Home - Privacy Notices - Patients

Patients

The Health and Social Care Act 2012 states that we have to keep records on the care and treatment we deliver to individuals.

On this page

Downloadable PDF of this page – click here.

Data Controller

The Data Controller responsible for keeping your information is Harrogate and District NHS Foundation Trust.

We are registered with the Information Commissioner’s Office, who are the UK’s regulator for data protection and other information rights legislation. Our registration number is: Z7089698.

Data Protection Officer

It is a requirement that public organisations appoint a Data Protection Officer. The Data Protection Officer is tasked with monitoring compliance with UK data protection laws and our data protection policies, awareness-raising, training and audits.

Our Data Protection Officer is:

Sam Layfield, Operational Director & Data Protection Officer

Harrogate and District NHS Foundation Trust

Harrogate District Hospital

Lancaster Park Road

Harrogate
North Yorkshire

HG2 7SX

01423 885959

[email protected]

Why we collect information about you

Information about you is used to guide and record the care you receive, and it is vital in helping us to:

  • have all the information necessary for assessing your needs and for making decisions with you about your care
  • have details of our contact with you, such as referrals and appointments
  • see the services you have received
  • assess the quality of care we give you
  • properly investigate if you and your family have a concern or a complaint about your healthcare

As well as using information about you to provide you with care, the information will also be used to help manage the NHS and protect the health of the public by being used to:

  • review the care we provide to ensure it is of the highest standard and quality
  • protect the health of the general public
  • manage the health service
  • ensure our services can meet patient needs in the future
  • investigate patient queries, complaints and legal claims
  • ensure health care providers receive payment for the care you receive
  • prepare statistics on NHS performance
  • audit NHS accounts and services
  • undertake health research and development
  • help train and educate healthcare professionals

For these purposes we use the minimum amount of information necessary.

The information we collect about you can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This will only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations.

Confidential patient information about your health and care is only used like this where allowed by law. Most of the time, anonymised data is used for research and planning so that you cannot be identified. You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. To find out more or to register your choice to opt out, please visit Your NHS Data matters: https://www.nhs.uk/your-nhs-data-matters/

What information we collect

Healthcare professionals caring for you keep records about your health and any treatment you receive. Information in the record may come from you, other care providers like a GP, social care, dental or hospitals. These records may be written down on paper or recorded electronically. This information can include:

  • Basic information about you, such as name, date of birth, address, phone numbers, email addresses
  • contacts we have had with you such as appointments or clinical visits
  • details about your treatment, care and support that you need and receive
  • results of investigations, such as x-rays, scans and laboratory tests
  • clinical images
  • relevant information from other healthcare or social care professionals or those who care for you
  • relevant information about your next of kin, family, significant relationships or social history including information about carers
  • racial or ethnic origin
  • religious or philosophical beliefs
  • sex life or sexual orientation
  • overseas visitor status
  • payment details

Links to further information about data collection

·       Overseas Visitors

For further information about the data we collect and share for overseas visitors please visit the below webpages:

https://www.gov.uk/government/publications/what-happens-to-your-data-guidance-for-overseas-patients/what-happens-to-your-data-guidance-for-overseas-patients

https://www.gov.uk/government/publications/immigration-status-checks-by-the-nhs-guidance-for-overseas-patients

·       National Child Measurement Programme (NCMP)

For further information about the data we collect and share for the National Child Measurement Programme please visit:

https://www.nhs.uk/live-well/healthy-weight/national-child-measurement-programme

·       Grow and Learn

For further information about the data we collect and share for Grow and Learn please visit:

https://www.northyorks.gov.uk/growandlearn

·       Friends and Family Test

For further information about the data we collect and share for the Friends and Family Test please visit:

https://www.nhs.uk/using-the-nhs/about-the-nhs/friends-and-family-test-fft/

Who we may share your information with

You may receive care from other organisations for example; social care services, other NHS organisations, education and voluntary and private sector providers working with the NHS. Therefore we may need to share information to ensure consistent and appropriate care and support is provided.  This is only shared if there is a genuine need to share or we have patient consent to do so.

We will share relevant information with the following main partner organisations:

  • Other NHS organisations that are involved in your care
  • Local authorities
  • General practitioners (GPs)
  • Children’s Services including Early Help and Safeguarding
  • Adult Services
  • Education including nurseries
  • Police
  • Dental practitioners
  • Ambulance services
  • Yorkshire and Humber Care Record
  • Great North Care Record (GNCR)
  • Planners of health and care services (such as Integrated Care Boards)
  • Care Quality Commission
  • Voluntary and private sector providers working with the NHS
  • Professional bodies such as the General Medical Council and the Nursing and Midwifery Council
  • Third party data processors (such as IT systems suppliers)

In some circumstances we are legally obliged to share information. This includes:

  • when required by NHS England to develop national IT and data services
  • when registering births and deaths
  • when reporting some infectious diseases
  • when a court orders us to do so
  • where a public inquiry requires the information

We will also share information if the public good outweighs your right to confidentiality. This could include:

  • where a serious crime has been committed
  • where there are serious risks to the public or staff
  • to protect children or vulnerable adults

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality.  These purposes will include to comply with the law and for public interest reasons.

Further information about who we may share your information with

·       Yorkshire and Humber Care Record (YHCR)

The Yorkshire and Humber Care Record is a digital shared care record solution that enables patient and service user information from multiple sources, to be accessed securely and updated in real time, when it is needed by appropriate health and care professionals. For further information please visit: https://www.yhcr.org/. To discuss your Right to Object to the YHCR, please call 0113 206 4102 during normal working hours.

