and know you well such as health professionals and relatives.
Always check that your details are correct when you visit us and please tell us of any changes as soon as possible.
How your personal information is used
Your records are used to manage and deliver the care you receive to make sure that:
• The doctors, nurses and other healthcare members of staff involved in your care have correct and up to date information, to look at your health and decide on the right care for you,
• Healthcare staff have the information they need to be able to look at and improve the quality and type of care you receive,
• Your concerns and worries can be properly investigated if a complaint is raised,
• The right information is available if you see another doctor, or are referred to a specialist or another part of the NHS.
Who do we share personal information with?
Everyone working within the NHS has a legal duty to keep information confidential. Similarly, anyone who receives information from us has a legal duty concerning your confidentiality. The partner organisations with which we share information are:
• Other NHS Trusts and hospitals that are involved in your care,
• CCGs. (Clinical Commissioning Groups),
• General Practitioners (GPs),
• Ambulance Services,
• Adults’ and children’s social care services.
You may be receiving care from other sectors as well as the NHS. Therefore we may need to share information to other agencies about you, so we can all work together for your benefit. We will only do this if they have a legitimate need, or we have your permission. These agencies include:
• Social Care Services,
• Education Services,
• Local Authorities,
•Voluntary and private sector providers working with the NHS,
•General Medical Council.
We will not provide your information to any other third parties without your permission unless there are exceptional circumstances, such as, if the health and safety of you and others is at risk or if the law requires us to pass on information.
The Leeds Care Record
The Leeds Care Record is a shared system that allows Healthcare staff within the Leeds Health and Social Care community to appropriately access the most up-to-date and correct information about patients, to deliver the best possible care.
The Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing
If you would like any further information, or would like to discuss this further, please contact us using the details provided below.
Yorkshire and Humber Care Record
The Yorkshire and Humber Care Record (YHCR) is a secure, read only computer system that brings together information about patients who have used services provided by their GP, local hospitals, community healthcare, social services and mental health teams.
It enables clinical and care staff to review real time health and care information across the care providers and between different systems. If you would like any further information, or you wish to opt of this service, please contact Information Governance via 0113 20 65221/65824 or email Leedsthfirstname.lastname@example.org
Disclosure of information
You have the right to object to how and with whom we share the information that is within your records that could identify you. This will be noted within your records so that all staff involved with your care and treatment are aware of your decision. By choosing this option, it may mean that the delivery of your care or treatment more difficult. You can also change your mind at any time about your decision.
If your consent is relevant, you are required to provide this in writing. This is essential as you may change your preference regarding consent further down the line. You as an individual also have the right to withdraw your consent at any time.
How your personal information is used to improve the NHS
Your information will also be used to help us manage the NHS and protect the health of the public by being used to:
- Review the care we provide to make sure it is of the highest standard and quality,
- Make sure our services can meet your needs in the future,
- Investigate your queries, complaints and legal claims,
- Make sure the hospital receives payment for the care you receive,
- Prepare statistics on NHS performance,
- Audit NHS accounts and services,
- Undertaking heath research and development,
- Helping to train and educate healthcare staff.
The National Data Guardian opt-out programme is a new service that allows people to opt out of their confidential patient information being used for research and planning, which has over taken the Type two opt out. The trust is working to develop and implement this new programme. Please see https://digital.nhs.uk/services/national-data-opt-out-programme
Call recording and CCTV
Telephone calls to the Leeds Teaching Hospitals NHS Trust may be recorded and we also operate CCTV cameras on all our hospital sites. Data is captured for the following purposes:
• To prevent crime or misuse,
• To make sure that staff act in compliance with Trust procedures,
• To ensure quality control,
• Training, monitoring and service improvement,
SMS text messaging
When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has the correct contact number for you. This can be used to provide you with appointment details via SMS text message and automated calls to advise you of appointment times. You may also receive your appointment letters via an SMS text message, you will be provided with a unique link and pin code to access your appointment letter. If you do not access your appointment letter within 24-48 hours you will also receive a paper copy of the letter via post.
How you can access your medical records
The Data Protection legislation gives you a right to access the information we hold about you in our records. Requests must be made in writing to the Access to Health Records Department. The Trust will provide your information to you 30 calendar days from receipt of:
• A completed application form, containing adequate supporting information to enable us to verify your identity and locate your records,
• An indication of what information you are requesting, to enable the Trust to locate it in an efficient manner.
You as an individual have the right to have erased any records that have been inaccurately added to your medical records, personal records or other computerised system. If you think any information is inaccurate or incorrect, please contact us using the details on the next page.
Ultimately, if you are unhappy with the way we have handled your information you have the right to make a complaint to the Trust or to the Information Commissioner’s Office (the ICO).
The retention period for medical records once you have been discharged from care is eight years. Once this period is up your records will then be destroyed within the guidelines set out by the Data Protection legislation. There are some exemptions to this, such as maternity and child’s records; these will be kept for 25 years.
The Data controller responsible for keeping your information confidential is:
The Leeds Teaching Hospitals NHS Trust
St James University Hospital
Telephone: 0113 2433144
The Trust’s Data Protection Officer is:
Freedom of Information
The Freedom of information Act 2000 provides any person with the right to obtain information held by the Leeds Teaching Hospitals NHS Trust, subject to exemptions.
The Data Protection legislation requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:
Information Commissioner’s Office
Telephone: 0845 630 6060