How we use your information

Hampshire Hospitals NHS Foundation Trust serves a population of approximately 600,000 across Hampshire and parts of West Berkshire.

Hampshire Hospitals NHS Foundation Trust employs around 8600 staff and has a turnover of over close to £500 million. There are over 15,000 public and staff members.  As a Foundation Trust it is directly accountable to its members through the governors. The Council of Governors represent the interests of their constituencies and influence the future plans of the Foundation Trust. 

HHFT is a member of the Hampshire and Isle of Wight Integrated Care System (ICS). The ICS is a partnership of NHS Trusts and local government entities committed to enhancing the health and well-being of their communities by integrating health and care that meets individual need, ensuring it is delivered promptly and effectively. 

The Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information in accordance with the UK General Data Protection Regulation (UK GDPR) and our registration number is Z5599447.

For further information please refer to the ‘About Us’ page on our website.

Hampshire Hospitals NHS Foundation Trust takes your data privacy and confidentiality very seriously.  The Trust complies fully with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 at all times and maintains the highest standards in Data Security and Protection.  Data Protection Impact Assessments (DPIAs), Risk Assessments and Data Flows are used by the Trust to assess risks and identify the legal basis for collection, use, sharing and any other processing of data. These documents are approved by the Data Protection Officer.

Incorrectly Addressed Correspondence

Our patients don’t always remember to tell us when they have moved address. If you receive correspondence at your address that is for someone else, please return it immediately to the department you have received it from.

If you need to notify the Trust of a change of address, please either contact your consultant or clinical care team, on the patient hub or the NHS app. (Making sure you include your NHS number or hospital number)
 

Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive.  These records help to ensure that you receive the best possible care from us.  The information may be written down on paper (manual records), held on a computer or a mixture of both.  The records may include:

• basic details about you, such as name, address, telephone, email, date of birth and next of kin
• contacts we have had with you, such as visits to a health professional
• details and records about your health, treatment and care you receive
• relevant information from other health professional, relatives or those people who care for you and know you well
• information based on the professional opinion of the staff caring for you

Every NHS organisation has to collect information on the ethnic origins of its patients.  This is a mixture of information about your culture, language, history, religion, ethnicity, and upbringing.  We only use it to make sure that we understand the needs of patients and that our services meet the needs of all members of the community. You don’t have to give us information about your ethnic origin if you do not want to.

We have a duty to make sure that your information is accurate and current. Information Quality Assurance Assessments are undertaken to help us improve the quality of information we record about you. You may also request that any incorrect information held on your records is corrected.
Information is collected in a number of ways; via your healthcare professional, in referral details from your GP or information directly given by you.

Patients should note that calls to the Trust may be recorded for training and monitoring purposes.
It is not always easy to understand formal communications.  If you find this information difficult to take in, please do not hesitate to contact a member of our staff and we will take the time to talk it through with you.

This link will help you in understanding more about the patient data which we hold. 

Your information is used to ensure that

• staff caring for you have accurate and up to date information to help them assess and decide the best possible care and treatment needed for you.
• we can contact you in relation to your care and treatment.
• treatments and services meet the needs of local communities.
• information is available should you need another form of care, for example if you are referred to a specialist or another part of the NHS.
• there is a good basis for looking back and assessing the type and quality of care you have received.
• your concerns can be properly investigated should you need to complain.

In addition to supporting the care you receive, your information may also be used to help us to:

• remind you about your appointments and send you relevant correspondence.
• look after the health of the general public.
• review the care we provide to ensure it is of the highest standard.
• support the funding of your care, e.g., with commissioning organisations who pay for NHS care.
• teach and train health care professionals. 
• conduct research approved by the Research Ethics Committee 
• conduct audits.
• investigate complaints, legal claims, or untoward incidents.
• make sure our services can meet patient needs in the future.
• prepare statistics on NHS performance to meet the needs of the population or for the NHS England and other regulatory bodies.
• monitor the way public money is spent.
• contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients.

