Hertfordshire Community NHS Trust keeps records about the healthcare and treatment patients receive. This helps to ensure that patients receive the best possible care from us. Data Protection Laws mean we have a legal duty to keep information about you confidential, secure and accurate.
We are legally permitted to hold and process information about you for health and social care treatment and for the management of health and social care services. We do this to provide health and social care services and need your information to do so. We may also hold and process information about you for public health purposes.
How long we keep your records will depend on what information we hold about you. Adult health records are kept for a minimum of eight years and the records of children and young people are kept until their 25th birthday. All NHS bodies keep records for the time periods set out in the Records Management Code of Practice for Health & Social Care (2020) which can be found here.
The information we hold about you will be information you have given us. We will also hold information given to us by other health and social care providers, e.g. from your GP in a referral letter, from relatives or a representative of you, or from the Ambulance Service.
The Trust holds information about you in accordance with the General Data Protection Regulation and the Data Protection Act 2018.
Everyone working for the Trust must comply with the Common Law Duty of Confidence. Information you provide to the Trust in confidence will only be used for the purposes explained to you, unless there are other circumstances covered by the law.
The Trust complies with the NHS Confidentiality Code of Conduct. All our staff are required to protect your information, inform you how your information will be used, and allow you to decide if and how your information can be shared.
All our staff receive training in data protection, information security and confidentiality. All staff and any third parties working for the Trust have to follow our policies and procedures.
Your information will also help us manage the NHS and protect the health of the public by being used to:
With your consent, we may use your details to contact you with regards to patient satisfaction surveys relating to services you have used within our Trust. This is to improve the way we deliver healthcare to you and other patients.
We share your personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities, other NHS trusts, general practitioners (GPs), ambulance services and primary care agencies.
We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services.
These non-NHS organisations may include, but are not restricted to:
We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. This would normally be to assist them to carry out their statutory duties. In these circumstances, we are informing you through this notice, which is referred to as a Privacy Notice, under the Data Protection Act.
Hertfordshire Community NHS Trust is part of My Care Record, an approach to improving care by joining up health and care information. Health and care professionals from other services will be able to view information from the records we hold about you when it is needed for your care. Please see www.mycarerecord.org.uk for more information.
We may need to disclose information about you if the public interest is thought to be greater than your right to confidentiality. Examples of this include: where a serious crime has been committed, if there are risks to the public or our staff, for safeguarding and the protection of vulnerable children or adults, where we have to comply with a Court Order.
The Trust is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
In England, Northern Ireland and Wales (and in most cases Scotland), a child is recognised as someone who has not yet reached their 18th birthday.
Where you have parental responsibility for a child in UK Law or are a significant adult in a child’s life, the following informs you as to how we process your information.
HCT consider a significant person in a child’s life to be; an adult who legally possesses parental responsibility for a child; and or an adult who lives with the child and / or an adult who has regular caring responsibilities for the child.
We are required to ensure that we obtain information for any individual who is significant in any child’s life and their upbringing in order to inform our assessment of the Guiding Principles for the Care and Support of Children (Children Act, 2004) in meeting the needs and promoting the welfare of the child.
In order to do this, we will ask any person who has Parental Responsibility for a child for the details of any significant individual(s) in the child’s life.
We will process this information by registering and linking the individual to the child’s record. We will review any relevant information found on the record and where clarity is required, the individual will be contacted directly. Further details about how we process information and the parties we share this with can be found above.
We will share any relevant information about a child to a resident parent, who has legal parental responsibility for the child. If you require us to send the same information to individuals with parental responsibility, please request this directly from the Health Professional concerned.
If you require access to your records please click on the following link for more information.
At any time you have the right to object to how we use your information. The possible consequences will be fully explained to you and could include delays in receiving care. If you wish to opt out of sharing your information with a third party the Trust will ask you to sign a form to confirm your understanding. This will be uploaded to our Clinical system (SystmOne) so all staff who have a legitimate access to your record are informed.
To learn more about how we use your information, please speak to the health professionals concerned with your care, or contact the Patient Advice and Liaison Service (PALS) department (see link below).
If you require more detailed information, have a concern regarding the way the Trust uses your information of if you feel your confidentiality has been breached please contact:
The Data Protection Officer (Head of Information Governance)
Hertfordshire Community NHS Trust
14 Tewin Road
Welwyn Garden City
by email to: firstname.lastname@example.org (for the attention of the DPO)
or by phone to: 01707 388 000
If you feel that we are not processing your information lawfully you have the right to complain to:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow SK9 5AF
Tel: 0303 123 1113 www.ico.org.uk
Copyright © 2021 Hertfordshire Community NHS Trust