Hampshire and Isle of Wight Healthcare NHS Foundation Trust takes yours, and your carer's confidentiality and privacy rights very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under Data Protection Legislation.
Click here for an easy read guide to privacy and data protection.
Click here for an easy read guide to privacy and data protection (learning disabilities).
Click here for a printable version of the below privacy notice.
We will process your personal information fairly and lawfully by;
a) Only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights.
Please be advised, we do not rely on consent to use your information as a ‘legal basis for processing’. We rely on specific provisions under Article 6 and 9 of the UK GDPR, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller,' as well as Schedule 1 of the Data Protection Act 2018, such as ‘conditions relating to employment, health and research.’
This means we can use your personal information to provide you with your care without seeking your consent, providing we have another legal basis.
We would never share it for marketing or insurance purposes.
b) Collect your information for a specified purpose and not to use it in a way that is not compatible with that purpose.
c) Only using enough of your personal information that will be relevant and necessary for us to carry out various tasks within the delivery of your care.
d) Keeping your information accurate and up to date when using it and if it is found to be wrong, we will make it right, where appropriate and as soon as we can.
e) Only keeping your information in a way that it will identify you for as long as we are legally required to, whilst ensuring your rights.
f) Having secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.
Health and social care professionals working with you – such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care – keep records about your health and any care and treatment you receive. This may include:
-
Basic details such as name, address, date of birth, phone number, and email address - where you have provided it to enable us to communicate with you by email
-
Information about how to contact you like your mobile number - so we can use it to contact you, and to communicate with you via SMS text messaging or to leave a voicemail if you can't answer. If you do not want us to communicate with you in this way, you must tell us or specify your preferred method for contact and for what purpose
-
Your next of kin and contact details
-
Information regarding your carer/s (which include friends and significant others) contact information
-
Notes and reports about your physical or mental health and any treatment, care or support you need and receive
-
Results of your tests and diagnosis
-
Relevant information from other professionals, relatives or those who care for you or know you well
-
Any contacts you have with us such as home visits or outpatient appointments
-
Information on medicines, side effects and allergies
-
Patient experience feedback and treatment outcome information you provide
- Information related to your ethnicity
Most of your records are electronic and are held on a computer system and secure IT network. New models of service delivery are being implemented, with closer working with GPs and other healthcare and social care providers. To assist this, the use of other electronic patient record systems to share your information will be implemented. You will be given the opportunity to say no and to opt-out of this sharing your personally identifiable data for this purpose – please refer to the National Opt-Out section below.
To support the provision of environments that are safe and secure for patients, staff and visitors we use surveillance systems such as Closed-Circuit Television systems (CCTV) across Trust sites. All recordings are held locally within our network, with restricted access. Please refer to Policy for Surveillance and the use of Closed Circuit Television for further information.
Your information is collected to enable us to provide you with a range of health care services to:
- have all the information necessary for assessing your needs and for making decisions with you about your care
- have details of our contact with you, such as referrals and appointments and can see the services you have received
- assess the quality of care we give you
- properly investigate if you and your family have a concern or a complaint about your healthcare
Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:
- move to another area
- need to use another service
- see a different healthcare professional.
Health and Social Care Professionals - Your information will be shared with the team who are caring for you and are providing treatment to you. However, the NHS, other agencies and partners, including, for example, social services, and private healthcare organisations work together so we may need to share information about you, in order to provide you with a seamless service. We do this to provide the most appropriate treatment and support for you, and your carers, or when the welfare of other people is involved. We will only share your information in this way if we have your consent and it is considered necessary.
GP Connect - We use this facility to support your direct care. GP Connect makes your clinical information available to all appropriate clinicians when and where they need it, to support your direct care, leading to improvements in both care and outcomes. GP Connect is not used for any purpose other than your direct care.
Care and Health Information Exchange (CHIE) formerly known as the Hampshire Health Record, is a local health and social care record which brings together information from participating Health and Care organisations such as GP practices, community providers, acute hospitals and social care providers.
From your patient record we share your name, address, your contacts such as next of kin, diagnosis, allergies and alerts as well as information about your appointments, care plans, immunisations, progress notes, assessments, inpatient events and referrals, with CHIE. If you do not want your information shared with CHIE, please discuss this with your healthcare professional.