If you do not want certain information recorded or shared with others, please talk to the person in charge of your care.  There are however some aspects of your care which we are obliged to record.

Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality.  Generally, your information will only be seen by those providing or administering your care.

You may be receiving care from other people as well as the NHS such as private healthcare companies or social services.  We may need to share information about you so we can all work together for your benefit.

Hampshire Hospitals NHS Foundation Trust is a research active organisation, and you may be offered opportunities to participate in research studies and trials. You can find out more about how patient information may be used for research on the Health Research Authority (HRA) webpage here. The HRA is the government body that protects and promotes the interests of patients and the public in health and social care research.  

When we pass on any information, we will ensure it is kept confidential and secure. A few administrative processes require information that may identify you, however wherever possible, processes will use anonymised information.

There may be other circumstances when we must share information from your patient record with other organisations without your consent.  Examples of this include but are not limited to:
•    Concerns that you are putting yourself or another adult person at risk of harm.
•    Concerns that you are putting a child at risk of harm.
•    Where we have been instructed to do so by a Court
•    Where the information is required for cost recovery
•    Where the information is essential for the detection and prevention of a crime
•    Where your information is required for investigation into fraud or other certain unlawful activities
•    Where you are subject to the Mental Health Act (2007) and if there are circumstances in which your ‘nearest relative’ must receive information even if you object
•    Where your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases.
•    Where third parties are contracted to support with the provision of your direct care

Recording of phone calls

The Trust may record calls to patients in certain circumstances.  Recording of calls is necessary to protect the interests of patients and staff and is undertaken to ensure that the Trust is able to provide the best care in a safe and secure environment. 

Care and Health Information Exchange (CHIE)

CHIE is a local health and social care record which collects information from participating Health and Care organisations i.e., GP practices, community providers, acute hospitals and social care providers.

From your patient record, the Trust shares your name, address, contacts i.e., your next of kin, diagnosis, allergies and alerts as well as information about your appointments, care plans, immunisations, progress notes, assessments, inpatient events and referrals, with CHIE. 

If you do not want your information shared with CHIE, please discuss this with your healthcare professional.

Badgernet

BadgerNet Maternity is an electronic maternity healthcare record system by CleverMed Ltd. It allows real-time recording of all events wherever they occur: in the hospital, the community, or at home. The BadgerNet Maternity system comes with Badger Notes an online portal and app that allows you to add notes or access your maternity records through your PC, tablet device or mobile phone. 

The information that you view is generated in real-time from your hospital-based maternity system record, using details entered by your midwife or other health professionals involved in your care.

This system stores your electronic maternity health and social data, data relating to the birth of your child and neonatal care provided to your child.

If you wish to opt out of BadgerNet, please speak to your midwife.

SWASH+

HHFT is now part of the SWASH+ consortium, which includes Trusts in Salisbury, Southampton, Southern Health, Isle of Wight, and Portsmouth. This move will allow real-time imaging access across all Trusts in the consortium.

By eliminating the need for an image exchange portal, clinicians can immediately access patient images whenever a referral to specialists in other Trusts is required.

This streamlined process enhances patient care by ensuring timely access to critical imaging data, eliminating delays often associated with image transfer during shared care activities, such as for MDT meetings.

C2-Ai

The C2-Ai tool is being piloted at HHFT with support from Public Health and the Hampshire & Isle of Wight Population Health teams to review the way we manage and coordinate elective surgery lists by specialty. The tool identifies high risk patients ahead of surgery and is guided by clinical priority rather than the duration on the waiting list. Its use in other regions has shown it enhances patient outcomes and addresses health inequalities. Data security and data protection due diligence has been considered and addressed through the completion and review of a Data Protection Impact Assessment and a Cyber Security Assurance Assessment.  For further information about the use of your personal information and this tool, please contact information.governance@hhft.nhs.uk.

All records held by the NHS are subject to the Records Management Code of Practice 2021. The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.

