[Skip to content]

tab rollover pre-load tab rollover pre-load tab rollover pre-load tab rollover pre-load tab rollover pre-load tab rollover pre-load
Monday 17 December 2018
Salford Patients Header Montage
Latest News:
RSS icon
Search
.
female patient, happy smiling

Privacy notice - information for adults

The Care Organisations within the Northern Care Alliance process patient’s Personal Data for a number of reasons outlined in this Privacy Note. Personal data is information that relates to a living individual who can be identified from that data.

 

The Trusts are registered with the Information Commissioner's Office as a Data Controller reference Z5006706 for Salford Royal Care Organisation and Z6519461 for the Pennine Acute Care Organisations, as required by the Data Protection Act 1998 and The Data Protection Bill 2018.


Why do we keep information about you?


The organisation uses and manages the information it holds about you, including how the information may be shared with other NHS organisations and with non-NHS organisations, and how the confidentiality of your information is maintained.

 

We store and use your data under the legal governance of the NHS Plan 2000, the Health Services Act 2006, Health & Social Care Act 2012 and the Care Act 2015.

 

We hold your personal data for the purposes of providing you with appropriate care and treatment.

 

We keep records about the health care and treatment we provide to you. This helps to ensure that you receive the best possible care from us.

 

We may also use personal details to issue patient satisfaction surveys relating to the services used. It helps you because:

  • Accurate, up-to-date information is important for providing the right care;
  • If a patient has to see another doctor or is referred to a specialist or to another part of the NHS, then full details of the patient's healthcare can be made available;
  • Satisfaction surveys enable the Organisation to improve the way it delivers healthcare to its patients.


It helps us:


  • To plan, manage and audit the health services we provide;
  • To prepare statistics on our performance;
  • To monitor how we spend public money;
  • To teach and train healthcare professionals;
  • To conduct health research and development;
  • To support clinical trials
  • To support cases to obtain funding for your care;
  • Reporting and investigating complaints, claims and untoward incidents;
  • Reporting events to the appropriate authorities when we are required to do so by law.

 

Please remember that you have the right to access personal information about you held by the organisation, either to view the information in person, or to be provided with a copy.


If you want to access your health records then please contact

For Salford Royal NHS Foundation Trust

InformationSecurity&DataProtection@srft.nhs.uk or by telephoning 0161 206 1130

 

For Pennine Acute Hospitals Trust

healthrecordsaccess@pat.nhs.uk or by telephoning 0161 627 8591, 0161 656 1215, 0161 656 1750

 

What information do we hold about you

  • Identity details - name, date of birth, NHS Number
  • Contact details - address, telephone, email address
  • 'Next of kin' - the contact details of a close relative or friend
  • Details of any A&E visits, in-patient spells or clinic appointments
  • Results of any scans, X-rays and pathology tests
  • Details of any diagnosis and treatment given
  • Information about any allergies and health conditions
  • Relevant information about people who are involved in your care and know you
  • Details about people associated with you such as your children, partners, carers relatives
  • Information sent about you to us from others involved in your care such as your GP, Optician, schools etc


By providing us with your contact details, you are agreeing for us to use these channels to communicate with you about your healthcare, i.e. by letter (postal address), by voice-mail or voice-message (telephone or mobile number), by text message (mobile number) or by email (email address).


We manage all records to the minimum retention periods stated in the NHS Records Management Code of Practice for Health and Social Care. To support your future care needs and to support population health and as your records may become vital in the care of family members or may be used in research or clinical trials we do not destroy or archive electronic clinical records.

 

How will we keep your information secure and confidential?

All members of staff working in the NHS and other healthcare organisations have a legal duty of confidentiality to keep your information strictly confidential (unless in extreme circumstances where your safety or that of others is compromised). Everyone working for this organisation is subject to the Common Law Duty of Confidence. 

 

Information provided in confidence will only be used for the purposes advised and consented to by the patient, except in circumstances where the law requires or allows the Organisation to act otherwise.

 

What laws are relevant to the handling of personal information?

  • The General Data Protection Regulation 2018, formerly The Data Protection Act 1998 (including the Data Protection Bill 2018) 
  • The Human Rights Act 1998
  • Freedom of Information (Scotland) Act 2002
  • Computer Misuse Act 1998
  • Access to Health Records Act 1990
  • The Human Rights Act 1998
  • Common law Duty of Confidentiality
  • NHS Codes of Practice.

 

How patient records are shared?

