Northern Lincolnshire and Goole NHS Foundation Trust privacy statement.
- Security of Information and our Data Protection Officer
- How do we obtain your information?
- Why do we collect information about you and what information do we hold?
- How your personal information is used
- Who do we share personal information with?
- Data Privacy Impact Assessments DPIA
- National Opt-out service
- Humber Information Sharing Charter
- Disclosure of Information
- How your personal information is used to improve the NHS
- Call recording
- SMS text messaging
- Sending Data Overseas
- Retaining information
- How you can access your records
- What if I have concerns about how the Trust is handling my data?
Security of Information and our Data Protection Officer
All health and adult social care providers are subject to the statutory duty under section 251B of the Health and Social Care Act 2012 to share information about a patient for their direct care. This duty is subject to both the common law duty of confidence and the Data Protection Act18.
The processing of personal data in the delivery of health care and for providers’ administrative
purposes in this Hospital Trust and in support of health care elsewhere is supported under the
following Article 6 and 9 conditions of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the
exercise of official authority…’.
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the
assessment of the working capacity of the employee, medical diagnosis, the provision of health or
social care or treatment or the management of health or social care systems and
We will also recognise your rights established under UK case law collectively known as the “Common
Law Duty of Confidentiality”* Further details on the Common Law Duty of Confidentiality are provided, below.
Confidentiality affects everyone: Northern Lincolnshire & Goole NHS Foundation Trust collects, stores and uses large amounts of personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.
We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.
The Trust has a Data Protection Officer who ensures the Trust is accountable and compliant with General Data Protection Regulation (GDPR), and Data Protection Act 2018. Our Data Protection Officer is Susan Meakin and can be contacted through:
Scunthorpe General Hospital
Under the NHS Confidentiality Code of Conduct, all our staff are required to protect your information, and inform you of how your information will be used. Everyone working for the NHS is subject to the common law of duty of confidentiality.
All staff are required to undertake annual mandatory information governance training which includes data security. This ensures that staff are aware of their information governance responsibilities and follow best practice guidelines, ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.
How do we obtain your information?
We obtain information from you yourself; generate it as part of the care and treatment we provide you, and sometimes from other professionals involved in your care or treatment such as your GP. We may sometimes receive information from family members, social services, the police or other sources.
Why do we collect information about you and what information do we hold?
The doctors, nurses and team of healthcare professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care. They may be written down in paper records or held on computer. These records may include:
- Basic details about you such as name, address, date of birth, next of kin, etc
- Contact we have had with you such as appointments, clinic visits, and inpatient stays
- Notes and reports about your health, treatment and care
- Results of x-rays, scans and laboratory tests
- Relevant information from people who care for you and know you well, such as health professionals and relatives
- Visual images, personal appearance and behaviour, for example CCTV images are used for crime prevention and to enhance quality of care, treatment and patient safety at all times in certain high dependency areas.
- Job applicants, current and former Trust employee’s details
- Guest WiFi is available on the Trust sites
- Trust members.
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.
How your personal information is used
Your records are used to direct, manage and deliver the care you receive to ensure that:
- Primarily to provide you high quality care that is safe and effective, taking into consideration you as an individual and ensuring care is relevant to you
- The doctors, nurses and other healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you
- Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive
- Your concerns can be properly investigated if a complaint is raised
- Appropriate information is available if you see another doctor, or are referred to a specialist or another part of the NHS
- Ensure the hospital receives payment for the care you receive
- Help train and educate healthcare professionals
- As a Foundation Trust we have a legal requirement to process membership data to ensure we have representative membership which reflects our local population.
Who do we share personal information with?
Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
We will share information with the following main partner organisations:
- Other NHS Trusts and hospitals that are involved in your care
- Clinical Commissioning Groups (CCGs)
- General Practitioners (GPs)
- Ambulance Services
- NHS Digital, NHS Improvement, NHS England, Department of Health
- Care Quality Commission (CQC)
- Trusts are legally required to submit full returns of Maternity Services Data sets (MSDS)
data, as the Data Provision Notice (DPN) that will be issued under section 259(10)of the
Health and Social Care Act 2012 sets aside the common law of duty of confidence in respect
of this data
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:
- Social Care Services (including Safeguarding)
- Education Services
- Local Authorities
- Voluntary and private sector providers working with the NHS
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information. Information will only be shared with these other organisations where there is a statutory obligation to do so, or with the agreement of Northern Lincolnshire & Goole NHS Foundation Trust’s Calidicott Guardian.
If you choose to take part in research activities, you will be told more about how your data will be used as part of those projects.
Data Privacy Impact Assessments DPIA
All new projects processes and systems which are introduced must comply with confidentiality privacy and data protection requirements. Therefore before new processes or systems that are introduced they must be tested against a list of requirements. DPIA’s are structured assessments of the potential impact on data protection and privacy for new or significantly changed processes.
National Opt-out service
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply.
You can also find out more about how patient information is used at:
You can change your mind about your choice at any time.
Humber Information Sharing Charter
Organisations often need to share information. This ensures that their services benefit local people and meet their needs. But they need to make sure they share only the information that is necessary. They must also protect people’s privacy.