The four Local Safeguarding Adults Boards in Hampshire, Southampton, Portsmouth and Isle of Wight (4LSAB), Fire Safety Development Group - This is to ensure that fire risk is managed by all partners represented through the 4LSABs. This supports consistent provision of fire safety of vulnerable groups and to implement ways of reducing future avoidable fire deaths and near miss fire incidents across the partner organisations/agencies. Through partner agencies working together, vulnerable groups will be less at risk of fire and its affects.
Staff undertaking clinical audits - To ensure we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Our access to your patient records for this purpose is monitored and only anonymous (unidentifiable) information is used in any reports that are shared internally within our Trust.
The Trust also partakes in other national audits - for example, National Audit of Care at the End of Life.
Statutory public inquiries - The Inquiries Act provides a statutory public inquiry with powers to formally request any relevant information from any person or organisation. As a health and care organisation, we have a legal obligation to comply with any formal request from a statutory public inquiry that we receive, known as a Section 21 notice. Where the formal request includes confidential patient information, the lawful basis for providing this under the common law duty of confidentiality is met.
You will not be able to object to your confidential patient information being shared for formal requests issued by statutory public inquiries, because of their importance to the wider public.
Non statutory public inquiries, investigations and reviews related to patient safety – Health and care organisations must work with any investigation that is considering the safety of the care and support that the organisation has provided. This includes providing records and other information to allow the investigation to carry out its task.
You can object to your information being shared if it has been requested by a non-statutory public inquiry, but you will need to give us specific reasons for your objection, and we will consider whether to comply with it.
Investigations and reviews - Usually take place because something may have or has gone wrong, and we need to learn more about the safety of the service, to support improvement in the safety of care. They can be internal, external, or independent. Independent investigations and reviews are carried out by a third party appointed by NHS England or a local commissioner, on the basis of the Patient Safety Incident Response Framework (PSIRF). Although our Trust is not legally obliged to share information, to keep our patients safe from serious harm or death, we will disclose relevant and appropriate information where it is in the interests of the patient, and public.
You can object to your information being shared if it has been requested for an investigation or review. You will need to give us specific reasons for your objection, and we will consider whether to comply with it.
Courts (criminal, civil, family and coroner’s) - courts may request information from us. A request like this is called a court order. A judge can request any information they see as relevant to a case, and we are legally obliged to comply by providing exactly the information requested within the court order. The information will be supplied unredacted, and in its original format where possible, to avoid any doubt about its authenticity. You will not be able to object if your information is requested by a court.
You have the right to refuse/withdraw your consent to information sharing at any time. Please discuss this with your relevant health care professional as this could have implications in how you receive further care, including delays in you receiving care.
However, a person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record, CCTV recordings with other agencies. In these rare circumstances we are not required to have your consent, for example:
-
If there is a concern that you are putting yourself at risk of serious harm
-
If there is concern that you are putting another person at risk of serious harm
-
If there is concern that you are putting a child at risk of harm
-
If we have been instructed to do so by a Court
-
If the information is essential for the investigation of a serious crime
-
If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
-
If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases.
Further information
You can find more about what personal information we share, to whom and for what purpose by looking on our webpages - Information Sharing and Record of Processing Acitvities or you can email our Data Protection Officer.
Integrated Care Boards (ICBs)
To help us monitor our performance, evaluate, and develop the services we provide, it is necessary to review and share minimal information with the ICBs. The information we share would be anonymous so you cannot be identified and all access to and use of this information is strictly controlled.
To ensure that we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports that are shared internally with in our Trust.
NHS Patient Survey Programme (NPSP) is part of the government’s commitment to ensure patient feedback is used to inform the improvement and development of NHS services. We may share your contact information with an NHS approved contractor to be used for the purpose of the NPSP.
Forensic Child and Adolescent Mental Health Services (FCAMHS) Research Database - Used for the collation of routinely collected data in a patient's normal care from all medium secure sites within the FCAMHS network. This data will be used for research purposes to predict patient outcomes and improve patient care across medium secure FCAMHS. You have the right to ask us to not use your data for this database by contacting your forensic team.
NHS England - NHS England assess the effectiveness of the care provided by publicly-funded services - we have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.
Most of the time, NHS England use anonymised data for planning. So your confidential patient information isn't always needed.
