Why do we collect information about you?
Doctors, nurses and other healthcare professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care. They may be written down in paper records or held on computer, and may include:
- Basic details about you such as name, address, date of birth, next of kin, etc
- Contact we have had with you such as appointments or clinic visits
- Mental Health documentation
- Notes and reports about your health, treatment and care
- Relevant information from people who care for you and know you well such as health professionals and relatives
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.
We need to collect information about you to provide you with health and care services. This is in accordance with the statutory obligations under the NHS Act 2006 and Health and Social Care Act 2012.
The information that we collect is used for medical purposes that include:
- preventative medicine
- medical diagnosis
- medical research
- provision of direct care and treatment
We recognise the need to treat personal data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met. This Fair Processing Notice provides a summary of how we will ensure that we do that, by describing:
- the categories of personal data we may handle
- the purpose(s) for which it is being processes
- the person(s) / organisation(s) it may be shared with
- This Notice also explains what rights you have to control how we use your information.
The key legislation governing the use of information is listed below:
- The Data Protection Act 2018
- General Data Protection Regulation
- The Human Rights Act 1998
- Freedom of Information Act 2000
- Computer Misuse Act 1998
- Audit Commission Act 1998
- Regulation of Investigatory Powers Act 2000
- Access to Health Records Act 1990
The Data Protection Act (DPA) is the law that primarily determines how we can use your personal data.
For the purposes of the Data Protection Act, the Trust is the "Data Controller" (the holder, user and processor) of staff information.