This organisation shares patient information with a range of organisations or individuals for a variety of lawful purposes, including: 

 

  • Disclosure to GPs and other NHS staff for the purposes of providing direct care and treatment to the patient, including administration;
  • Disclosure to social workers or to other non-NHS staff involved in providing healthcare;
  • Disclosure to specialist organisations for the purposes of clinical auditing;
  • Disclosure to those with parental responsibility for patients, including guardians;
  • Disclosure to carers without parental responsibility (subject to explicit consent);
  • Disclosure to medical researchers for research purposes (subject to explicit consent, unless the data is anonymous);
  • Disclosure to NHS managers and the Department of Health for the purposes of planning, commissioning, managing and auditing healthcare services;
  • Disclosure to bodies with statutory investigative powers - e.g. the Care Quality Commission, the GMC, the Audit Commission, the Health Service Ombudsman;
  • Disclosure to national generic registries - e.g. the UK Association of Cancer Registries;
  • Disclosure, where necessary and appropriate, to non-statutory investigations - e.g. Members of Parliament;
  • Disclosure, where necessary and appropriate, to government departments other than the Department of Health;
  • Disclosure to solicitors, to the police, to the Courts (including a Coroner's Court), and to tribunals and enquiries;
  • Disclosure to the media (normally the minimum necessary disclosure subject to explicit consent)

 

Confidential patient-identifiable information is only shared with other organisations where there is a legal basis for it as follows:

 

  • When there is a Court Order or a statutory duty to share patient data;
  • When there is a statutory power to share patient data;
  • When the patient has given his/her explicit consent to the sharing;
  • When the patient has implicitly consented to the sharing for direct care purposes;
  • When the sharing of patient data without consent has been authorised by the Confidentiality Advisory Group of the Health Research Authority (HRA CAG) under Section 251 of the NHS Act 2006
  • Patient information may be shared, for the purposes of providing direct patient care, with other NHS 'provider' organisations, such as NHS Acute Trusts (hospitals), NHS Community Health (primary care), NHS general practitioners (GPs), NHS ambulance services etc.


In such cases, the shared data must always identify the patient for safety reasons.

 

For the purposes of commissioning and managing healthcare, patient information may also be shared with other types of NHS organisations, such as the local Clinical Commissioning Group (CCG), and the Health & Social Care Information Centre (part of NHS England).

 

In such cases, the shared data is made anonymous, wherever possible, by removing all patient-identifying details, unless the law requires the patient's identity to be included.

 

For the benefit of the patient, the Organisation may also need to share patient health information with non-NHS organisations which are also providing care to the patient.

 

These may include social services or private healthcare organisations.

 

However, the Organisation will not disclose confidential health information to third parties without the patient's explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires disclosure.

 

The Organisation may also be asked to share basic information about its patients, such as names and addresses, which does not include sensitive health information.

 

Generally, the Organisation would do this where it is necessary to assist an organisation to carry out its statutory duties.

 

These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the police, voluntary sector providers, and private sector providers.

 

As it may not be practicable in such circumstances to obtain patients' explicit consent, the Organisation is informing its patients through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act 2018.

 

Where patient information is shared with other non-NHS organisations, or for reasons other than direct patient care, it is good practice for a Data Processing Contract to be drawn up to ensure that information is shared in a way that complies with all relevant legislation.

 

What are your rights under GDPR?

Under GDPR you have a number of rights. These are listed below.


  • That your rights are communicated to you in such a way as to be open, honest and easy to read and understand
  • You should be informed which data we hold has been collected from you and that which has been collected from others
  • You have a right of access to the data we hold on you. This will include how much, of what type, who we share it with and why. You also have the right to know what safeguards we use to protect your data at any point of our handling or sharing your data
  • You have the right to have mistakes or errors in your data corrected which includes having missing data completed.
  • You have the right of erasure also known as the right to be forgotten. This will depend on the legal justification for why you provided the data. For instance most, medical records are collated under the Health and Social Care Act and therefore are not able to be erased. Research and clinical trials data is also protected by the Data Protection Bill. However if you consent for your data to be used outwith of these in all likelihood it will be able to be erased if you wish.
  • You have the right to restrict processing. This means you can stop your data from being used under certain circumstances.
  • You have the right of data portability. This is to have your data provided to you in a format easily read by a commonly used computer program.
  • You have the right to object under certain circumstances to your data being processed.
  • You have the right to prevent automatic decision making. An example of this is when you apply for a loan via the internet and the decision is made via a computer.
  • You have the right to prevent profiling. This is when the recording and analysis of a person's psychological and behavioural characteristics is used. However health profiling is sometimes essential to help us support wellness.
  • You have a right to complain and contact details are written at the end of this document.

 

Essential Contacts

The Data Controller 

The Data Controller for the Northern Care Alliance is Sir David Dalton. He can be contacted via data.controller@srft.nhs.uk

 

The Data Protection Officer

The Data Protection Officer for the Northern Care Alliance can be contacted via dataprotection.officer@srft.nhs.uk

 

The Caldicott Guardian

The Caldicott Guardian for the Northern Care Alliance can be contacted via caldicott.guardian@srft.nhs.uk

 

Freedom of Information Requests

The team can be contacted on FOIREQUEST@SRFT.nhs.uk or by telephoning 0161 206 1130

 

Subject Access Requests

If you want to access your health records then please contact: -

 

For Salford Royal NHS Foundation Trust

infosec@srft.nhs.uk or by telephoning 0161 206 1130

 

For Pennine Acute Hospitals Trust

healthrecordsaccess@pat.nhs.uk or by telephoning 0161 627 8591, 0161 656 1215, 0161 656 1750

 

 

The Information Commissioner

You have the right at anytime to complain about how we have processed your data by contacting the Information Commissioner:


The Information Commissioner's Office (ICO)

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Tel: 0303 123 1113 or 01625 545745

Information Commissioner's Office website (www.ico.org.uk)