We ask you for information to help ensure that you receive the correct care and treatment.
This page provides you with information about how we use and manage the information we have about you, including how we share it with NHS and non-NHS organisations, and how we maintain confidentiality.
Personal data is information that relates to a living individual who can be identified from that data.
The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust keeps records about the health care and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us.
It helps you because:
It helps the NHS to:
The Data Protection Act 1998 governs the processing of personal data held on computer systems and in other formats. It restricts how we can use an individual’s data, and consists of eight Data Protection Principles that must be applied when processing personal data.
Organisations that process personal data must register as a 'data controller', and notify the Information Commissioner (ICO) why they need to process the data.
The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust is the data controller of personal information collected by the Trust to help us provide and manage healthcare to our patients.
Full details of all the purposes to which data may be put are listed at the ICO website (http://www.ico.gov.uk/ ). The Trust is registered with the Information Commissioner. The Trust registration number is Z2551503.
Everyone working for the NHS is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised and consented to by the patient, unless there are other circumstances covered by the law.
Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. This will be noted in your records.
The Trust shares data with a range of organisations. Wherever possible the information is anonymised. However, data may be shared with other organisations for the purposes of caring for a patient. In that case the data has to be identifiable to ensure that all parties are always clear exactly whose data is being used.
We may share your information for health purposes with other NHS organisations, e.g. other NHS Trusts, general practitioners (GPs), ambulance services etc.
For your benefit, we may also need to share information from your health records with non-NHS organisations, from which you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.
We may also be asked to share basic information about you, such as your name and address, which does not include sensitive information from your health records. Generally, we would do this to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.
These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the Police, voluntary sector providers and private sector providers.
We provide Radiology services on a twenty four hour basis. In order to do this effectively, we have a contract with Radiology Reporting Online Limited (RRO) who have radiology reporting centres within the UK and Australia. RRO support the Trust’s imaging department during peak and out of hours periods. Patient information, required for diagnosis is sent to RRO’s reporting centres in the UK or Australia.
The Information Commissioner’s Office and the European Union requires information processed outside member countries to be bound by specific contractual terms. You can read about the requirements here: http://ico.org.uk/for_organisations/data_protection/the_guide/principle_8
We have reviewed these terms and made sure they are commensurate with those requirements. Our Caldicott Guardian has also reviewed and agreed that the processing of patient data in this manner is appropriate and secure.
You have the right to refuse /withdraw consent to information sharing at any time.
The possible consequences will be fully explained to you and could include delays in receiving care.
When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact number and mobile telephone number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.
Download our leaflet 'Your information, your rights' which explains why information is collected about you and the ways in which the information may be used.
If you require further information about how patient information is used, or your wish to flag up any concerns regarding this matter, please contact:
Information Governance and RA Manager
Tel: 01553 214965