Data Protection and Privacy
Information for patients
This leaflet can be made available in other formats including large print, CD and Braille and in languages other than English, upon request.
What information do we collect about you and why?
The Trust holds information such as:
- Basic details about you, for example your address, next of kin contacts, marital status, etc.
- Details about your treatment, care and support that you need and receive.
- Investigation results, notes and reports, such as x-rays and laboratory tests.
- Any information you tell us that is important to your treatment or your illness.
Your information is used to guide and record the care you receive and is vital in helping us to:
- Provide quality healthcare to you as a patient/user of our services.
- Have all the information necessary for assessing your needs and for making decisions with you about your care.
- Keep you informed about your care and contact you with details of appointments, attendances and outcomes through mail, telephone, SMS (text), automated voice reminder calls, in person, email or other electronic means.
- Confirm your identity to provide our services.
- Assess the quality of care we give you and provide to others.
Examples of other people we may share your information with could be any of the following and is not comprehensive:
- Doctors, nurses and clinicians.
- Your family doctor (GP).
- Social services.
- Other care providers whom contribute to your care.
Information may also need to be shared with other non-NHS organisations, from which you are receiving care and other agencies that are supporting your care.
We do this in order to provide the most appropriate treatment and support for you, and your carers, or when the welfare of other people is involved. We will only share your information in this way if it is considered necessary and we have a legal basis to do so.
There are times when we need to share information with other organisations such as our local authority partners, outside healthcare providers, the Department of Work and Pensions (DWP) and the Driver and Vehicle Licensing Agency (DVLA).
We will only share information in this way if we have your permission, or we have a legal basis and it is considered necessary.
Examples of sharing could be for any of the following other purposes:
Sharing to improve Health, Care and Services through Research – the Trust actively promotes research with a view to improving quality of services for the future.
You may have the opportunity to participate in an important research study. If you would like to get involved in our research please discuss this with the team who are providing your treatment.
If we use your patient information for research, we remove your name and all other personal data which would identify you. If we need the information in a form that would personally identify you, we would ask for your permission first.
Sharing to improve Health, Care and Services through planning – to help us monitor our performance, evaluate and develop the services we provide, it is necessary to review and share minimal information, for example with the NHS Clinical Commissioning Groups.
The information we share would be anonymous so you cannot be identified and all access to and use of this information is strictly controlled.
In order to ensure that we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports that are shared internally within our Trust.
Legal obligations – sometimes we are required by legislation to provide information because of the law. This is only ever provided to protect you and others. For example, the sharing can be for the prevention and detection of a crime, the prevention of abuse and neglect or in accordance with a court order.
National Patient Surveys & Audits – is part of the government’s commitment to ensure patient feedback is used to inform the improvement and development of NHS services.
We may share your contact information with an NHS approved contractor to be used for the purpose of national surveys and audits.
You do not have to participate in these surveys and the information will contain contact details to opt out.
How do we keep your information safe?
We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.
We ensure that we comply with current data protection legislation including the Data Protection Act (DPA) and UK General Data Protection Regulation (UK GDPR)
All of the Information Systems used by our Trust are implemented with robust information security safeguards to protect the confidentiality, integrity and availability of your personal information. The security controls adopted by the Trust are influenced by a number of sources including the 10 National Data Guardian Standards and guidelines produced by NHS Digital and other Government standards.
Everyone working for the NHS is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised and/ or consented to, unless it is required or permitted by the law. All of our staff receives annual Data Security training to ensure they remain aware of their responsibilities. They are obliged in their employment contracts to uphold confidentiality, and may face disciplinary procedures if they do not do so.
We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing.
Your information is never collected or sold for direct marketing purposes.
Do we process information overseas?
On occasions your data may be processed outside the UK, in most circumstances it will remain within the European Economic Area (EEA). The same protection would be applied as if processed within
this country. If your data is transferred outside the EEA we are required to comply with the Data Protection Act 2018 and the UK GDPR, and ensure there is adequate protection is in place ensuring that appropriate and suitable safeguards and binding contractual clauses are in place.
Data collected will not be sent to countries where the Laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with legal requirements. Where this is applied copies of information regarding the safeguards put in place can be provided on request to the Data Protection Officer.
How long do we retain information?
Your information is retained in compliance with the NHS Records Management Code of Practice 2021 which details retention periods for your records.
- Currently we keep adult health records for a minimum of eight years
- Maternity records are kept for a minimum of 25 years
- Children’s records until at least their 26th birthday.
