Privacy notice and how patient information is used
The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust (the Trust) processes information about you in order to provide health care services, and in doing so has to comply with the requirements of the Data Protection Act 2018 and the EU General Data Protection Regulation. This means that data held about you must only be used for specific purposes as defined by law. This Privacy Notice has been created to inform you about the types of information held about you, why that information is held about you, and to whom that information may be shared.
The Trust is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy statement.
The Trust may change this statement from time to time. You should check this page from time to time to ensure that you are happy with any changes. This statement is effective from 16/12/2021.
COVID-19 and your information
In order to look after your health and care needs we may share your confidential patient information including health hand care records. Further information can be found here.
Why we collect information about you:
The health care professionals caring for you keep records about your health and any treatment you receive from the NHS. These help ensure that you receive the best possible care from us. They may be written down (manual records), or held on a computer. The records may include:
- Basic information about you, such as name, address, date of birth, NHS number and next of kin details;
- Contacts we have had with you, such as inpatient appointment, outpatient appointment or Video Consultation appointment;
- Notes and reports about your health and any treatment and care you need;
- Details and records about the treatment and care you receive; and
- Relevant information from other health and social care professionals, local authorities, voluntary organisations, relatives or those who care for you and know you well.
How your personal information is used:
Your records are used to direct, manage and deliver the care you receive to ensure that:
- The healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you; and
- Appropriate information is available if you see another member of the clinical care team, or are referred to a specialist or another part of the NHS.
How your records are used to help the Trust:
Your information will also be used to help us manage the Trust and protect the health of the public by being used to:
- Review the care we provide to ensure it is of the highest standard and quality;
- Ensure our services can meet service user needs in the future.
- Investigate service users’ queries, complaints and legal claims;
- Prepare statistics on the Trust’s performance;
- Audit Trust accounts and services;
- Undertaking heath research and development (with your consent - you may choose whether or not to be involved; and
- Helping to train and educate healthcare professionals.
Specific uses of your information
- Foundation Trust Members
- Name and contact information including email address;
- Demographic information such as postcode, preferences and interests; and
- Other information relevant to Foundation Trust members.
- NHS Patient Survey Programme: Your contact information may be used for the purpose of the NHS Patient Survey Programme and that, where relevant, this will include passing those data to an approved contractor. Anonymised reports produced by the survey programme will be used to help make service improvements. You have the right to opt-out of taking part in the survey programme.
- Major incidents: Your data may be shared within government for emergency response or recovery purposes unless to do so involves disproportionate effort.
- Radiology services: We provide Radiology services on a twenty four hour basis. In order to do this effectively, we have a contract with Everlight Radiology, which has radiology reporting centres within the UK and Worldwide. RRO support the Trust’s imaging department during peak and out of hours periods. Patient information required for diagnosis is sent to RRO’s reporting centres in the UK and Worldwide.
- Contacting you: When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact telephone number for you. This can be used to provide appointment details via text messages, automated calls and person to person calls to advise you of appointment times.
- Friends and Family Test: After you attend the hospital you may receive a text message asking you to rate how happy you were with your visit. This is a national service and it gives NHS users an opportunity to give feedback on their experience. When you receive a Friends and Family Test message by text, you will have the option to opt out of any future messages from this service if you wish to do so.
- Attend Anywhere video consulting system: The Trust does not collect any personal data about you on this system and the associated Attend Anywhere website, apart from:
We may collect the following information:
We may use information about Foundation Trust members to ensure that our membership properly represents the population served by the Trust.
From time to time, we will contact Foundation Trust members for the purposes of informing them of events and news relating to the Trust.
We will not use the information for any marketing purposes.
- Information that you volunteer by completing the online form to enter your name, phone number and date of birth; and
- Your IP address and access device type. Information that is submitted via the online form is encrypted and securely transferred to us. It is used solely for the purpose of identifying you to your clinical team. At the end of the video call this information is deleted from the system. Your IP address and access device type are used to process your call effectively and are deleted from the Attend Anywhere system within 12 months. Your IP address is also sent to Google Analytics for web access statistical reporting.
Any information, which you provide via this website is not made available to any third parties. Any information provided is used by the Trust solely for the purpose of processing your information request or video consultation. Information entered to facilitate your video consultation is not retained at the end of your consultation. The video and audio elements of your call are not recorded in the Attend Anywhere system. However, details of your consultation may be entered into your health record.
Use of CCTV
The Trust has CCTV deployed around the site in order to manage and investigate the following circumstances:
- Alleged security incidents, theft, assault or baby abduction on Trust premises;
- Staff, visitor and patient safety;
- Investigation of traffic incidents or congestion on the Trust site;
- upporting the management of a fire or major incident alert;
- The security of Trust premises; and
- Investigation of persons acting suspiciously on Trust premises.
CCTV images are retained for 28 days only.
