Please read this notice carefully as it describes how we may use your information to keep safe and protect you and others during the Covid-19 outbreak.
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
The existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here. The period of these changes will initially be until September 30th and if no further announcements are made during this time, they will expire then.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may need to share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email. If we have a mobile number for you we may use this to contact you during this period
Stay in Touch messaging service
The hospital encourages friends and family members who cannot visit and want to contact patients to use our ‘Stay in Touch’ messaging service via an on-line link or email to the Trust during this time. Messages received will be collated by our customer care team to be distributed to the hospital wards. Messages will be printed and distributed to patients by the ward staff which patients can keep. This service is currently only available for patients to receive messages and there is no capacity for messages to be returned at this time. The service is open to family members and friends of patients on all wards. Friends and families should be aware that the sending of messages in this way is not 100% secure so are encouraged to refrain from including information of a sensitive nature that they would wish to keep confidential.
During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
Sharing of patient information
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
We will also be carrying out risk assessments using a device called a Data Protection Impact Assessment which allows us to assess how we should be sharing certain data during the outbreak,
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
Hampshire Hospitals NHS Foundation Trust serves a population of approximately 570,000 across Hampshire and parts of West Berkshire.
Hampshire Hospitals NHS Foundation Trust employs around 6,000 staff and has a turnover of over close to £400 million (2017/18). There are over 15,000 public and staff members. As a Foundation Trust it is directly accountable to its members through the governors. The Council of Governors represent the interests of their constituencies and influence the future plans of the Foundation Trust.
The Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and our registration number is Z5599447.
For further information please refer to the ‘About Us’ page on our website.
Hampshire Hospitals NHS Foundation Trust takes your data privacy and confidentiality very seriously. The Trust complies fully with the General Data Protection Regulations (GDPR) and Data Protection Act 2018 at all times and maintains the highest standards in Data Security and Protection. Data Protection Impact Assessments (DPIAs), Risk Assessments and Data Flows are used by the Trust to assess risks and identify the legal basis for collection, use, sharing and any other processing of data. These documents are approved by the Data Protection Officer.
Incorrectly Addressed Correspondence
Our patients don’t always remember to tell us when they have moved address. If you receive correspondence at your address that is for someone else, please return it immediately to:
Data Protection Team
2nd Floor Ashley Wing
Royal Hampshire County Hospital
If you need to notify the Trust of a change of address, please either contact your consultant or clinical care team or contact the Customer Care team (making sure you include your NHS number or hospital number):
Jessica Hodge, Data Protection Officer
Telephone: 01962 824285
Data Security and Protection team
Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive. These records help to ensure that you receive the best possible care from us. The information may be written down on paper (manual records), held on a computer or a mixture of both. The records may include:
Every NHS organisation has to collect information on the ethnic origins of its patients. This is a mixture of information about your culture, language, history, religion, nationality and upbringing. We only use it to make sure our services meet the needs of all members of the community. You don’t have to give us information about your ethnic origin if you do not want to.
We have a duty to make sure that your information is accurate and current. Information Quality Assurance Assessments are undertaken to help us improve the quality of information we record about you. You may also request that any incorrect information held on your records is corrected.
Information is collected in a number of ways; via your healthcare professional, in referral details from your GP or information directly given by you.
Patients should note that calls to the Trust may be recorded for training and monitoring purposes.
It is not always easy to understand formal communications. If you find this information difficult to take in, please do not hesitate to contact a member of our staff and we will take the time to talk it through with you.
The link below will help you in understanding more about the patient data which we hold here.
Your information is used to ensure that:
In addition to supporting the care you receive, your information may also be used to help us to:
If you do not want certain information recorded or shared with others, please talk to the person in charge of your care. There are however some aspects of your care which we are obliged to record.
Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality. Generally your information will only be seen by those providing or administering your care.
You may be receiving care from other people as well as the NHS such as private healthcare companies or social services. We may need to share information about you so we can all work together for your benefit.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it and usually only with your consent.
Hampshire Hospitals NHS Foundation Trust is a research active organisation and you may be offered opportunities to participate in research studies and trials. You can find out more about how patient information may be used for research on the Health Research Authority (HRA) webpage here. The HRA is the government body that protects and promotes the interests of patients and the public in health and social care research.
When we pass on any information we will ensure it is kept confidential and secure. A few administrative processes require information that may identify you, however wherever possible, processes will use anonymised information.
There may be other circumstances when we must share information from your patient record with other organisations without your consent. Examples of this include but are not limited to:
Recording of phone calls
The Trust may record calls to patients in certain circumstances. Recording of calls is necessary to protect the interests of patients and staff and is undertaken to ensure that the Trust is able to provide the best care in a safe and secure environment. Calls are deleted when they are no longer needed.
Care and Health Information Exchange (CHIE)
CHIE is a local health and social care record which collects information from participating Health and Care organisations i.e. GP practices, community providers, acute hospitals and social care providers.
From your patient record, the Trust shares your name, address, contacts i.e. your next of kin, diagnosis, allergies and alerts as well as information about your appointments, care plans, immunisations, progress notes, assessments, inpatient events and referrals, with CHIE. If you do not want your information shared with CHIE, please discuss this with your healthcare professional.
All records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code). The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.
Personal information we hold about you is deemed to be ‘necessary for the performance of a task carried out in the public interest or in the exercise of official authority’ and necessary for ‘medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems’ as set out in Article 6(1)(e) and 9(2)(h) of the General Data Protection Regulations (GDPR).
We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with the following:
The NHS wants to make sure you and your family have the best care now and in the future. Your health and adult social care information supports your individual care. Please see NHS Choices for further information.
If we need to use your personal information for any reasons beyond those stated in the sections above, we will discuss this with you and ask for your explicit consent. The General Data Protection Regulations gives you certain rights, including the right to:
If you have any questions or concerns regarding the information we hold on you and the use of your information, or you would like to discuss this further, please contact the Data Protection Officer at:
Chief Financial Officer
Senior Information Risk Owner (SIRO)
Haematology Consultant & Chief Clinical Information Officer
Caldicott Guardian (CG)
Data Protection Officer (DPO)
If you wish to contact any of the above please email: Information.Governance@hhft.nhs.uk
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.
Call: 01256 486766
Further details are available on our website here.
If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:
The Trust promotes research with a view to improving future care. Researchers can improve how physical and mental health can be treated and prevented. If you are happy for your personal confidential information to be used for both your individual care and treatment and research and planning, you do not need to do anything.
However, if you do not want your personal confidential information used for any research and planning you have the right to opt out. Visit the National Data op out guidance here. If you choose to opt out you can still consent to your data being used for specific individual research and or planning purposes.
For further details on how your information is used in research please visit the Health Research Authority - patient information, health and care research.
For details on how you can access the information held about you by Hampshire Hospitals NHS Foundation Trust, please click here.
Jessica Hodge, Data Protection Officer
Dr Tamara Everington, Caldicott Guardian
Data Security and Protection team
Accessibility and cookie information
Data Security and Protection Policy
Data Protection Impact Assessments 2018-19