·       Great North Care Record (GNCR)

The Great North Care Record makes information about patients, which is stored across different systems by different health and social care providers, available to health and social care providing you with care. For further information, including how to opt-out, please visit: https://www.greatnorthcarerecord.org.uk/patients/

·       Summary Care Record (SCR)

Most patients registered with an NHS GP have a Summary Care Record, unless they have chosen not to have one. The information held in the Summary Care Record gives health and care professionals access to information to provide you with safer care, reduce the risk of prescribing errors and improve your patient experience.

For most patients your Summary Care Record is limited to basic information about allergies and medications and any reactions that you have had to medication in the past. For some patients this will also include:

  • health problems like dementia or diabetes
  • details of your carer
  • your treatment preferences
  • communication needs, for example if you have hearing difficulties or need an interpreter

For further information, including sharing choices, please visit:

https://digital.nhs.uk/services/summary-care-records-scr/summary-care-records-scr-information-for-patients

·       SystmOne

Some of our services use an electronic system called SystmOne. SystmOne allows us to share your medical records with others providing you with care.  The system is set to automatically share your medical record to ensure that that those treating you have the most up to date information. This may include district nurses, community services, child health, urgent care and out of hours services.  Please speak to the member of staff involved in your care if you would prefer your record not to be shared.  You are free to change your mind at any time.

·       Patients Know Best (PKB)

Patients Know Best is a secure online service that allows your health records to be stored in one place, giving you instant access to, and better control of, important information such as appointment letters, appointment details. For further information please visit our dedicated pages:

·       EIDO Healthcare – digital consent forms

EIDO Healthcare is a secure online service that allows you to electronically sign treatment-specific informed patient consent forms. This links to a library of patient information about the procedure including risks, benefits and rehabilitation involved. For further information please visit:

https://support.eidohealthcare.com/support/solutions/articles/80000853004

·       NHS Federated Data Platform

The NHS uses data every day to manage patient care and plan services. The Federated Data Platform brings data together from existing IT systems to enable staff in an NHS organisation to access the information that their own IT systems already hold in a single, safe and secure place. For more information please visit the Federated Data Platform privacy notice:

https://www.england.nhs.uk/contact-us/privacy-notice/how-we-use-your-information/nhs-federated-data-platform-privacy-notice/.

There is a video which provides more information about the benefits of using the Federated Data Platform available via the following link:

https://www.youtube.com/watch?v=zZ9CLNWVkjM .

Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

For healthcare purposes our lawful basis under UK GDPR are:

  • Article 6(1)(e): We need it to perform a public task – a public body, such as an NHS organisation is required to undertake particular activities by law.
  • Article 9(2)(h): To provide and manage health or social care, with a basis in law.

We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:

  • you’ve provided us with your consent (we have taken it as implied consent to provide you with care, or you have given it explicitly for other uses);
  • we have a legal requirement (including court orders) to collect, share or use the data;
  • for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service
  • we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent

How we maintain the confidentiality of your information

We are committed to protecting your privacy and will only use information collected lawfully in accordance with data protection legislation.

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Staff and volunteers also undertake annual data security training.

How long we keep your information for

We store personal information in line with NHS England’s Records Management Code of Practice. This can be located via the following link:

https://transform.england.nhs.uk/information-governance/guidance/records-management-code/

Your rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information, also known as a subject access request. There are some exemptions which means you may not receive all the information you ask for. Further information about how to request your information can be found on the Access to health records page: https://www.hdft.nhs.uk/patients/our-commitment/access-to-health-records/

Your right to rectification – You have the right to ask us to correct information you think is inaccurate or incomplete. If you believe your health information is inaccurate or incomplete please contact your healthcare professional to request for the information to be corrected. If you have changed address, GP, telephone number, email address or name please inform the relevant department, details of which can be found at: https://www.hdft.nhs.uk/patients/appointments/

Your right to erasure – You have the right to ask us to delete your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You can find out more about your data protection rights and the exemptions which may apply on the Information Commissioner’s Office website: https://ico.org.uk/for-the-public/

National Data Opt-out

We comply with England’s national data opt-out because we’re using confidential patient information for purposes beyond individual care.

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. You can change your mind about your choice at any time.

CCTV and body worn cameras

Why are we collecting your information?

We have CCTV systems in some of our premises used by members of the public, for the purposes of public and staff safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purpose of monitoring building security and crime prevention and detection. Our staff also wear Body Worn cameras which are turned on when a potential incident is taking place.

What information are we collecting?

Visual images via CCTV monitoring and body worn camera images and sound recording associated with body worn devices.

Who do we share your information with?

  • Law enforcement agencies including the Police and the Serious Organised Crime Agency
  • Local authorities
  • Professional bodies such as the General Medical Council and the Nursing and Midwifery Council

What is our lawful basis for processing your information?

We process personal data for the following reasons:

  • UK GDPR Article 6 (1)(e) – processing is necessary for the performance of a task carried out in the public interest.
  • UK GDPR Article 6(1)(f) – processing is necessary for the purposes of legitimate interests pursued by the Trust.

As part of the NHS constitution, staff should be able to work in a safe environment and members of the public are expected to treat staff with respect. Where this is breached the recordings safeguard staff, patients, and the public during violent and aggressive or anti-social behaviour incidents and provide evidence where required.

The overall purpose of CCTV is to help in crime prevention, investigation of crime, to protect Trust staff and visitors, and to protect Trust premises from criminal activities.

Concerns

Should you wish to raise a concern about the use of your information, please contact our Patient Experience Team. Please visit this page for contact information https://www.hdft.nhs.uk/patients/patient-experience/:

If you remain unhappy with the outcome of your enquiry you can contact the Information Commissioner:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
www.ico.org.uk