Images are only viewed by Trust personnel, but images may be shared with the police to aid the investigation or prosecution of criminal activities within Trust grounds and premises.
Some of this information is held centrally within the Trust, but where this is used for statistical purposes rigorous measures are taken to ensure that individual service users cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including Universities and Research Institutions.
Where it is not possible to use anonymised information, personally identifiable information may be used for essential NHS purposes. They may include research and auditing services. This will only be done with your consent, and/or the consent of your carer or next of kin, unless the law requires information to be passed on to improve public health.
How we keep your records confidential and secure:
Everyone working for the NHS has a legal duty to keep information about you confidential and secure.
You may be receiving care from other organisations as well as the NHS e.g. Social Services and the Voluntary Sector. We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. When we pass on any information we will ensure it is kept confidential and secure.
Anyone who receives information from us is also under a legal duty to keep it confidential and secure.
We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional, as defined under the Data Protection Act 2018. Occasions when we must pass on information include:
- Notification of births and deaths;
- Where we encounter infectious diseases which may endanger the safety of others such as meningitis or measles;
- Child Protection cases;
- Where a formal court order has been issued;
- Benefits Agency cases; and
- National Treatment Agency for Substance Misuse to monitor the availability, capacity and effectiveness of treatment for drug misuse in England.
Who do we share your information with?
Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
We will share information with the following main partner organisations:
- Other NHS Trusts, hospitals that are involved in your care;
- Clinical Commissioning Groups and other NHS bodies;
- General Practitioners (GPs); and
- Ambulance Trusts.
You may be receiving care from other service providers as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it as part of your care or we have your permission. Therefore, we may also share your information with:
- Social Care Services;
- Education Services;
- Local Authorities; and
- Voluntary and private sector providers working with the NHS.
Lawful basis for processing your information
We share information in line with the legislation from the Health and Social Care Act 2015 and we process/share your information under the Data Protection Act legislation and the new UK General Data Protection Regulation (UK GDPR) legislation of article 6(1)(c), 6(1)(d), 6(1)(f) and article 9 EU GDPR (processing of special categories of personal data)
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
We follow the Trust and the DOH policies and guidance in regards to the retention periods of data and information that we hold.
Your information, your rights
Data Protection legislation gives individuals rights in respect of the personal information that we hold about you. These are:
- To be informed why, where and how we use your information;
- To ask for access to your information;
- To ask for your information to be corrected if it is inaccurate or incomplete;
- To ask for your information to be deleted or removed where there is no need for us to continue processing it;
- To ask us to restrict the use of your information;
- To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information;
- To object to how your information is used;
- To challenge any decisions made without human intervention (automated decision making); and
- You have the right to refuse /withdraw consent to information sharing at any time. The possible consequences will be fully explained to you and could include delays in receiving care.
Access to your health record
Under most circumstances you are entitled to receive a copy of your records. However, you should be aware that in some cases your right to see some details in your health records may be limited in your own interest or for other reasons which will be explained to you.
The application to access your records can be made by you, a person authorised by you in writing or a person appointed by a court to manage your affairs if the court has decided that you are not able to do so yourself.
If you want to access your health records, you should write to:
Legal Services, The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust, Gayton Road, King’s Lynn, PE30 4ET.
National Data Opt Out
Information about you can also be used and provided to other organisations for purposes beyond your individual care, for research and planning to help provide better health and care for you, your family and future generations. This may only take place when there is a clear legal basis to use this information.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information;
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care;
- Find out more about the benefits of sharing data;
- Understand more about who uses the data;
- Find out how your data is protected;
- Be able to access the system to view, set or change your opt-out setting;
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone; and
- See the situations where the opt-out will not apply.
- Health Records Authority - patient information and health and care research (which covers health and care research) https://www.hra.nhs.uk/information-about-patients/
- Understanding Patient Data (which covers how and why patient information is used, the safeguards and how decisions are made)
You can also find out more about how patient information is used at:
You can change your mind about your choice at any time.
Data Protection Impact Assessments
All new, or changes to existing, information systems or information sharing processes, for healthcare purposes, trigger a Data Protection Impact Assessment (DPIA) to ensure the security and confidentiality of personal confidential data. Copies of these Data Protection Impact Assessments are available by contacting our Data Protection Officer on 01533 214965 or emailing IGHelp@qehkl.nhs.uk.
Data Security and Protection Policies
To ensure that you are properly informed of the use of your personal information and of your rights, the Trust’s Data Security and Protection policies are available on request from our Information Governance Helpdesk, at IGHelp@qehkl.nhs.uk.
Should you have any further queries on the uses of your information, please initially contact our Data Protection Officer at IGHelp@qehkl.nhs.uk.
Should you wish to lodge a complaint about the use of your information, please contact our complaints team on 01553 613890.
If you are still unhappy with the outcome of your enquiry you can write to: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF - Telephone: 0303 123 1113