Information for staff provided by the Trust outlining its legal responsibilities under data protection law.
Security of information
Confidentiality affects everyone. We as a Trust have a legal basis to collate, store and process large amounts of personal data on a daily basis for the purposes of preventive or occupational medicine and the assessment of the working capacity of the employee or if the process is necessary for the performance of a task carried out in the public interest.
Our duty to protect personal data and confidentiality is taken very seriously; Leeds Teaching Hospitals NHS Trust ensures that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.
Why do we collect information about you?
We will collect and process information about employees for legal, personnel, administrative and management purposes and to enable us to meet our legal obligations as a Trust, for example to pay you, monitor your performance and to confer benefits in connection with your employment.
We may process information relating to employees including:
- Information about physical or mental health or condition in order to monitor sick leave and take decisions as to the employee’s fitness for work,
- The employee’s racial or ethnic origin or religious or similar information in order to monitor compliance with equal opportunities legislation,
- To some extent, trade union membership; in order to facilitate representation if required, or the payment of subscriptions,
- Employment tribunal applications, complaints, accidents, and incident details,
- Management of employee work or progress,
- In order to comply with legal requirements and obligations to third parties.
We will keep the information we store about you accurate and up to date. Information that is inaccurate or has passed the retention period will be disposed of appropriately.
Please notify your line manager if your personal details have changed or if you become aware of any inaccuracies in the personal data we hold about you.
How your personal information is used
We will only use your information for the specific purpose or purposes to the extent that it is necessary and has been notified to you, or for any other purposes specifically permitted by Data Protection legislation.
Who do we share personal information with?
We will not share your information to a third party without your consent unless we are satisfied that they are legally entitled to the data.
Your information held within the Electronic Staff Record (ESR) and other Trust systems may be shared to allow specific work based information about yourself to be processed. For example, Payroll, pensions, staff leave, etc.
We will only process sensitive personal data about you where further conditions are also met. Usually this will mean that you have given your explicit consent, or that the processing is legally required for employment purposes.
Before employment commences, the Trust will collect your information for the purpose of a Disclosure & Barring Service check (DBS), the required information will be provided to the DBS to ascertain if you are suitable to work within the settings you have applied for. This helps the Trust make safer recruitment decisions.
Back to topThe Leeds Hospitals Charity
The Leeds Hospitals Charity is the charity of the Leeds Teaching Hospitals NHS Trust and a legal entity in their own right. The Charity awards millions of pounds each year to the Trust, which is used to fund equipment, education, health and wellbeing, the environment, and specialist staff.
The Charity’s support makes a significant difference to Trust employees by funding health and wellbeing support for Trust employees, supporting specific job posts, much needed equipment, and by improving the working environment.
Owing to the General Data Protections Regulations: Article 6.1 (B) – in order to fulfil the Trust’s contractual performance obligations, the Trust may share information relating to employees including:
- Your name
- Your job role
- Your home address
- Your work email address
- Your work telephone number (if you have one).
If you wish to opt out of the sharing of your information with the Leeds Hospitals Charity please contact the Trust’s Information Governance team
Information Governance Team
Disclosure of information
The Trust only processes your information where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others.
You, as an employee, have a right to object to how and with whom we share the personal information in your records that identifies you. This would need to be reflected in your personnel records. If you have any concerns please inform your line-manager.
If consent is relevant, you are required to provide this in writing. You also have the right to withdraw your consent at any time.
Back to topHow your personal information is used
to improve the NHS
Your information will also be used to help us manage the NHS and protect the health of the public by being used to:
- Investigate queries, complaints and legal claims
- Prepare statistics on NHS performance
- Audit NHS accounts and services
- Helping to train and educate healthcare professionals.
Call recording and CCTV
Telephone calls to the Leeds Teaching Hospitals NHS Trust and CCTV cameras located around the hospitals are routinely recorded and checked for the following purposes:
- To prevent crime or misuse
- To make sure that staff act in compliance with Trust procedures
- To ensure quality control
- Training, monitoring and service improvement.
Activity monitoring and system audits
All system access and computer usage are subject to monitoring. The Trust’s Information Governance team will request audits on a random basis or as and when concerns are raised in regards to access to systems or a particular record. This ensures that all employees are compliant with Trust policies and Data Protection legislation.
How you can access your personal records
The Data Protection legislation gives you a right to obtain and reuse the information we hold about you in our records. Requests must be made in writing to the Access to Records Department. The Trust will provide your information to you 30 calendar days from receipt of:
- A completed application form, containing adequate supporting information (such as your full name, address, date of birth, NHS number, etc.) to enable us to verify your identity and locate your records
- An indication of what information you are requesting to enable the Trust to locate it in an efficient manner.
You as an individual have the right to have erased any record that has been accidently or inaccurately added to your personnel file.
Ultimately, if you are unhappy with the way we have handled your personal data you have the right to make a complaint to the Trust or to the Information Commissioner’s Office (the ICO).
Back to topRetention
We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required, subject to the system allowing this to happen. Where systems do not allow this we will work with suppliers to improve functionality.
The retention period for all staff personnel and occupational health records is until their 75th birthday. These will then be destroyed within the guidelines set out by the Data Protection legislation.
Data controller
The Data controller responsible for keeping your information confidential is:
The Leeds Teaching Hospitals NHS Trust
The Trust’s Data Protection Officer is:
Johnny Chagger
Notification
The Data Protection Legislation requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:
Information Commissioner’s Office
Freedom of Information
The Freedom of Information Act 2000 provides any person with the right to obtain information held by the Leeds Teaching Hospitals NHS Trust, subject to a number of exemptions. If you would like to request some information from us, please visit the freedom of information section of our website.
Legal basis for processing your data
As part of our requirements under the law, the Trust must demonstrate a clear legal reason for collecting, using, sharing and retaining personal data about you. For personal data used in the provision of health and social care our basis is outlined as ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’ under 6(1)(e) of UK GDPR. This is because Trust is a public organisation providing a healthcare service and is required to use names, addresses or other personal data to deliver this service.
Our legal basis for using sensitive personal data (called ‘special categories of personal data’ under UK GDPR) is that this is necessary for the ‘provision of health or social care or treatment or the management of health of social care systems and services’ under 9(2)(h) of UK GDPR. This is because the Trust must use health and social care information about you or your child in the delivery of their care.
Furthermore, these points cover the use of data for clinical audits, service improvement and sharing with other health or social care providers when necessary as part of our service delivery.
There may be times when the Trust uses other different legal bases for other services it provides (for example, research).
Back to top