Everyone working for the NHS is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised, with consent given by the patient, unless there are other circumstances covered by the Law. There are other conditions (other than consent) that as an organisation we can use and these are listed under the General Data Protection Regulation Article 6(1)) for personal data (i.e. your name / address) and Article 9 (1)) for sensitive personal data (i.e. race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or sex life and sexual orientation, genetic data and biometric data where processed to uniquely identify a person. Further details are available here.
Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, tell you how your information will be used, and allow you to decide if and how your information can be shared.
Access to identifiable information is strictly controlled and it is only used when it is absolutely necessary to use identifiable information. The Trust will as a general rule of thumb will pseudonymise or anonymise data that is required for non-direct health care purposes. Pseudonymisation is a process that removes the NHS number and any other identifiable information such as name, date of birth or postcode, and replaces it with an artificial identifier, or pseudonym. Data which is pseudonymised is effectively anonymous to the people who receive and hold it but allows the association of multiple events with one patient, allowing us to better understand the experience of patients accessing health services.
In the circumstances where we are required to hold or receive personal information we will only do this if:
- The information is necessary for the direct healthcare of patients
- We have received explicit consent from individuals to be able to use their information for a specific purpose (i.e. employment of staff).
- There is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime
- There is a legal requirement that will allow us to use or provide information (e.g. a formal court order or legislation, dealing with employee details for example national insurance and PAYE)
- We have permission to do so from the Secretary of State for Health to use certain confidential patient information when it is necessary for our work and whilst changes are made to our systems that ensure de-identified information is used for all purposes other than direct care.
NHS Digital has published a guide to confidentiality in health and social care that explains the various laws and rules about the use and sharing of confidential information.
Why we collect information about you
In carrying out some of services we may collect information about you which helps us respond to your queries. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health.
How we use the information that we collect
Information from your health record is used to ensure you provide the best possible care. We consider a “record” to be information about providing health which identifies the patient or service user whether they are an adult or a child.