☰ Menu
  • Accessibility
  • Contact us

Trust Privacy Notice - handling your information

  1. What is a fair processing notice?

Welcome to Camden and Islington NHS Foundation Trust’s (C&I)  privacy notice. C&I respects your privacy and is committed to protecting your personal data. This privacy notice will  tell you about how we look after your personal data,your privacy rights and  how the law protects you.

The General Data Protection Regulation (GDPR) requires that data controllers provide certain information to people whose personal data they hold and use. A privacy notice is one way of providing this information. This is sometimes referred to as a fair processing notice.

A privacy notice should identify who the data controller is, with contact details for its Data Protection Officer. It should also explain the purposes for which personal data are collected and used, how the data is used and disclosed, how long it is kept and the controller’s legal basis for processing.

 

  1. What is  our duty as a trust?

Confidentiality affects everyone: Camden & Islington NHS Foundation Trust collects,stores and uses large amounts of personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.

We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data we are responsible for, whether digital or on paper.

At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality. We also have a Data Protection Officer who is responsible for overseeing  the Trust’s data protection strategy and its implementation to ensure compliance with GDPR requirements. They can be contacted via Information.Request@candi.nhs.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) , the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance: Information.Request@candi.nhs.uk.

 

  1. Why do we collect information about you?

Doctors, nurses and other  healthcare professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care. They may be written down in paper records or held on computer, and may include:

• Basic details about you such as name, address, date of birth, next of kin, etc.

• Contact we have had with you such as appointments or clinic visits

• Mental Health documentation

• Notes and reports about your health, treatment and care

• Relevant information from people who care for you and know you well such as health professionals and relatives

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.

We need to collect information about you to provide you with health and care services. This is in accordance with the statutory obligations under the NHS Act 2006 and Health and Social Care Act 2012.   

The information that we collect is used for medical purposes that include:

  • preventative medicine
  • medical diagnosis
  • medical research
  • provision of direct care and treatment 

We recognise the need to treat personal data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met. This Fair Processing Notice provides a summary of how we will ensure that we do that, by describing:

  • the categories of personal data we may handle
  • the purpose(s) for which it is being processes
  •  the person(s) / organisation(s) it may be shared with

This Notice also explains what rights you have to control how we use your information.
 

The key legislation governing the use of information is listed below:

  • The Data Protection Act 2018
  • General Data Protection Regulation
  • The Human Rights Act 1998
  • Freedom of Information Act 2000
  • Computer Misuse Act 1998
  • Audit Commission Act 1998
  • Regulation of Investigatory Powers Act 2000
     Access to Health Records Act 1990

The Data Protection Act (DPA) is the law that primarily determines how we can use your personal data.

For the purposes of the Data Protection Act, the Trust is the "Data Controller" (the holder, user and processor) of staff information.

 

  1. What types of personal data do we process?

C&I have a legal duty to keep complete, accurate and up-to-date information about your health. This is so that you can receive the best possible care, both now and in the future. 

This information is known as your ‘health record’ and is stored securely on managed systems.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

 

 

Category

Data type

Identity Data

Your name, date of birth, NHS number, gender

Contact details

Your address, telephone number, email address (if provided), Emergency contacts

Support contact details

Names, contact details of carers, relevant close relatives, next of kin, representatives

Physical, social or mental health situation or condition

Your medical history, treatments, test results, referrals, care plans, care packages, medication, medical opinions and other relevant support you are receiving, GP contact details, bank details (for patient affairs)

Protected characteristics/ Special Categories of personal data

Your ethnicity, religion, sexual orientation, gender, which are required for equality monitoring and ensuring that the services are suitable and provided in the right way for the people being cared for

Recruitment data (for C&I staff only, fixed term, agency)

Recruitment Data includes items of personal information such as your name, date of birth, address, qualifications, references and potentially special categories of data such as occupation health data (if provided) and disclosure and barring service self-declaration form details

 

Others

Information relating to health and safety

Offences (including alleged offences), criminal proceedings, outcomes and sentences

Complaints, accidents, and incident details

 

  1. What is the purpose of processing data?


Under the Data Protection Act 2018, the Trust processes your data for the performance of a task carried out in the public interest and in exercising our official authority. This means that it is necessary for us to process your data for those purposes.

Additionally, other alternative conditions may be applicable where the above justification is not available for example, in the event of a life or death situation such as to prevent harm being caused by a patient or service user.

Other than where there is a legal requirement to share your information we will not publish any information that identifies you or routinely disclose any information about you without your express consent. At any time you have the right to refuse or withdraw your consent to information sharing.