We can only process your data if we have a lawful basis to do so. We rely on several lawful basis set out in Article 6 of the UK GDPR. To process special category data like ethnicity, religious beliefs, political opinion etc, we rely on Article 9 of the UK GDPR. For patients and healthcare-related processing, we primarily use Article 6(1)(e) for the performance of a task carried out in the public interest or the exercise of official authority vested in the Practice (Data Controller). We may also process your personal data under Articles:

6(1)(a) – where you have provided consent.
6(1)(b) – where it is necessary for performance of a contract.
6(1)(c) – where it is necessary for compliance with a legal obligation.
6(1)(d) – where it is necessary to protect your vital interest or that of others.
6(1)(f) – where it is necessary for our legitimate interest.

We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with the following:

• Common Law duty of confidentiality
• Data Protection Act 2018
• UK General Data Protection Regulation
• Human Rights Act 1998
• Access to Health Records Act 1990
• Freedom of Information Act 2000
• Health and Social Care Act 2015
• Public Records Act 1958
• Copyright Design and Patents Act 1988
• Re-Use of Public Sector Information Regs 2004
• Computer Misuse Act 1990
• NHS Care Records Guarantee for England
• Social Care Records Guarantee for England
• International information Security Standards
• Information Security Code of Practice
• Records Management Code of Practice
• Accessible Information Standards

The NHS wants to make sure you and your family have the best care now and in the future. Your health and adult social care information supports your individual care.   Please see NHS Choices for further information.

The UK GDPR gives you certain rights, including the right to:

• Be informed of why, where, and how we use your information.
• Request access to the personal data we hold about you, e.g., health records.  For details about how to request your medical records see ‘Access to your health records’ on our website. For access to staff records please complete the Staff SAR application available under 'Useful documents and information' and send to information.governance@hhft.nhs.uk
• Request that your information is deleted or removed where there is no need for us to continue processing it.
• Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain exemptions. 
• Restriction of processing.
• Request your personal information to be transferred to other service providers on certain occasions.
• Object to how your information is used.
• Refuse/withdraw consent to the sharing of your health records. We are authorised to process, i.e., share, your health records ‘for the management of healthcare systems and services’.  

Challenge any decisions made about you without human intervention (automated decision making).NHS England assesses the effectiveness of the care provided by publicly-funded services.  We have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.  You have the right to object to us sharing your information to NHS England for planning and research purposes – this will not affect your care in any way.  For information about how you can Opt-Out of sharing your data with NHS England please see the National data opt out programme.
 

Hampshire Hospitals is a research-active Trust.

The Trust promotes research with the aim of improving how physical and mental health can be treated and prevented.  If you are happy for your personal confidential information to be used for both your individual care and treatment, and research and planning, you do not need to do anything. If you do not want your personal confidential information used for any research and planning you have the right to opt out. Visit the National Data opt out guidance. If you choose to opt out, please note that as part of your clinical care you may still be approached by a member of our clinical trials team about participating in a specific research project to request your consent to do so. 

For further details on how your information is used in research please visit the Health Research Authority - patient information, health and care research.

Hampshire Hospitals NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Emergency Department or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  On this web page you will:

• See what is meant by confidential patient information.
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care.
• Find out more about the benefits of sharing data.
• Understand more about who uses the data.
• Find out how your data is protected.
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply.

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.

If you have any questions or concerns regarding the information we hold on you and the use of your information, or you would like to discuss this further, please contact the Data Protection Officer at:

Information.Governance@hhft.nhs.uk

Steve West

Chief Financial Officer
Senior Information Risk Owner (SIRO)

Paul Spraggs

Caldicott Guardian (CG)

Noaman Rashid  

Chief Clinical Information Officer

Jessica Hodge

Data Protection Officer (DPO)

If you wish to contact any of the above please email: Information.Governance@hhft.nhs.uk

We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.  

Email: PALSandcomplaints@hhft.nhs.uk

Call: 01256 486766

Further details are available on our website here.

If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact: