The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust (the Trust) processes information about you in order to provide health care services, and in doing so has to comply with the requirements of the Data Protection Act 2018 and the EU General Data Protection Regulation. This means that data held about you must only be used for specific purposes as defined by law. This Privacy Notice has been created to inform you about the types of information held about you, why that information is held about you, and to whom that information may be shared.
The Trust is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy statement.
The Trust may change this statement from time to time. You should check this page from time to time to ensure that you are happy with any changes. This statement is effective from 01/06/2020.
Why we collect information about you:
The health care professionals caring for you keep records about your health and any treatment you receive from the NHS. These help ensure that you receive the best possible care from us. They may be written down (manual records), or held on a computer. The records may include:
- Basic information about you, such as name, address, date of birth, NHS number and next of kin details;
- Contacts we have had with you, such as inpatient appointment, outpatient appointment or Video Consultation appointment;
- Notes and reports about your health and any treatment and care you need;
- Details and records about the treatment and care you receive; and
- Relevant information from other health and social care professionals, local authorities, voluntary organisations, relatives or those who care for you and know you well.
How your personal information is used:
Your records are used to direct, manage and deliver the care you receive to ensure that:
How your records are used to help the Trust:
Your information will also be used to help us manage the Trust and protect the health of the public by being used to:
Specific uses of your information
We may collect the following information:
We may use information about Foundation Trust members to ensure that our membership properly represents the population served by the Trust.
From time to time, we will contact Foundation Trust members for the purposes of informing them of events and news relating to the Trust.
We will not use the information for any marketing purposes.
CCTV images are retained for 28 days only.
Images are only viewed by Trust personnel, but images may be shared with the police to aid the investigation or prosecution of criminal activities within Trust grounds and premises.
Some of this information is held centrally within the Trust, but where this is used for statistical purposes rigorous measures are taken to ensure that individual service users cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including Universities and Research Institutions.
Where it is not possible to use anonymised information, personally identifiable information may be used for essential NHS purposes. They may include research and auditing services. This will only be done with your consent, and/or the consent of your carer or next of kin, unless the law requires information to be passed on to improve public health.
How we keep your records confidential and secure:
Everyone working for the NHS has a legal duty to keep information about you confidential and secure.
You may be receiving care from other organisations as well as the NHS e.g. Social Services and the Voluntary Sector. We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. When we pass on any information we will ensure it is kept confidential and secure.
Anyone who receives information from us is also under a legal duty to keep it confidential and secure.
We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional, as defined under the Data Protection Act 1998. Occasions when we must pass on information include:
Who do we share your information with?
Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
We will share information with the following main partner organisations:
You may be receiving care from other service providers as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it as part of your care or we have your permission. Therefore, we may also share your information with:
Lawful basis for processing your information
We share information in line with the legislation from the Health and Social Care Act 2015 and we process/share your information under the Data Protection Act legislation and the new GDPR (General Data Protection Regulation) legislation of article 6(1)(c), 6(1)(d), 6(1)(f) and article 9 EU GDPR (processing of special categories of personal data)
We follow the Trust and the DOH policies and guidance in regards to the retention periods of data and information that we hold.
Your information, your rights
Data Protection legislation gives individuals rights in respect of the personal information that we hold about you. These are:
1. To be informed why, where and how we use your information;
2. To ask for access to your information;
3. To ask for your information to be corrected if it is inaccurate or incomplete;
4. To ask for your information to be deleted or removed where there is no need for us to continue processing it;
5. To ask us to restrict the use of your information;
6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information;
7. To object to how your information is used;
8. To challenge any decisions made without human intervention (automated decision making); and
9. You have the right to refuse /withdraw consent to information sharing at any time. The possible consequences will be fully explained to you and could include delays in receiving care.
Access to your health records
Under most circumstances you are entitled to receive a copy of your records. However, you should be aware that in some cases your right to see some details in your health records may be limited in your own interest or for other reasons which will be explained to you. The application to access your records can be made by you, a person authorised by you in writing or a person appointed by a court to manage your affairs if the court has decided that you are not able to do so yourself. If you want to access your health records, you should write to: Legal Services, Queen Elizabeth Hospital Gayton Road, King’s Lynn, Norfolk PE30 4ET
National Data Opt Out
Information about you can also be used and provided to other organisations for purposes beyond your individual care, for research and planning to help provide better health and care for you, your family and future generations. This may only take place when there is a clear legal basis to use this information.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data Protection Impact Assessments
All new, or changes to existing, information systems or information sharing processes, for healthcare purposes, trigger a Data Protection Impact Assessment to ensure the security and confidentiality of personal confidential data. Copies of these Data Protection Impact Assessments are available by contacting our Data Protection Officer – Phil Cottis, on 01553 214965 or at email@example.com.
Data Security and Protection Policies
To ensure that you are properly informed of the use of your personal information and of your rights, the Trust’s Data Security and Protection policies are available on request from our Data Protection Officer – Phil Cottis, on 01553 214965 or at firstname.lastname@example.org
Should you have any further queries on the uses of your information, please speak to your health professional or our PALS Department on 01553 613351 or 01553 613343 or our Data Protection Officer – Phil Cottis, on 01553 214965 or at email@example.com Should you wish to lodge a complaint about the use of your information, please contact our complaints team on 01553 613890. If you are still unhappy with the outcome of your enquiry you can write to: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF - Telephone: 01625 545700.