Data Protection and Your Information

Why we collect information about you

Hertfordshire Community NHS Trust keeps records about the healthcare and treatment patients receive. This helps to ensure that patients receive the best possible care from us.

EU & UK Data Protection Laws mean we have a legal duty to keep information about you confidential, secure and accurate.

We are legally permitted to hold and process information about you for health and social care treatment and for the management of health and social care services. We do this to provide health and social care services and need your information to do so. We may also hold and process information about you for public health purposes.

What information we collect about you

  • Personal details, such as your name, address, date of birth, next of kin, etc.
  • Sensitive (special category) information, which includes your ethnicity, religious beliefs, details about your physical and mental health and any disabilities or support needs.

How long we keep information about you

How long we keep your records will depend on what information we hold about you. Adult health records are kept for a minimum of 8 years and the records of children and young people are kept until their 25th birthday. All NHS bodies keep records for the time periods set out in the Records Management Code of Practice for Health & Social Care (2016) which can be found here.

How we collect your information

The information we hold about you will be information you have given us. We will also hold information given to us by other health and social care providers, e.g. from your GP in a referral letter, from relatives or a representative of you, or from the Ambulance Service.

How we keep your records confidential

The Trust holds information about you in accordance with the General Data Protection Regulation and the Data Protection Act 2018.

Everyone working for the Trust must comply with the Common Law Duty of Confidence. Information you provide to the Trust in confidence will only be used for the purposes explained to you, unless there are other circumstances covered by the law.

The Trust complies with the NHS Confidentiality Code of Conduct. All our staff are required to protect your information, inform you how your information will be used, and allow you to decide if and how your information can be shared.

All our staff receive training in data protection, information security and confidentiality. All staff and any third parties working for the Trust have to follow our policies and procedures.

How your personal information is used to improve the NHS

Your information will also help us manage the NHS and protect the health of the public by being used to:

  • Deliver you the most suitable care and treatment
  • Contact you with appointment reminders (this may include text messages)
  • Review the care we provide to ensure it is of the highest standard and quality, e.g. through audit or service improvement
  • Investigate complaints, legal claims and incidents.
  • Ensure the hospital receives payment for the care you receive
  • Prepare statistics on NHS performance
  • Audit NHS accounts and services
  • Undertake health research and development (with your consent – you may choose whether or not to be involved)
  • Train and educate healthcare professionals
  • Report events to the appropriate authorities where the law requires us to.

With your consent, we may use your details to contact you with regards to patient satisfaction surveys relating to services you have used within our Trust. This is to improve the way we deliver healthcare to you and other patients.

Who we Share your information with

We share your personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities, other NHS trusts, general practitioners (GPs), ambulance services and primary care agencies.

We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services.

These non-NHS organisations may include, but are not restricted to:

  • Social Services
  • Education services
  • Local authorities
  • The police
  • Voluntary sector providers
  • Private sector providers

We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. This would normally be to assist them to carry out their statutory duties. In these circumstances, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.

We may need to disclose information about you if the public interest is thought to be greater than your right to confidentiality. Examples of this include: where a serious crime has been committed, if there are risks to the public or our staff, for safeguarding and the protection of vulnerable children or adults, where we have to comply with a Court Order.

The Trust is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

Your Information Rights

  • A right to obtain copies of the information we hold about you
  • A right to view the information we hold about you
  • A right to ask us to correct the information we hold about you if it is inaccurate or incomplete.
  • A right to ask us not to share information

If you require access to your records please click on the following link for more information.

Contact us - Access to Medical Records

Your right to object

At any time you have the right to object to how we use your information. The possible consequences will be fully explained to you and could include delays in receiving care. If you wish to opt out of sharing your information with a third party the Trust will ask you to sign a form to confirm your understanding. This will be uploaded to our Clinical system (SystmOne) so all staff who have a legitimate access to your record are informed.

Who to Contact

To learn more about how we use your information, please speak to the health professionals concerned with your care, or contact the Patient Advice and Liaison Service (PALS) department (see link below).

If you require more detailed information, have a concern regarding he way the Trust uses your information of if you feel your confidentiality has been breached please contact:

The Data Protection Officer (Head of Information Governance)
Hertfordshire Community NHS Trust
Howard Court
14 Tewin Road
Welwyn Garden City
Hertfordshire
AL7 1BW

by email to: atr.hct@nhs.net (for the attention of the DPO)

or by phone to: 01707 388 000

If you feel that we are not processing your information lawfully you have the right to complain to:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113 www.ico.org.uk