Privacy Notice
The GDPR and Data Protection Act 2018
This legislation will replace current data protection law, giving more rights to individuals and more obligations to organisations holding personal data.
One of the rights is a right to be informed, which means we have to give you even more information than we do now about the way in which we use, share and store your personal information.
How we use your information
Health professionals caring for you (or your child) manage information about your health and the care you receive from the NHS. This information is recorded in health records, manually or electronically and is important to help ensure that you (and your child) receive the best possible care from us. Your information is used in the following ways to guide and administer the care you receive:
- To ensure that your health professional has accurate and up to date information to provide a good basis for any treatment or advisory services we provide to you.
- To ensure that full and correct information is available to other healthcare providers from whom you may be receiving treatment.
- To ensure your treatment is safe and effective, and the advice we provide is appropriate and relevant to you.
- To ensure that there is a good basis for referring to and checking on the type and quality of treatment you have received in the past.
- To ensure that your concerns can be properly investigated should you wish to complain.
How the law allows us to use your personal information
There are a number of legal reasons why we need to collect and use your personal information.
Generally we collect and use personal information where:
- it is necessary to perform our statutory duties
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- it is necessary to deliver health or social care services
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research or statistical purposes
- you or your representative have given consent
Personal information we process
The health professionals caring for you (or your child) keep records about your health and any treatment and care you receive. These records help to ensure that you receive the best possible care from us. The information may be written down on paper, held on a computer, or a mixture of both. The records may include:
- personal details about you, such as name, date of birth, address, NHS number, next of kin, ethnicity, and next of kin
- details and records about your health, treatment and care you receive;
- contacts we have had with you, such as visits to a health professional;
- relevant information from other health professionals, relatives or those people who care for you;
- information based on the professional opinion of the staff caring for you
- if you are employed by us the we will have your education, training and employment details, and your financial details.
The Trust processes personal information about
- patients;
- next of kin;
- suppliers;
- employees (including students, apprentices, potential employees and volunteers);
- complainants, enquirers;
- survey respondents;
- professional experts and consultants;
- individuals captured by CCTV images
How your information is used to help you
Your information is used to ensure that:
- staff caring for you have up to date and accurate information to help them decide the best possible care and treatment needed for you
- we can keep you informed and contact you in relation to your care and treatment;
- health care services and treatments meet the needs of local communities;
- there is an accurate record for looking back and assessing the type and quality of care you have received;
How your information is used for other purposes
In addition to supporting the care you receive, your information may also be used to help us:
- look after the health of the local community and general public
- review the care we provide to ensure it is of the highest standard;
- teach and train health care professionals;
- participate in and conduct approved research;
- conduct audits;
- investigate complaints;
- make sure our services can meet patient needs in the future;
- prepare statistics on NHS performance because we are mandated to do so;
- monitor the way public money is spent.
There are many aspects of your care that we must record, but if you do not want certain information recorded or shared with others, please talk to the person in charge of your care. We will always ask for your consent if we would like to use your information for purposes other than your direct care.
How long we keep your personal information
The Trust has to comply with the Records management Code of Practice for Health and Social Care 2016. (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016).
How we keep your information confidential and secure
You have the right to privacy and confidentiality. Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality. In order to do so, we:
- maintain full and accurate records of the care we provide to you;
- keep records about you confidential, and physically secure;
- only give access to your information to staff who are providing you with care, or are involved in your care.
Your care may not only involve the NHS, but also involve agencies such as Social Services or private health care providers. We may need to share information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it and usually only with your consent. When we pass on any information we will ensure it is kept confidential and secure.
Sharing your information
University Hospitals Coventry and Warwickshire NHS Trust works closely with other organisations to support patient care. This means that information will be shared between hospitals and other organisations that may be caring for you. These may include:
- your GP
- other hospitals
- your pharmacy
- Clinical Commissioning Groups (CCG)
- NHS regulatory authorities;
- The National Patient Safety Agency (NPSA);
- out of hours health care services;
- NHS walk in centres;
- ambulance services;
- NHS common services agencies such as dentists;
- local authority departments, including social services, education and housing;
- voluntary sector providers who are directly involved in your care;
The sharing of sensitive personal information is strictly controlled by law. Generally your information will only be seen by those involved in providing or administering your care. We will ask for your consent before information is shared. If you are unable to consent for any reason, we will only share information where it is clearly in your best interests to do so. When information is shared, it is transferred securely in line with the requirements of the GDPR, and anyone who receives information from us is also under a legal duty to keep it confidential and secure.
With your consent, information can be shared with relatives, partners, friends or carers.
Sharing your information without consent
We will normally ask you for your consent to share information about you. There are times however when we may be required by law to share your information without your consent. These may be:
- where there is a serious risk of harm or abuse to you or other people (including child protection or safeguarding vulnerable adult concerns)
- where a serious crime is being investigated or where it could be prevented;
- notification of new births;
- where we encounter infectious diseases that may endanger the safety of others;
- where a formal court order has been issued;
- where there is a legal requirement.
