Data Protection and Confidentiality
We take our data protection and confidentiality responsibilities seriously.
We are registered with the Information Commissioner’s office for data protection purposes. Our Reference number is: Z6570366
We have a dedicated Information Governance Team who are responsible for:
- Data protection
- Records management
- Information risk/security
- Subject access
- Freedom of information
- Environmental information regulations
A copy of the key Information Governance policies are available here
New data protection legislation
On 25 May 2018 the new European General Data Protection Regulation (GDPR) was introduced into UK law, via the Data Protection Bill.
The new legislation builds on the Data Protection Act 1998, placing new responsibilities on organisations, both as a controller or processor of data.
We are committed to meeting the standards required in the new legislation.
Data Protection Officer
As part of the General Data Protection Regulations, we are required to have a Data Protection Officer (DPO).
The responsibilities of the DPO include ensuring the Trust is compliant with data legislation, ensure staff are provided with appropriate guidance, training and instruction regarding data protection requirements and to act as a point of contact for the Information Commissioner’s Office (ICO) and the public.
If you have any concerns regarding how your information is used, or about our compliance with data protection requirements, you should contact our Data Protection Officer at email@example.com or on 0161 716 3991.
Assessment of compliance
We are required to submit an annual return to the Department of Health, evidencing our compliance in the areas outlined above. This return is completed using the NHS Digital provided Data Security and Protection Toolkit.
Our compliance is reviewed annually by internal audit. Our performance against the annual return and the view of internal audit are made available to the public within the Trust’s Annual Report. Click here to see the latest, and previous versions of the annual report.
What information we collect about you and how we use it
As part of performing our public task as a provider of healthcare services, we collate, store, use and share information about our employees, patients, carers and also about members of the public.
To find out more about the information we collect and how we use it, please click here to see our privacy notices.
Copying letters to patients
The NHS Plan made a commitment that patients should be able to receive copies of clinicians' letters about them as a right, subject to their consent.
A letter includes communications between different health professionals, for instance those to GPs, hospital doctors, nurses, therapists and other health professionals.
We see this initiative as being good practice and are looking at the best way of introducing this.
Some services are already working to encourage this and you may be asked if you wish to receive a copy, how you wish to receive it and in what format.
Other services are not working in this way at the moment, but you may still ask the clinician working with you about this and they will explain the arrangements.
Further information regarding data protection
Further information about data protection and confidentiality legislation and guidance is available via the following sources:
Freedom of Information :