Covid-19 and your information - Updated on 17 April 2020

Please read this notice carefully as it describes how we may use your information to keep safe and protect you and others during the Covid-19 outbreak.

The health and social care system is facing significant pressures due to the Covid-19 outbreak.  Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

The existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak.  Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.  Further information is available on gov.uk here and some FAQs on this law are available here. The period of these changes will initially be until September 30th and if no further announcements are made during this time, they will expire then.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information.  This includes National Data Opt-outs.  However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply.  It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may need to share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.  If we have a mobile number for you we may use this to contact you during this period

Stay in Touch messaging service

The hospital encourages friends and family members who cannot visit and want to contact patients to use our ‘Stay in Touch’ messaging service via an on-line link or email to the Trust during this time.  Messages received will be collated by our customer care team to be distributed to the hospital wards.  Messages will be printed and distributed to patients by the ward staff which patients can keep.  This service is currently only available for patients to receive messages and there is no capacity for messages to be returned at this time.  The service is open to family members and friends of patients on all wards.  Friends and families should be aware that the sending of messages in this way is not 100% secure so are encouraged to refrain from including information of a sensitive nature that they would wish to keep confidential.

During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

Sharing of patient information

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak.  Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.   

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves.  All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.  

We will also be carrying out risk assessments using a device called a Data Protection Impact Assessment which allows us to assess how we should be sharing certain data during the outbreak,

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you.  Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.

Who are we?

Hampshire Hospitals NHS Foundation Trust serves a population of approximately 570,000 across Hampshire and parts of West Berkshire.

Hampshire Hospitals NHS Foundation Trust employs around 6,000 staff and has a turnover of over close to £400 million (2017/18).  There are over 15,000 public and staff members.  As a Foundation Trust it is directly accountable to its members through the governors.  The Council of Governors represent the interests of their constituencies and influence the future plans of the Foundation Trust.

The Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and our registration number is Z5599447.

For further information please refer to the ‘About Us’ page on our website.

Data Privacy and Confidentiality at Hampshire Hospitals

Hampshire Hospitals NHS Foundation Trust takes your data privacy and confidentiality very seriously.  The Trust complies fully with the General Data Protection Regulations (GDPR) and Data Protection Act 2018 at all times and maintains the highest standards in Data Security and Protection.  Data Protection Impact Assessments (DPIAs), Risk Assessments and Data Flows are used by the Trust to assess risks and identify the legal basis for collection, use, sharing and any other processing of data. These documents are approved by the Data Protection Officer.

Incorrectly Addressed Correspondence

Our patients don’t always remember to tell us when they have moved address. If you receive correspondence at your address that is for someone else, please return it immediately to:

Data Protection Team
2nd Floor Ashley Wing
Royal Hampshire County Hospital
Romsey Road
Winchester
Hampshire
SO22 5DG

Email: Information.Governance@hhft.nhs.uk

If you need to notify the Trust of a change of address, please either contact your consultant or clinical care team or contact the Customer Care team (making sure you include your NHS number or hospital number):

Contacts

Jessica Hodge, Data Protection Officer
Email: jessica.hodge@hhft.nhs.uk
Telephone: 01962 824285

Data Security and Protection team
Email: Information.Governance@hhft.nhs.uk
 

Why and how we collect personal information about you?

Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive.  These records help to ensure that you receive the best possible care from us.  The information may be written down on paper (manual records), held on a computer or a mixture of both.  The records may include:

  • basic details about you, such as name, address, telephone, email, date of birth and next of kin
  • contacts we have had with you, such as visits to a health professional
  • details and records about your health, treatment and care you receive
  • relevant information from other health professional, relatives or those people who care for you and know you well
  • information based on the professional opinion of the staff caring for you

Every NHS organisation has to collect information on the ethnic origins of its patients.  This is a mixture of information about your culture, language, history, religion, nationality and upbringing.  We only use it to make sure our services meet the needs of all members of the community.  You don’t have to give us information about your ethnic origin if you do not want to.

We have a duty to make sure that your information is accurate and current.  Information Quality Assurance Assessments are undertaken to help us improve the quality of information we record about you.  You may also request that any incorrect information held on your records is corrected.

Information is collected in a number of ways; via your healthcare professional, in referral details from your GP or information directly given by you.

Patients should note that calls to the Trust may be recorded for training and monitoring purposes.

It is not always easy to understand formal communications.  If you find this information difficult to take in, please do not hesitate to contact a member of our staff and we will take the time to talk it through with you.

The link below will help you in understanding more about the patient data which we hold here.

What do we do with your personal information?

Your information is used to ensure that:

  • staff caring for you have accurate and up to date information to help them assess and decide the best possible care and treatment needed for you
  • we can contact you in relation to your care and treatment
  • treatments and services meet the needs of local communities
  • information is available should you need another form of care, for example if you are referred to a specialist or another part of the NHS
  • there is a good basis for looking back and assessing the type and quality of care you have received
  • your concerns can be properly investigated should you need to complain

In addition to supporting the care you receive, your information may also be used to help us to:

  • remind you about your appointments and send you relevant correspondence
  • look after the health of the general public
  • review the care we provide to ensure it is of the highest standard
  • support the funding of your care, e.g. with commissioning organisations who pay for NHS care
  • teach and train health care professionals (if you do not want your information to be used in this way, please let us know.  It will not affect your treatment in any way)
  • conduct research approved by the Local Research Ethics Committee (your personal details will not be disclosed outside of the Trust without your consent)
  • conduct audits
  • investigate complaints, legal claims or untoward incidents
  • make sure our services can meet patient needs in the future
  • prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies
  • monitor the way public money is spent
  • contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients

If you do not want certain information recorded or shared with others, please talk to the person in charge of your care.  There are however some aspects of your care which we are obliged to record.

Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality.  Generally your information will only be seen by those providing or administering your care.

You may be receiving care from other people as well as the NHS such as private healthcare companies or social services.  We may need to share information about you so we can all work together for your benefit.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it and usually only with your consent.

Hampshire Hospitals NHS Foundation Trust is a research active organisation and you may be offered opportunities to participate in research studies and trials. You can find out more about how patient information may be used for research on the Health Research Authority (HRA) webpage here. The HRA is the government body that protects and promotes the interests of patients and the public in health and social care research.  

When we pass on any information we will ensure it is kept confidential and secure.  A few administrative processes require information that may identify you, however wherever possible, processes will use anonymised information.

There may be other circumstances when we must share information from your patient record with other organisations without your consent.  Examples of this include but are not limited to:

  • Concerns that you are putting yourself or another adult person at risk of harm
  • Concerns that you are putting a child at risk of harm
  • Where we have been instructed to do so by a Court
  • Where the information is required for cost recovery
  • Where the information is essential for the detection and prevention of a crime
  • Where your information is required for investigation into fraud or other certain unlawful activities
  • Where you are subject to the Mental Health Act (2007) and if there are circumstances in which your ‘nearest relative’ must receive information even if you object
  • Where your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases

Recording of phone calls

The Trust may record calls to patients in certain circumstances.  Recording of calls is necessary to protect the interests of patients and staff and is undertaken to ensure that the Trust is able to provide the best care in a safe and secure environment. Calls are deleted when they are no longer needed.

Care and Health Information Exchange (CHIE)

CHIE is a local health and social care record which collects information from participating Health and Care organisations i.e. GP practices, community providers, acute hospitals and social care providers.

From your patient record, the Trust shares your name, address, contacts i.e. your next of kin, diagnosis, allergies and alerts as well as information about your appointments, care plans, immunisations, progress notes, assessments, inpatient events and referrals, with CHIE. If you do not want your information shared with CHIE, please discuss this with your healthcare professional.

How long do we keep your information?

All records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code). The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.

What is our legal basis for processing personal information about you?

Personal information we hold about you is deemed to be ‘necessary for the performance of a task carried out in the public interest or in the exercise of official authority’ and necessary for ‘medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems’ as set out in Article 6(1)(e) and 9(2)(h) of the General Data Protection Regulations (GDPR).

We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with the following:

  • Data Protection Act 2018
  • General Data Protection Regulations 2018
  • Human Rights Act 1998
  • Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • Health and Social Care Act 2012, 2015
  • Public Records Act 1958
  • Copyright Design and Patents Act 1988
  • Re-Use of Public Sector Information Regs 2004
  • Computer Misuse Act 1990
  • Common Law Duty of Confidentiality
  • NHS Care Records Guarantee for England
  • Social Care Records Guarantee for England
  • International information Security Standards
  • Information Security Code of Practice
  • Records Management Code of Practice
  • Accessible Information Standards

What are your rights?

The NHS wants to make sure you and your family have the best care now and in the future. Your health and adult social care information supports your individual care.   Please see NHS Choices for further information.

If we need to use your personal information for any reasons beyond those stated in the sections above, we will discuss this with you and ask for your explicit consent.  The General Data Protection Regulations gives you certain rights, including the right to:

  • Request access to the personal data we hold about you, e.g. in health records.  For details about how to request this see Access to your health records’ on our website.
  • Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. 
  • Refuse/withdraw consent to the sharing of your health records.  We are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’.  Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). 
  • Request your personal information to be transferred to other providers on certain occasions.
  • NHS Digital, on behalf of NHS England assesses the effectiveness of the care provided by publicly-funded services.  We have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.  You have the right to object to us sharing your information to NHS Digital for planning and research purposes – this will not affect your care in any way.  For information about how you can Opt-Out of sharing your data with NHS Digital please see the National data opt out programme.
  • Every effort is made to keep your information confidential and only share information when absolutely necessary.

Contacting us about your information

If you have any questions or concerns regarding the information we hold on you and the use of your information, or you would like to discuss this further, please contact the Data Protection Officer at:

Information Governance Team
2nd Floor Ashley Wing
Royal Hampshire County Hospital
Romsey Road
Winchester
Hampshire
SO22 5DG

EmailInformation.Governance@hhft.nhs.uk

Who is responsible for your data?

Malcolm Ace

Chief Financial Officer
Senior Information Risk Owner (SIRO)

Dr Tamara Everington

Haematology Consultant & Chief Clinical Information Officer
Caldicott Guardian (CG)

Jessica Hodge

Data Protection Officer (DPO)

If you wish to contact any of the above please email: Information.Governance@hhft.nhs.uk

Contacting us if you have a complaint or concern

We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.  

Customer Care Team
Basingstoke and North Hampshire Hospital
Aldermaston Road
Basingstoke
Hampshire
RG24 9NA

Emailcustomercare@hhft.nhs.uk

Call: 01256 486766

Further details are available on our website here.

If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Their web site is at ico.org.uk. The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to Hampshire Hospitals NHS Foundation Trust.

Improving Services through Research

The Trust promotes research with a view to improving future care. Researchers can improve how physical and mental health can be treated and prevented.  If you are happy for your personal confidential information to be used for both your individual care and treatment and research and planning, you do not need to do anything.

However, if you do not want your personal confidential information used for any research and planning you have the right to opt out. Visit the National Data op out guidance here. If you choose to opt out you can still consent to your data being used for specific individual research and or planning purposes.

For further details on how your information is used in research please visit the Health Research Authority - patient information, health and care research.