The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust (the Trust) processes information about you in order to provide health care services, and in doing so has to comply with the requirements of the Data Protection Act 2018 and the EU General Data Protection Regulation. This means that data held about you must only be used for specific purposes as defined by law. This Privacy Notice has been created to inform you about the types of information held about you, why that information is held about you, and to whom that information may be shared.
Why we collect information about you:
The health care professionals caring for you keep records about your health and any treatment you receive from the NHS. These help ensure that you receive the best possible care from us. They may be written down (manual records), or held on a computer. The records may include:
Basic information about you, such as name, address, date of birth, NHS number and next of kin details
- Contacts we have had with you, such as inpatient or outpatient appointments
- Notes and reports about your health and any treatment and care you need;
- Details and records about the treatment and care you receive;
- Relevant information from other health and social care professionals, local authorities, voluntary organisations, relatives or those who care for you and know you well.
How your personal information is used:
Your records are used to direct, manage and deliver the care you receive to ensure that:
- The healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you,
- Appropriate information is available if you see another member of the clinical care team, or are referred to a specialist or another part of the NHS.
How your records are used to help the Trust:
Your information will also be used to help us manage the Trust and protect the health of the public by being used to:
- Review the care we provide to ensure it is of the highest standard and quality.
- Ensure our services can meet service user needs in the future.
- Investigate service users’ queries, complaints and legal claims.
- Prepare statistics on the Trust’s performance.
- Audit Trust accounts and services.
- Undertaking heath research and development (with your consent - you may choose whether or not to be involved).
- Helping to train and educate healthcare professionals.
Specific uses of your information
- NHS Patient Survey Programme: Your contact information may be used for the purpose of the NHS Patient Survey Programme and that, where relevant, this will include passing those data to an approved contractor. Anonymised reports produced by the survey programme will be used to help make service improvements. You have the right to opt-out of taking part in the survey programme.
- Major incidents: Your data may be shared within government for emergency response or recovery purposes unless to do so involves disproportionate effort.
- Radiology services: We provide Radiology services on a twenty four hour basis. In order to do this effectively, we have a contract with Radiology Reporting Online Limited (RRO) which has radiology reporting centres within the UK and Australia. RRO support the Trust’s imaging department during peak and out of hours periods. Patient information, required for diagnosis is sent to RRO’s reporting centres in the UK or Australia.
- Contacting you: When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact telephone number for you. This can be used to provide appointment details via text messages, automated calls and person to person calls to advise you of appointment times.
Some of this information is held centrally within the Trust, but where this is used for statistical purposes rigorous measures are taken to ensure that individual service users cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including Universities and Research Institutions.
Where it is not possible to use anonymised information, personally identifiable information may be used for essential NHS purposes. They may include research and auditing services. This will only be done with your consent, and/or the consent of your carer or next of kin, unless the law requires information to be passed on to improve public health.
How we keep your records confidential and secure:
Everyone working for the NHS has a legal duty to keep information about you confidential and secure.
You may be receiving care from other organisations as well as the NHS e.g. Social Services and the Voluntary Sector. We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. When we pass on any information we will ensure it is kept confidential and secure.
Anyone who receives information from us is also under a legal duty to keep it confidential and secure.
We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional, as defined under the Data Protection Act 1998. Occasions when we must pass on information include:
- Notification of births and deaths,
- Where we encounter infectious diseases which may endanger the safety of others such as meningitis or measles,
- Child Protection cases,
- Where a formal court order has been issued,
- Benefits Agency cases,
- National Treatment Agency for Substance Misuse to monitor the availability, capacity and effectiveness of treatment for drug misuse in England.
Who do we share your information with?
Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
We will share information with the following main partner organisations:
- Other NHS Trusts, hospitals that are involved in your care
- Clinical Commissioning Groups and other NHS bodies,
- General Practitioners (GPs),
- Ambulance Trusts
You may be receiving care from other service providers as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it as part of your care or we have your permission. Therefore, we may also share your information with:
- Social Care Services.
- Education Services.
- Local Authorities
- Voluntary and private sector providers working with the NHS.
Lawful basis for processing your information
We share information in line with the legislation from the Health and Social Care Act 2015 and we process/share your information under the Data Protection Act legislation and the new GDPR (General Data Protection Regulation) legislation of article 6(1)(c), 6(1)(d), 6(1)(f) and article 9 EU GDPR (processing of special categories of personal data)
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
We follow the Trust and the DOH policies and guidance in regards to the retention periods of data and information that we hold.
Your information, your rights
Data Protection legislation gives individuals rights in respect of the personal information that we hold about you. These are:
- To be informed why, where and how we use your information.
- To ask for access to your information.
- To ask for your information to be corrected if it is inaccurate or incomplete.
- To ask for your information to be deleted or removed where there is no need for us to continue processing it.
- To ask us to restrict the use of your information.
- To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
- To object to how your information is used.
- To challenge any decisions made without human intervention (automated decision making)
- You have the right to refuse /withdraw consent to information sharing at any time. The possible consequences will be fully explained to you and could include delays in receiving care.
Data Protection Impact Assessments
All new, or changes to existing, information systems or information sharing processes, for healthcare purposes, trigger a Data Protection Impast Assessment to ensure the security and confidentiality of personal confidential data. Copies of these Data Protection Impact Assessments are available by contacting our Data Protection Officer - Phil Cottis, on 01553 214965 or at firstname.lastname@example.org.
Should you have any further queries on the uses of your information, please speak to your health professional or our PALS Department on 01553 613351 or 01553 613343 or our Data Protection Officer – Phil Cottis, on 01553 214965 or at email@example.com
Should you wish to lodge a complaint about the use of your information, please contact our complaints team on 01553 613890.
If you are still unhappy with the outcome of your enquiry you can write to: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF - Telephone: 01625 545700.