Privacy Notice

Security of information 

Confidentiality affects everyone: East Cheshire NHS Trust collects stores and uses large amounts of personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work. 

We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. 

At Trust Board level, a Senior Information Risk Owner has been appointed who is accountable for the management of all information assets and any associated risks and incidents. We also have a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality. 

Why do we collect information about you? 

The doctors, nurses and team of healthcare professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care. We keep records both on paper and electronically. These records may include: 

• Personal details about you such as your name, home address and email address, date of birth, telephone number. 
• Basic details about people connected to you e.g. your spouse or partner, children, carers, relatives and next of kin.
• Contact we have had with you such as hospital admissions, outpatient and clinic appointments and home visits. 
• Notes and reports about your health, treatment and care.
• Prescriptions. 
• Results of x-rays, scans and laboratory tests and any other health related tests. 
• Relevant information from people who care for you and know you well such as health professionals and relatives. 

We may also hold information relating to your direct care which has been provided to us by other NHS organisations such as your GP, other NHS hospitals, NHS clinics, and other third parties such as opticians, dentists, pharmacists, private healthcare providers, or from other bodies such as universities or schools.

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible 

What are the lawful bases upon which we hold / process your information? 

The lawful basis upon which we process personal data is ‘public task’: 

• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller 

The lawful basis on which we process special categories of information (which include race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, sexual orientation) is ‘Preventative or Occupational Medicines’: 

• Necessary for the purpose of preventative or occupational medicines, for the assessment of working capacity, for medical diagnosis, provision of health or social care or treatment, or management of health or social care systems and services 

How your personal information is used 

Your records are used to direct, manage and deliver the care you receive to ensure that: 

The doctors, nurses and other healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you. 

• Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive. 
• Concerns, complaints and legal claims can be properly investigated. 
• Appropriate information is available if you see another doctor or are referred to a specialist or another part of the NHS or other organisation such as social care. 

How your personal information is used to improve the NHS 

Your information will also be used to help us manage the NHS and protect the health of the public by: 

• Using statistical information to look after the health and wellbeing of the general public and planning services to meet patient needs in the future. 
• Assessing your condition against a set of risk criteria to ensure that you receive the best possible care. 
• Ensuring the hospital receives payment for the care you receive. 
• Preparing statistics on NHS performance for Department of Health and other bodies. 
• Auditing NHS accounts and services. 
• Clinical Audit and Service Development 
• Helping to train and educate healthcare professionals. 
• Contacting you to take part in surveys or consultations about our services. 

Health Research and Planning

Patient information is used to:

• plan and improve health services
• research to investigate new treatments, interventions and management procedures so that patient care is continually improved.

Most of the time, data for research and planning is anonymised which means that the data will not identify you in any way.

We use the lawful basis of ‘Public Task’ for processing data for research purposes and innovation. All research conducted at the Trust is approved by the Health Research Authority who assess that it is compliant with UK law and regulations. Research initiated and sponsored by the Trust is assessed to ensure it meets current regulations.

Our research teams may offer information to you on potential research studies/ developments. 

You have a choice about whether you want your confidential information to be used in this way. To find out more about the wider use of confidential information and to register your choice to opt out if you do not want your data to be used in this way, please visit http://www.nhs.uk/your-nhs-data-matters 

If you choose to opt out you can still consent for your data being used for specific purposes. 

The NHS Care Record Guarantee 

The Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing. Copies of the full document can be obtained from: https://www.humber.nhs.uk/about/the-nhs-care-record-guarantee.htm 

Using your personal information 

Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential. 

We will share information with the following main partner organisations: 

• Other NHS Trusts and hospitals that are involved in your care. 
• Clinical Commissioning Groups, NHS Improvement and other NHS bodies. 
• General Practitioners (GPs). 
• Ambulance Services. 

You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them if they have a genuine need for it or we have your permission so we can all work together for your benefit.

Consequently, we may also share your information, subject to strict agreement about how it will be used, with: 

• Social Care Services 
• Education Services 
• Local Authorities 
• Voluntary and private sector providers working with the NHS 
• Community Pharmacies 
• Hospices and Care Homes  

We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, for example, where we have a legal requirement to share your information, including but not limited to the following: 

• The Police for the prevention and detection of crime 
• Disclosure under Court Order 
• In the public interest to prevent abuse or serious harm 

Retention Periods 

East Cheshire NHS Trust manages its records in line with the requirements of the NHS England - Transformation Directorate Records Management Code of Practice. This document is based on current legal requirements and professional best practice and can be found at the following link: 

Records Management Code of Practice – NHS Transformation Directorate (england.nhs.uk)

The Cheshire Care Record 

The Cheshire Care Record is a shared system that allows Healthcare Professionals within the Cheshire Health and Social Care community to appropriately access the most up-to-date and accurate information about patients to deliver the best possible care. 

If you would like to contact us for any further information or would like to discuss this further please contact the Data Protection Officer us using the contact details provided below. 

Rights of the Data Subject 

You have the right to know what information is being processed, for what purpose and on what legal basis. This Privacy Notice sets out that information. The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right only applies where processing takes place by an automated means. 

Disclosure of information 

You have the right to restrict or object to how and with whom we share the personal information in your records that identifies you. This must be noted explicitly within your records in order that all healthcare professionals and staff treating and involved with you are aware of your decision. By choosing this option, it may make the provision of treatment or care more difficult or unavailable. You can also change your mind at any time about a disclosure decision. 

SMS text messaging 

When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact number and mobile telephone number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times. 

Accessing your personal records 

You have a right to access the information we hold about you on our records. Requests must be made in writing to the Legal Services Department. Please refer to our Subject Access request policy for further information, which can be found on the following policies page: 

https://trust.eastcheshire.nhs.uk/policies?search=1&keywords-5141=&letter=S 

Data Breaches 

The Trust has robust breach detection, investigation and internal reporting procedures in place.

The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority, within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk of adversely affecting your rights and freedoms, we will contact you without undue delay. 

The Data Controller responsible for keeping your information confidential is:

East Cheshire NHS Trust
Trust Headquarters
2nd Floor, New Alderley Building
Macclesfield District General Hospital
Victoria Road
Macclesfield
Cheshire
SK10 3BL

Telephone: 01625 421000

The Data Protection Officer for East Cheshire NHS Trust is:

Data Protection Officer
East Cheshire NHS Trust
Trust Headquarters
2nd Floor, New Alderley Building
Macclesfield District General Hospital
Victoria Road
Macclesfield
Cheshire
SK10 3BL

Email: ecn-tr.dataprotection@nhs.net

Notification
Organisations processing personal data are required to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Telephone: 08456 306060
Website: www.ico.gov.uk