We have set out below a description of all the ways we use your personal data, and the legal bases we rely on to do so. 

Purpose/activity

Type of data

Lawful basis for processing including basis of legitimate interest

Direct Care

a) Identity (b) Contact (c) Special Categories

All Health and Adult Social Care providers are subject to the statutory duty under Section 251B of the Health and Social Care Act 2012 to share personal data about patient for their direct care.

GDPR Article 6(1) (e) processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.

GDRP Article (2) (h) Processing is necessary for the purposes of preventative or occupational medicine for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or management of heath or social cares systems and services on the basis of Union or Member State law or a contract with a health professional

To respond to a request under the Freedom of Information Act, enquiries, complaints

(a) Identity (b) Contact

GDPR Article 6(1) (e) processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.

Comply with a legal or regulatory obligation

To respond to a request under Data Protection Act or the General Data Protection Regulation

a) Identity (b) Contact (c) Special Categories such as health information

GDPR Article 6(1) (e) processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.

Safeguarding

a) Identity (b) Contact (c) Special Categories such as health information

Local Authorities have a duty to make enquiries where an adult is experiencing or is at risk of abuse or neglect and had a duty to collaborate with partners generally and in specific cases.

GDPR Article 6 (1) (e) processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.

GDPR Article 9 (2) (b) Processing is necessary for the purpose of carrying out the obligations and exercising the specific rights of the controller or the data subject in the field of social protection law in so far as it is authorised by Union or Member State Law.

To investigate and respond to a complaint (including whistle-blowing)

(a) Identity (b) Contact (c) Special Categories

GDPR Article 6 (1) (e) processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.

GDPR Article 9 (2) (a) The data subject has given explicit consent to the processing of those personal data for one or more specified purposes

Commissioning and Planning Purposes

 

 

(a) Identity (b) Contact (c) Special Categories

Your information is sent to the commissioners of our services, the Primary Care Trusts who, on behalf of your GP, pay us for providing our services. We are also paid for services provided by London Borough of Islington and London Borough of Camden to provide some Social Care services. We are also required to report to the Healthcare Commission and the Department of Health on our activities and performance. These uses of your information would almost never involve a person looking at your records. Most submissions of your data outside of the Foundation Trust are done by computer and sent securely. Only very rarely would someone need to check into the submissions we make to focus on a specific person, and even then it is unlikely that the information would easily identify you as an individual.

C&I also undergoes external audit by the Audit Commission or other professional bodies given the legal authority to carry out audits. These audits may involve reviewing information in patient records to ensure accuracy, completeness and the competency of the staff that served you. It would rarely be the case that the auditors would ever be interested in knowing about you directly, and only in extreme cases of misconduct or incompetence in the Foundation Trust would they be interested in tracing you as an individual. 

C&I cannot prevent your information from being provided to the above when it is seeking payment for its services. By engaging in care provided by the C&I you will have consented for your information to be used in these ways.

Most national and local flows of personal data in support of commissioning are established by NHS digital either centrally or for local flows by the Data Services for Commissioners Regional Officers (DSCRO). These flows do not operate on the basis of consent for confidentiality or data protection purposes

Article 6 (1) (c) Processing is necessary for compliance with a legal obligation.

Article 6 (1) (e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Article 9 (2) (h) Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.

Research

(a) Identity (b) Contact (c) Special Categories

For research purposes, the common law duty of confidentiality must still be met through consent. This requirement has not changed under the GDPR. Consent is still needed for people outside the care team to access and use service user personal data for research, unless you have Section 251B of the Health and Social Care Act 2012 support or the data is annoymised  (no longer identifiable) such as the Clinical Record Interactive Search (CRIS). This includes encryption techniques, such as pseudonymisation (using special codes), to enhance your privacy and protect your confidentiality before using your information for research.

Article 6 (1) (e)Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Article 9 (2) (j) Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes in accordance with Article 89(1).

Employment Purpose (staff and volunteers)

(a) Identity (b) Contact (c) Special Categories

For employment purposes the below lawful reasons for lawful processing will apply this includes special categories of data such as health data for employment purposes.

(1) (e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

9 (2) (b) Processing is necessary for the purpose of carrying out the obligations and exercising the specific rights of the controller or the data subject in the field of social protection law in so far as it is authorised by Union or Member State law.

Personal data processed in relation to the Disclosure and Barring Service (DBS checks) falls under the GDPR (Article 10) and the provision of Safeguarding Vulnerable Groups Act 2006.

 

  1. Obligatory situations where we share your Information

In certain circumstances the Foundation Trust is legally and morally obliged to share your information. In many of these circumstances your consent is not required for this sharing to take place and we may not be obliged or able to report that the sharing has taken place. The following list includes, but is not limited to, such circumstances:

 Authority/Organisation

 Circumstance

 Courts (civil and  criminal)

 If a court serves the Foundation Trust a court order we are obliged to provide the requested information. It is the responsibility of the court to contact you to inform you of their actions.

 Department of Health

 The Department of Health requires us to submit information for performance and financial monitoring purposes.

 Police and law  enforcement

Police and other law enforcement agencies can require us to submit information they require to fulfil their investigation. Most only have powers to request information when investigating criminal matters. We would in most cases be unable to inform you that your information has been shared until after the investigation had been completed.

 Professional bodies

 Professional bodies, such as the British Medical Association or the Nursing and Midwifery Council have obligations to ensure their licensed members adhere to their codes of practice. Under some circumstances they can request information to assist in malpractice or misconduct investigations.

 National Government  department

Some National Government departments have powers to request information to assist in their investigations (e.g. The Home Office).

National Disease Registries or Research Projects

The  Trust may by law be obliged to report some communicable diseases if a service user is infected (e.g. Influenza, Tuberculosis). We may also be required to submit information to national research registries (e.g. Heart Disease, Cancer) under the Data Protection Act 1998.

 Social Services

 We are required by law to report suspicion of, or documented cases of, abuse, neglect or circumstances of risk. Similarly we are obliged to support the investigations of Social Services, particularly in regards to children and the elderly, which may require us to release information. In this circumstance however the Foundation Trust is obliged to release only the information it considers necessary and would rarely release an entire set of care records.

Other External Sharing

Depending on the care services that you are engaged with the  Trust may have other legitimate needs to share your information. These local needs are not captured here and if you are concerned or curious we would encourage you to speak to your care team about their information sharing requirements.

 

  1. How we use your information for research

Care teams within C&I are working with researchers to find ways to develop better treatments for care. The information in your health records can also be used to help NHS researchers understand more about the causes of illnesses and how best to treat them. They need to follow strict rules to make sure your personal data is used with a lawful basis such as consent.

Researchers will make efforts to take out any information that could identify you where possible, such as your name, address and postcode. If they cannot practically take out such information, it is their legal responsibility to ask for your explicit consent.

We work with healthcare partners, researchers and technical experts to develop computer systems, such as the Clinical Record Interactive Search (CRIS). This includes encryption techniques, such as pseudonymisation (using special codes), to enhance your privacy and protect your confidentiality before using your information for research.  For more information on such local research systems and initiatives, please visit the C&I CRIS site.

In more exceptional cases, researchers may seek special support from the Secretary of State under the health service (control of patient information) regulations (also known as ‘section 251 support’). This can allow researchers to use your personal data without your permission, only when it is not practical to seek permission. They must also have reassured an independent committee who have reviewed the purpose and data security arrangements. You can find more information on trials where researchers have used this special support known as ‘section 251’ support

 

  1. National opt outs

The national data opt out allows patients to opt out of their confidential information being used for research and planning. You can read more about it on the NHS.uk website

Patients can find out more and set their opt-out choice at nhs.uk/your-nhs-data-matters.

Download a patient handout - Your Data Matters to the NHS.

Health and care staff can download leaflets, posters and other resources to use when informing patients. Staff can also read overview of the policy - Understanding the national data opt-out.

 

  1. How do we protect your information?

  1. Confidentiality and data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have legal basis on need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

All our staff have written into their contracts statements requiring them to keep personal information provided by users of the service in the strictest confidence. If you suspect a member of our staff has been indiscreet with your personal information (such as sharing it with non-health related organisations, selling it companies, or harassing you at home or work) please do not hesitate to provide the Trust with a written complaint .

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

All staff are required to undertake annual information governance (Data Security and Protection) training and are provided with an information governance awareness at induction to understand their responsibilities and agree to adhere to them. The staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared.

  1. Secure premises

We endeavour to keep your personal information safe and secure at all times. Trust premises have controlled public access during work hours and are securely locked otherwise. Most Trust premises are covered by CCTV as well as being protected by security services and alarms.

  1. Restricted access records storage

Major Trust sites have restricted access records storage. At each site there will be a limited number of people who have access to the storage room and who control the release of records. This makes the records stored here unavailable except when requested under official protocols.

 

  1. Data retention- How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal data, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements have been considered.

All records held by C&I will be kept for the duration specified by national guidance from the Department of Health & Social Care found in the Records management: NHS code of practice for health and social care 2016, supplemented by C&I Records Management policy and Retention schedule.