The Humber Information Sharing Charter supports local data sharing in a number of ways:
– It sets out rules about how local organisations share information. It helps them and local people to understand those rules and the relevant laws. It explains what organisations can and cannot share, and says with whom, how and for what purposes they can share information.
– It helps keep information-sharing correct and secure. It will enable organisations to be open about how they protect information, and let others see what they have done. It also tells people about the rules governing which details the organisations can make public, and how people can get hold of that information.
By signing the Charter, organisations show they accept the need to share information effectively and securely. They do this so they can provide services for, and improve the lives of the population they serve.
For more information and a full list of organisations that are part of this initiative, please visit the Humber Data Observatory Webpage
Disclosure of Information
You have the right to request that the organisation considers restricting the information processed about you and who it is shared with, recognising the legal basis for processing information is for the provision of healthcare for individuals.
How your personal information is used to improve the NHS
Your information will also be used to help us manage the NHS and protect the health of the public by being used to:
- Review the care we provide to ensure it is of the highest standard and quality.
- Ensure our services can meet patient needs in the future.
- Investigate patient queries, complaints and legal claims.
- Prepare statistics on NHS performance.
- Audit NHS accounts and services.
- Undertaking health research and development (with your consent – you may choose whether or not to be involved).
- Helping to train and educate healthcare professionals.
You can sometimes ‘opt-out’ of personalised information about you being used in connection with some of these arrangements -please contact Nlgemail@example.com
Data Protection Officer.
Telephone calls to the Trust Single point of access service:
Northern Lincolnshire and Goole NHS Foundation Trust may undertake the recording of phone calls where it is necessary, to archive the content of the call in order to provide a record for any subsequent investigation, analysis of an incident or training purposes. Indiscriminate recording or monitoring of the content of telephone calls are not undertaken. Where voice recording or monitoring of calls is undertaken, parties will be informed by means of publicity, verbal or audible warnings. Authorisation for such recording or monitoring must be obtained from the Trust’s Governance committee.
SMS text messaging
When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact number and mobile telephone number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.
Sending Data Overseas
On occasions your data maybe processed outside the UK, in most circumstances it will remain within the European Economic Area (EEA).The same protection would be applied as if processed within this country. If your data is transferred outside the EEA we are required to comply with the Data Protection Act, and ensure there is adequate protection is in place.
We will only retain information for as long as necessary. All personal information will be kept in line with the retention periods in the Department of Health Records Management Code of Practice for Health and Social Care Records 2016.
How you can access your records
If you are a patient you have the right to obtain Access to your Health Records under General Data Protection Regulation 2018. This means you have the right to request and receive any information held on you by the hospital.
If you are a patient, relative, next of kin or personal representative of a patient, under the Access to Health Records Act 1990 (which also includes deceased patients), you also have the right to request and receive any information held within the hospital on the individual concerned.
How do I make a request to access the health records?
If you are a patient, the Next of Kin or a patient’s personal representative and wish to apply for Access to Health Records, you will be asked to complete an application form. This will assist us with collating all the relevant information you require.
The application form is supplied by the Subject Access Department. This department is centralised at Scunthorpe General Hospital. You can collect a form from the department or contact us on the telephone number below and we can send a copy in the post. We can also email you a copy electronically, the form will need to be completed, signed and scanned back to the Subject Access Department:
Contact Details for Further Information
Subject Access Department
Scunthorpe General Hospital
Direct Dial: 03033 302191
Central Trust Hospital Number: 03033 306999
We will aim to deal with requests within a month. In order to respond to requests as promptly as possible, the Trust would encourage applicants to view the health record to ensure the correct information is selected which prevents additional work in providing information which is not necessary.
Will I get charged for accessing a health record?
No – under the new General Data Protection Regulation there is no charge levied for access to your own records. We may charge a reasonable fee for administrative costs if a request (or otherwise not respond substantively to a request) is manifestly unfounded or excessive. Should this situation arise, applicants would be provided with more information about how we have reached these conclusions.
How will I receive a copy of my health records after viewing?
Paper or electronic copies of the relevant information from the health record will be provided to the applicant after they have viewed the records and decided which sections of the record are relevant in paper format. If posted they will be sent out special delivery and the recipient will have to sign for them. For further information on obtaining copies of electronic information please contact the Medico-Legal Department.
Freedom of Information
The Freedom of information Act 2000 provides any person with the right to obtain information held by Northern Lincolnshire & Goole NHS Foundation Trust, subject to a number of exemptions. If you would like to request some information from us, please visit http://www.nlg.nhs.uk/support/freedom-of-information/. Please note: if your request is for information we hold about you (for example, your health record), please instead see above, under “How You Can Access Your Records”.
Freedom of Information Department
Diana Princess of Wales Hospital
E mail address firstname.lastname@example.org
What if I have concerns about how the Trust is handling my data?
Please speak to us first. If the Trust is unable to comply with your request, or if you are unhappy about how we have used your data, you can contact the to the Information Commissioners Office https://ico.org.uk