You have the right to object to us sharing your personally identifiable information to NHS England – this will not affect your care in any way. For information about how you can opt-out of sharing your data with NHS England please refer to the national opt-out section below.
Clinical Audit: In order to ensure we have accurate and up-to-date patient records; we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports that are shared internally with in our Trust. Information from your records helps staff to continually improve their work and ensures that we are providing good and best practice care. No personal details are released as a result of this work.
Research: Hampshire and Isle of Wight Healthcare NHS Foundation Trust is a University Hospital Trust and is committed to actively promoting research with a view to improving future care. Researchers can use information to improve how physical and mental health can be treated and prevented.
As a data controller Hampshire and Isle of Wight Healthcare rely upon Articles 6(1)(e) and 9(2)(j) as our lawful basis for processing your information under the UK GDPR and Schedule 1, Part 1 of the Data Protection Act 2018. This means we do not rely upon your consent for our Researchers to access information we have collected about you.
If we use your patient information for research, where possible we remove identifiers such as your name, DOB, address, postcode, age, etc.
However, if we do need to use your personally identifiable data and / or wish to invite you to actively take part in a research study, we will seek your consent. For you to have the opportunity to take part in local research with Hampshire and Isle of Wight Healthcare you might receive a letter, email, text message or phone call asking if you would like to receive further information about specific individual local research studies that might be relevant to your health.
You have the right to ask us not to send any further communication about our local research.
If you do take part in a research study, you have the right to withdraw your consent at any point, however, the information already collected as part of the research study would not be erased.
We would never publish the outcome of our research studies in a way that would personally identify you.
Our Trust also uses an IT system known as UK CRIS (Clinical Record Interactive Search). This system has a copy of your clinical record in it and is used for research by approved researchers. However, all personal identifiable information about you has been removed so you cannot be identified.
For further details on how your information is used in research please visit the Health Research Authority - patient information, health and care research or you can contact our Research and Improvement team.
Information about our current research studies and Sponsor details can be found on our Trust's webpages for Research and Innovation.
Information about your health and care helps Hampshire and Isle of Wight Healthcare NHS Foundation Trust and our healthcare partners to improve your individual care, speed up diagnosis, plan your local services and research new treatments.
In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used. As a result of these changes, you can choose whether your confidential personally identifiable information is used for clinical research and planning.
Opting-out: If you do not want your confidential patient identifiable information used for the planning of health and care services as well as research in England, you have the right to nationally object/Opt-out to your information being used, by registering your choice via https://nhs.uk/your-nhs-data-matters.
If you do choose to nationally opt-out, you can still consent to your data being used for specified individual research studies and planning purposes locally.
The Trust will honour your national choice to opt out of your personal confidential patient information being used for planning and research purposes where we are legally required to do so.
When does National Opt-Out not apply: If you choose to stop your confidential patient identifiable information being used for research and planning, your data might still be used in some situations.
- When required by law: If there's a legal requirement to provide it, such as a court order.
- When you have given consent: If you have given your consent, such as for a medical research study.
- When there is an overriding public interest: In an emergency or in a situation when the safety of others is most important. For example, to help manage contagious diseases like coronavirus and stop them spreading.
- When information that can identify you is removed: Information about your health care or treatment might still be used in research and planning if the information that can identify you is removed first.
- When there is a specific exclusion: Your confidential patient information can still be used in a small number of situations. For example, for official national statistics like a population census.
We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.
This Trust is registered to the Information Commissioner’s Office; registration number Z8537183
All of the Information Systems used by our Trust are implemented with robust security safeguards to protect the confidentiality, integrity and availability of your personal information. The security controls adopted by the Trust are influenced by mandated frameworks such as the Data Security and Protection Toolkit (DSPT) and the Governments Secure Email Standard (DCB1596). As required, the security controls are supported by other relevant guidance from sources such as NHS Digital and the National Cyber Security Centre (NCSC).
Securing your electronic information
- We have very strict rules about who can and cannot use our computers.
- We also put restrictions in place as to which records staff can access.
- Our computers and networks are protected against hackers and unauthorised access.
- Any information about you that is sent electronically to another healthcare provider or service is sent securely (encrypted).
- Every time someone accesses your information an audit trail is create.