In some circumstances you can ask us to delete your data: see ‘Request erasure’ below for further information.

 

  1. How you can access your records

  1. Subject access request

The Data Protection Act 2018 and Access to Health Records Act 1990 gives you a right to access the information we hold about you on our records. You can request this information by contacting the Information Governance department via information.request@candi.nhs.uk

Please complete the application form for access to health records. The Trust will need to verify your identity and may request copies of official documents in addition to your signature.

An indication of what information you are requesting to enable the Trust to locate it in an efficient manner.

If you think any information is inaccurate or incorrect, please let us know. We do not charge for any requests for information under the Data Protection Act 2018 and we are required to comply within 30 days. Where your request cannot be met within 30 days the Trust will write to you with an explanation as to why the request cannot be met and an estimated date of when you can expect to receive your information.

The Data controller responsible for keeping your information confidential is: 

Information Governance Team

3rd Floor, Room 3/25, West Wing 

St Pancras Hospital 

4 St Pancras Way

London

NW1 0PE

UK

Email: information.request@candi.nhs.uk 

Telephone: 0203 317 7100  

The Trusts ICO Registration Number is: Z8583439

 

Please consider the size and the relevance of your request. Although the Trust is obligated to consider your request for information, the resources and time spent to provide access to records can also be used to provide patient care. Focusing your request on the most relevant information or time period will help the Trust

The Information Commissioner, an independent organisation, is responsible for regulating the provisioning of personal information under the Data Protection Act 2018. If you have any questions regarding your rights of access to personal information you are free to contact the Information Commissioner, found at www.informationcommissioner.gov.uk or the Trust's Data Protection Officer or Caldicott Guardian via information.request@candi.nhs.uk.

  1. Making a request for personal information as a third party

If you are making a request to access someone else's information, or wish to access someone's information with them being present, the process is basically the same as above. Please provide a written request to the Trust.

In the case of access to information as a third party the Trust must make a judgement of whether the subject of the information has the capacity or ability to grant consent. A clinically certified member of staff will make judgments of capacity. If in the professional clinical opinion of our staff the person does not have capacity to provide consent, access will not be given at that time, although capacity may be re-considered at a later date. Judgments of capacity will be the sole responsibility of the Trust.

Where consent is not given or cannot be given, the Trust may still be able to provide information if:

  • The Trust believes or can be convinced it is in the best interest of the subject of the information, or is in the best interest of the public to release the information.
  • The Trust receives, in writing, notification of a statutory "gateway" for the information to be released. Such notification needs to include justification as to why the information can be released via the "gateway" and where the description of this gateway can be found in legislation.
  • The Trust receives a court order for the release of the information. In the interest of protecting the Trust and requestors, court orders will often be a preferred vehicle for disclosure.

For further information on release of patient information to 3rd parties please contact  information.request@candi.nhs.uk

  1. Requesting personal health information about the deceased

Information about the deceased can be requested using the Access to Health Records Act 1990. The Trust, in line with NHS directives, considers the deceased to have the same rights of confidentiality and privacy as the living. Except for the statements below, where the Access to Health Records Act does not provide guidance or frameworks the Trust will use the equivalent in the Data Protection Act or those provided in the NHS Records Code of Practice for Health and Social Care.

In order to obtain personal information about a deceased person, one needs to provide a written request (as above, using the form provide here or any other written request) as well as provide proof of the "claim" requiring the health records.

Under the Access to Health Records Act 1990 only those who may have a claim requiring access to the health records will be granted access. The Trust will consider any legitimate and justified requirement an acceptable "claim" so long as proof is given that the health records are required. Legitimate and justified requirements are more likely to be acceptable if they are legally supported or originate from authoritative organisations (e.g.: Executor of an Estate, Coroner, law courts, Social Services). In the instances of court proceedings, this will generally require a court order to request the records.

If an individual provides the Trust with consent for third parties to access their records prior to their death, the Trust will endeavour to ensure their wishes are carried out after their death. Equally if an individual had expressed a wish that their records are not accessed after their death, the Trust will endeavour to ensure their wishes are carried out. 

For further information regarding legitimate and justified requirements to access deceased health records, please contact the Information Governance Manager via information.request@candi.nhs.uk.

          d. Requesting employee records

If you are requesting employment records from the Care Trust i.e. staff only, please contact Hr.support@candi.nhs.uk and information.request@candi.nhs.uk

          e. Your legal rights

Under certain circumstances, you have rights under data protection laws and General Data Protection Regulation in relation to your personal data. 

  • Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. There are exceptions to the right to deletion. Your health and care providers are legally required to maintain your records in accordance with the retention Record management code of practice for health and social care
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party)
  • Request restriction  enables you to ask us to suspend the processing of your personal data in the following scenarios in certain scenarios.

If you wish to exercise this right set out above, please contact us on Request, Information Information.Request@candi.nhs.uk

  1. Freedom of Information request

The Freedom of information Act 2000 provides any person with the right to obtain information held by the trust, subject to a number of exemptions.

FOI has been introduced with the aim of increasing openness and transparency; however, there are some circumstances when information cannot be disclosed.

FOI does not give individuals access to personal information about themselves or others. People seeking information about themselves would need to make a subject access request under the Data Protection 2018.

As an open and transparent organisation, we are committed to routinely publishing as much information as possible; such information is continually updated. However, if you want information which is not on our website you may ask us in accordance with further provisions of the FOI Act and of the Environmental Information Regulations 2005 (EIR) (see below). You can contact us via email/ post via:

Email: freedom.information@candi.nhs.uk.

Address: The Information Governance Office

                Camden and Islington NHS Foundation Trust

                3rd Floor, Room 3/25, West Wing, St Pancras Hospital

                4 St Pancras Way, London NW1 0PE

By law we have to deal with such requests within 20 working days. If you make a request and are not satisfied with the way in which we deal with your request, you may ask us to review any decision we make. If you wish us to undertake such a Review you should write to The Information Governance Office at the above address and they will start the process for the Internal Review.

All Reviews will normally be under the control and direction of the Review Panel who are senior members of staff and who have had no involvement in the original decision or process. The Review process will normally take 20 working days unless there are exceptionally circumstances in which case the Review could take 40 days. You will of course be notified if your case does go over the 20 day period.

If you remain dissatisfied at the conclusion of any Review you may complain to the Information Commissioner's Office, whose address is:

Information Commissioner's Office
 
Wycliffe House
 
Water Lane
 
Wilmslow
 
Cheshire SK9 5AF

Tel: 0303 123 1113
Fax: 01625 524 510

Email: mail@ico.gsi.gov.uk
Web address: www.ico.gov.uk

b. Environmental Information Request (EIR)

The Environmental Information Regulations allows you to request environmental information from the Trust.

The information covered can be divided into the following main areas:

  • The state of the elements of the environment, such as air, water, soil, land, fauna (including human beings)
  • Emissions and discharges, noise, energy, radiation, waste and other such substances
  • Measures and activities such as policies, plans, and agreements affecting or likely to affect the state of the elements of the environment
  • Reports, cost-benefit and economic analyses
  • The state of human health and safety, contamination of the food chain
  • Cultural sites and built structures (to the extent they may be affected by the state of the elements of the environment

c. Publication scheme

In order to comply with the FOI Act public sector organisation such as ours have to routinely publish information whenever possible. The Information Commissioner's Office, who is responsible for monitoring and enforcing compliance with the FOI Act has drawn up what is called a Model Publication Scheme for all public sector organisation which we have formally committed to and decided to adopt. The commissioner has also published a "Definition Document for NHS Organisation" which sets out the minimum expectations.

The list of documents available via this website is constantly changing, therefore if you are looking for information, we recommend that you initially use the search facility on the website. 

d. FoI Disclosure log

This section of the website contains information we have made available in response to requests considered under the Freedom of Information Act or Environmental Information Regulations from April 2013 onwards. These will be published periodically.

Please note that redactions are carried out on disclosure letters in order to protect the identity of individuals.

If you wish to request information that is not included in our disclosure log and does not make up part of our Publication Scheme please contact:Freedom.Information@Candi.nhs.uk

e. Publication scheme

  1. Complaints

The Trust is obligated to investigate any legitimate complaints it receives. If you are a patient of the Trust you can lodge a complaint with our complaints department.

If you are not satisfied with the Trust's response to the complaint, or do not want to approach the Trust with a complaint directly, you are able to request an assessment of the Trust with the Information Commissioner. The Commissioner investigates complaints at his own discretion, and usually expects the complainant to exhaust the Trust's own complaints procedure first.

If you remain dissatisfied at the conclusion of any Review you may complain to the Information Commissioner's Office.

The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation. https://ico.org.uk/.  If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the ICO at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Email: casework@ico.org.uK

  1. Essential contacts

Address: The Information Governance Office
                Camden and Islington NHS Foundation Trust

                3rd Floor, Room 3/25, West Wing, St Pancras Hospital

                4 St Pancras Way, London NW1 0PE

 

 

 

 


 

Leave feedback

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.