- CCTV images for 28 days from the day of capture.
For a full list of the retention periods that we apply to your information please see the NHS Records Management Code of Practice 2021 which can be found here https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code or on the Trust’s website https://www.nth.nhs.uk
What are your rights as an individual?
Data Protection law gives individuals rights in respect of the personal information that we hold about you and these apply in circumstances where the relevant conditions are met.
These rights are, the right to:
- Be informed why, where and how we use your information.
- Ask for access to your information.
- Ask for your information to be corrected if it is inaccurate or incomplete.
- Ask for your information to be deleted or removed where there is no need for us to continue processing it.
- Ask us to restrict the use of your information.
- Ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
- Object to how your information is used.
- Challenge any decisions made without human intervention (automated decision making).
Please be aware that any restrictions you request may have an impact on the level of care that we could provide. We would advise discussing planned restrictions with your health professional before final decisions are made to ensure it would not impact on your treatment and/or care.
The Trust will always do its best to process your information in accordance with your wishes.
For further information on your rights please visit the ICO website www.ico.org.uk or contact the Trust Data Protection Officer.
You have the right to lodge a complaint if you are not content with the outcome of your confidentiality and data protection complaint and/or concern raised with the Trust.
Post: The Information Commissioner’s Office,
Wycliffe House, Water Lane,
Wilmslow, Cheshire,
SK9 5AF
Tel: 0303 123 1113 or +44 1625 545 745 (outside UK)
Online: www.ico.org.uk
How can I access my information?
You have the right to obtain from the Trust confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
All requests must be submitted to the Trust in writing.
To submit a formal request or for more information or assistance, please contact:
Post: Medical Legal Team
Medical Records Department
University Hospital of North Tees
Hardwick Road
Stockton-On-Tees
TS19 8PE
Telephone: 01642 383516
(Monday and Friday, 8.30am to 5.00pm)
Once your request has been received and your identity/entitlement verified, your request will usually be completed within one calendar month. However, if your records are extensive we may take longer to process your request but will inform you from the outset where possible, and in any case within 30 days.
Data Protection Officer
The Trust’s Data Protection Officer (DPO) is the person to contact if you would like to know more about how we use your information, if you require information in any accessible format or language, you wish to make a complaint or if (for any reason) you do not wish to have your information used in any of the ways described.
The DPO contact details are:
Post: Data Protection Officer
c/o Information Governance Team
University Hospital of North Tees
Hardwick Road
Stockton-On-Tees
TS19 8PE
Telephone: 01642 383551
Email: [email protected]
Comments, concerns, compliments or complaints
Patient Experience Team (PET)
We are continually trying to improve the services we provide. We want to know what we’re doing well or if there’s anything which we can improve, that’s why the Patient Experience Team (PET) is here to help. Our Team is here to try to resolve your concerns. The office is based at the University Hospital of North Tees if you wish to discuss concerns in person. Our contact details are:
Telephone: 01642 624719
Freephone: 0800 092 0084
Opening hours: Monday to Friday, 9:30am to 4:00pm
Email: [email protected]
Out of hours
Out of hours if you wish to speak to a senior member of Trust staff, please contact the hospital switchboard who will bleep the appropriate person.
Telephone: 01642 617617
Patient, Public and People with Lived Experience
We are looking for patients to share their experiences of healthcare and to join our Involvement Bank. Working with the patients, carers, families and the general population we support in making decisions about their care can lead to better health outcomes, increased patient satisfaction and a better overall experience. We want to listen and work with you in shaping the future of your healthcare services. To find out more about the Involvement Bank go to our website or contact us at:
Website: www.nth.nhs.uk/about/community/people-with-lived-experience
Email: [email protected]
Data protection and use of patient information
The Trust has developed Data Protection policies in accordance with Data Protection Legislation (UK General Data Protection Regulations and Data Protection Act 2018) and the Freedom of Information Act 2000. All of our staff respect these policies and confidentiality is adhered to at all times. If you require further information on how we process your information please see our Privacy Notices.
Telephone: 01642 383551
Email: [email protected]
Privacy NoticesLeaflet feedback
This leaflet has been produced in partnership with patients and carers. All patient leaflets are regularly reviewed, and any suggestions you have as to how it may be improved are extremely valuable. Please write to the Clinical Governance team at:
Email: [email protected]
Leaflet reference: PIL1044
Date for Review: 30.07.2027