If you do not wish your personal information to be shared
If you do not wish your personal information that we hold about you to be used or shared in the way that has been described, please discuss the matter with us. You have the right to object, but this may affect our ability to provide you with care or advice. Please note, many of the reasons and uses described above are both mandatory and legal obligations placed on the Trust to collect and record information about the services we provide and patients we care and provide treatment for.
How to access your or your child’s health records
You also have the right to apply for access to the information we hold about you. Access covers:
- the right to obtain a copy of your record in permanent form
- the right to have the information provided to you in a way you can understand (and explained where necessary, e.g. abbreviations).
To request a copy of your record, please contact:
FOI and Access to Health Records Department
2nd Floor - Clinical Sciences Building
University Hospitals Coventry and Warwickshire NHS Trust
Clifford Bridge Road
CoventryCV2 2DX
Tel No: 024 7696 8813 (direct line)
Your rights
Under the GDPR you as a data subject have the following rights
- the right to be informed;
- the right of access;
- the right to accuracy and making changes (rectification);
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling
Not all rights will apply as this is dependent on the lawful basis deployed by the Trust for that processing.
Data Protection Officer
The Trust has a Data Protection Officer ensures that individual rights are respected and that we comply with the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer, at information.governance@uhcw.nhs.uk. Alternatively, you could write to
Data Protection Officer
Information Governance Unit – FM Building
University Hospital Coventry
Clifford Bridge Road
Coventry CV2 2DX
Security of information
We protect the quality and integrity of the personal information that we process. University Hospitals Coventry and Warwickshire has implemented technologies and security policies to protect the stored personal data of our users from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. University Hospitals Coventry and Warwickshire employees and processors who have access to personal data are obliged to respect the privacy of our visitors and the confidentiality of their personal data.
University Hospitals Coventry and Warwickshire will not sell or rent your personal information to anyone.
The way we protect information includes
- Encryption
- Pseudonymisation
- Controlling access to systems
- Training our staff to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates
Independent Advice
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire. SK9 5AF
Telephone: 03031231113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Alternatively, visit ico.org.uk or email casework@ico.org.uk
Website: www.ico.org.uk
Visitor's Choice
Registering on the University Hospitals Coventry and Warwickshire website is optional. If you choose not to register or provide personal information, you can still use the University Hospitals Coventry and Warwickshire website. However, you may be restricted to what you can do. University Hospitals Coventry and Warwickshire views the customer information that it collects as a valuable and confidential asset of which we take great care to ensure its safety.
You may choose to register and receive promotional or marketing information from University Hospitals Coventry and Warwickshire, by selecting the appropriate option when you register personal data.
We use the information for three general purposes: to fulfil your requests for certain areas of the website, to contact you if needed, and to help us maintain the website software and hardware.
If you choose to register, your information will no longer be anonymous and will be available to University Hospitals Coventry and Warwickshire staff and to delegations for the purpose of marketing. If you do not wish to continue receiving promotional or marketing information, please notify us by email at info@uhcw.org.uk.
Linkages Characteristics
The specific practices outlined in this privacy statement apply to the University Hospitals Coventry and Warwickshire website. Other bodies/entities linked to the University Hospitals Coventry and Warwickshire website may have different practices, though the commitment to your privacy will always be the same. You are encouraged to review the privacy statements of other bodies/entities when visiting their website(s).
Purpose Specifications and Data Collection
In general, you can browse the University Hospitals Coventry and Warwickshire website without disclosing any information about yourself. If you visit the University Hospitals Coventry and Warwickshire website to read or download information, we collect and store only the following information that is automatically recognised: the date and time, the originating IP address, the domain name, the type of browser and operating system used (if provided by the browser), the URL of the referring page (if provided by the browser), the object requested and the completion status of the request.
Cookies and Other Technologies
As described above, we sometimes collect anonymous information from visits to our site to help us provide better customer service. For example, we keep track of the domains from which people visit and we also measure visitor activity on the University Hospitals Coventry and Warwickshire website, but we do so in ways that keep information anonymous. We use the information that we collect to measure the number of visitors to the different areas of our site, and to help us make the site more useful to visitors. This includes analysing these logs periodically to measure the traffic through our servers, the number of pages visited and the level of demand for pages and topics of interest. The logs may be preserved indefinitely and used at any time and in any way to prevent security breaches and to ensure the integrity of the data on our servers.
We collect the anonymous information we mentioned above through the use of various technologies, one of which is called "cookies". A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. For example, on a website with a login system (if users register for it), cookies are used to save the visitor's password so that it does not have to be entered at each new visit.
This anonymous information is used and analysed only at an aggregate level to help us understand trends and patterns. None of this information is reviewed at an individual level. If you do not want any transaction details used in this manner, you can disable your cookies.
Links
Throughout the University Hospitals Coventry and Warwickshire website, you will find links to third party websites. Please note that University Hospitals Coventry and Warwickshire is not responsible for the privacy policies or content on third party websites.
Privacy Support
If you have any enquiries about our privacy statement, please contact info@uhcw.org.uk