All employees and our partner organisations are legally bound to respect your confidentiality, all staff must comply with our security operating procedures. Any breach of these is treated seriously, and could result in disciplinary action, including dismissal.
If any of your personal information is to be processed overseas (i.e. outside the EU) a full risk assessment would be undertaken to ensure the security of the information.
To find more information about how we keep your information safe click here. If you need further information, you can email our Data Protection Officer.
All records held by the NHS are subject to the Records Management Code of Practice. The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.
A copy of the Records Management Code of Practice can be found here.
You have a right to see the information we hold about you, both on paper and electronic, except for information that:
-
Has been provided about you by someone else if they haven’t given permission for you to see it
-
Relates to a criminal offence(s)
-
Is being used to detect or prevent crime
-
Could cause physical or mental harm to you or someone else
We may need to request proof of identity before we can formally respond to your request for your personal information. You can find out more about how to access your information by visiting our webpage and clicking on 'Access to your personal information'.
If you wish to complete our Subject Access Request Form or send an email, please forward to the service where you receive your care or alternatively send to:
Access to Records team
Hampshire and Isle of Wight Healthcare NHS Foundation Trust
4-6 Sterne Road
Tatchbury Mount
Calmore
Southampton SO40 2RZ
The team are available to assist you with your comments, concerns, and complaints. The team act independently of clinical teams to ensure your concerns are investigated and responded to in an effective and timely manner. Contact details are:
Concerns and Complaints Team
7 Sterne Road
Tatchbury Mount
Calmore
Southampton SO40 2RZ
Telephone: 023 8087 4065
Email: complaints@southernhealth.nhs.uk
To get further advice or report a concern directly to the UK’s independent authority you can do this by making contacting with:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
For more information please go to: https://ico.org.uk/concerns/handling/
The Data Controller
Hampshire and Isle of Wight Healthcare NHS Foundation Trust
7 Sterne Road
Tatchbury Mount
Calmore
Southampton SO40 2RZ
Telephone: 023 8087 4000
Caldicott Guardian
Dr Mayura Deshpande
Hampshire and Isle of Wight Healthcare NHS Foundation Trust
7 Sterne Road
Tatchbury Mount
Calmore
Southampton SO40 2RZ
Telephone: 023 8087 4000
Email: caldicottguardian@solent.nhs.uk
Data Protection Officer
Sadie Bell (interim)
Hampshire and Isle of Wight Healthcare NHS Foundation Trust
Highpoint Venue
Burseldon Road
Southampton
SO18 8BR
Telephone: 0300 123 3919
Email: sadie.bell@solent.nhs.uk
Freedom of Information Officer
Hampshire and Isle of Wight Healthcare NHS Foundation Trust Highpoint Venue
Bursledon Road
Southampton
SO19 8BR
Telephone: 0300 123 3919 Email: freedomofinformation@solent.nhs.uk
How we use cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies are used minimally on this website for site usage analytics. You may delete and block all cookies from this site, but some parts of the site may not work as expected.
To help us to improve the content, format and structure of this website we record and analyse how visitors use the website. For this purpose, we use Google Analytics.
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this and we will make it clear when we collect personal information and will explain what we intend to do with it.
For more information on enabling and disabling cookies please visit About Cookies.
Cookie |
Name |
Purpose |
More information |
---|---|---|---|
Google Analytics |
_utma |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
Click here for an overview of privacy at Google
Click here for information on downloading a browser add-on to opt-out of Google Analytics
|
concrete5 |
CONCRETE5 |
This cookie is used by the website's CMS (Content Management System) to track if the user is a public guest or is logged in to an account on the website. This cookie is not used for any other purpose. |
|
Cookie notice |
cookieconsent_status |
Keep track of whether or not you have clicked "Got it!" on the notice about cookies on this website, so that it doesn't keep appearing when you load a page. |
|
Google Translate |
googtrans |
Keep track of which language has been selected from the Google Translate tool. |
|
Colour contrast |
contrast-mode |
Keep track of which colour contrast mode has been selected from the Accessibility Tools. |
|
Text size |
saveFontSize |
Keep track of the text size that has been set from the Accessibility Tools. |
|
Accessibility bar |
accessibility-controls |
Keep track of whether the accessibility bar is opened or closed. |
|
Popup Notice | popup_notice | Keep track of whether the site poup has been closed |