Accessibility: text only | high contrast

Fair processing notice

Patient information - How it is used

A woman typingWe ask you for information to help ensure that you receive the correct care and treatment.

Fair Processing Notice – Data Protection Act 1998

This page provides you with information about how we use and manage the information we have about you, including how we share it with NHS and non-NHS organisations, and how we maintain confidentiality.  

What is personal data?

Personal data is information that relates to a living individual who can be identified from that data.

Why we collect information about you

The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust keeps records about the health care and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us.  

It helps you because:

  • Accurate and up-to-date information assists us in providing you with the right care
  • Full information is readily available if you see another doctor or are referred to a specialist or another part of the NHS.


It helps the NHS to:

  • Prepare statistics on NHS performance
  • Audit NHS Services
  • Monitor how we spend public money
  • Plan and manage the health service
  • Teach and train healthcare professionals
  • Conduct health research and development.

Data Protection Act 1998

The Data Protection Act 1998 governs the processing of personal data held on computer systems and in other formats. It restricts how we can use an individual’s data, and consists of eight Data Protection Principles that must be applied when processing personal data.  

Organisations that process personal data must register as a 'data controller', and notify the Information Commissioner (ICO) why they need to process the data.  

The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust is the data controller of personal information collected by the Trust to help us provide and manage healthcare to our patients.  

Full details of all the purposes to which data may be put are listed at the ICO website ( ). The Trust is registered with the Information Commissioner. The Trust registration number is Z2551503.

What kind of information does the Trust hold about you?

  • Name, address, date of birth, NHS Number and next of kin
  • Contacts we have had with you such as clinic visits
  • Details of diagnosis and treatment
  • Allergies and health conditions

How do we keep your records confidential?

Everyone working for the NHS is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised and consented to by the patient, unless there are other circumstances covered by the law.  

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. This will be noted in your records.  

The Trust shares data with a range of organisations. Wherever possible the information is anonymised. However, data may be shared with other organisations for the purposes of caring for a patient. In that case the data has to be identifiable to ensure that all parties are always clear exactly whose data is being used.  

We may share your information for health purposes with other NHS organisations, e.g. other NHS Trusts, general practitioners (GPs), ambulance services etc.

Information sharing with non-NHS organisations

For your benefit, we may also need to share information from your health records with non-NHS organisations, from which you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.  

We may also be asked to share basic information about you, such as your name and address, which does not include sensitive information from your health records. Generally, we would do this to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.   

These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the Police, voluntary sector providers and private sector providers.

Radiology services

We provide Radiology services on a twenty four hour basis. In order to do this effectively, we have a contract with Radiology Reporting Online Limited (RRO) who have radiology reporting centres within the UK and Australia. RRO support the Trust’s imaging department during peak and out of hours periods. Patient information, required for diagnosis is sent to RRO’s reporting centres in the UK or Australia.

The Information Commissioner’s Office and the European Union requires information processed outside member countries to be bound by specific contractual terms. You can read about the requirements here:

We have reviewed these terms and made sure they are commensurate with those requirements. Our Caldicott Guardian has also reviewed and agreed that the processing of patient data in this manner is appropriate and secure.

Your right to withdraw consent for us to share your personal information

You have the right to refuse /withdraw consent to information sharing at any time. 

The possible consequences will be fully explained to you and could include delays in receiving care.

SMS text messaging

When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact number and mobile telephone number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.

Your information, your rights

Download our leaflet 'Your information, your rights' which explains why information is collected about you and the ways in which the information may be used.

If you require further information about how patient information is used, or your wish to flag up any concerns regarding this matter, please contact:

Phil Cottis
Information Governance and RA Manager
Tel: 01553 214965