Privacy Notice – Patient Records

We aim to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you.

Health records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection Laws.

Our staff are trained to handle your information correctly and protect your privacy.  We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing.  Your information is never collected for direct marketing purposes, and is not sold on to any other third parties.

Sometimes your care may be provided by members of a care team, which might include people from other organisations such as health; social care; education; or other care organisations.

Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.

Information collected about you to deliver your health care is also used to assist with:

  • Making sure your care is of a high standard.
  • Using statistical information to look after the health and wellbeing of the general public and planning services to meet the needs of the population.
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care.
  • Preparing statistics on our performance for the Department of Health and other regulatory bodies.
  • Helping train staff and support research.
  • Supporting the funding of your care.
  • Reporting and investigation of complaints, claims and untoward incidents.
  • Reporting events to the appropriate authorities when we are required to do so by law.

The legal basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health and Data Protection law says it is appropriate to do so for health and social care treatment of patients, and the management of health or social care systems and services.

If we need to use your personal information for any reason beyond those stated above, we will discuss this with you.  You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below.

  • the public interest is thought to be of greater importance for example:
  • if a serious crime has been committed
  • if there are risks to the public or our staff
  • to protect vulnerable children or adults.
  • we have a legal duty, for example registering births, reporting some infectious diseases, wounding by firearms and court orders
  • we need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority)

Data Protection laws gives individuals rights in respect of the personal information that we hold about you.  These are:

  1. To be informed why, where and how we use your information.
  2. To ask for access to your information.
  3. To ask for your information to be corrected if it is inaccurate or incomplete.
  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it.
  5. To ask us to restrict the use of your information.
  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
  7. To object to how your information is used.
  8. To challenge any decisions made without human intervention (automated decision making)

Should you have any further queries on the uses of your information or you wish to lodge a complaint about the use of your information please contact the Trust’s Data Protection Officer – Chris Kerr at Data.Protection@wmas.nhs.uk or telephone 01384 246496.

If you are still unhappy with the outcome of your enquiry you can contact the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/