Protecting your information and confidentiality

Protecting your information and confidentiality

Bradford District Care NHS Foundation Trust privacy notice

As a healthcare provider we need to hold information about you to help ensure you receive proper, necessary and effective treatment. We take our duty to protect personal information and confidentiality very seriously. The type of personal information we collect is:

Personally identifiable information:

  • such as your name, date of birth, address, phone number, email address and next of kin;
  • a record of the times we have seen you – appointments, clinical visits;
  • information about people who care for you or know you well.

Sensitive personal information:

  • such as your medical diagnosis, ethnicity, religion, the language you speak, your test results, x-rays, photographs or scans, reports about your medical condition and care plans.

How we get personal information and why we have it

Most of the personal information we collect and record is provided to us directly by you to:

  • help doctors, nurses and other healthcare professionals make the right decisions about
    your care;
  • provide us with the right information to refer you to the service that can support you best;
  • allow us to assess and review the care you receive;
  • ensure that the care that we provide is safe and effective
  • contact you;
  • ensure appropriate information is available if you see another clinician, or are referred to a
    specialist or another part of the NHS or social care;
  • ensure that if you have a concern about your care, then the information is available to
    investigate it properly, or to
  • ensure your care is administered appropriately.

We also receive personal information via referrals from other services.

Reports and statistics

As an NHS Foundation Trust, we have a responsibility to provide information and statistics around what we do and the people we see to organisations both within the NHS and externally. We do this where there is a legal, mandatory, or contractual requirement or where the Trust has decided to participate in a research project to improve the care we provide. The Trust only provides non-patient identifiable data, unless there is a real need such as a legal requirement. Examples of organisations  we may provide your details to include:
• Government departments
• universities
• regulatory bodies for example NHS England, Public Health England and NHS Digital.

We provide that information to:
▪ improve the quality and standards of care provided
▪ research the development of new treatments.
▪ prevent illness and disease
▪ monitor safety
▪ plan services.

If you do not want your confidential patient information to be used for research and planning, you can
choose to opt out securely online or through a telephone service. To find out more or to make your
choice visit nhs.uk/your-nhs-data-matters or call 0300 303 5678.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) your consent
(b) we have a contractual obligation
(c) we have a legal obligation
(d) we have a vital interest
(e) we need it to perform a public task
(f) we have a legitimate interest.

There may be circumstances when we must share information with other agencies. In these rare
circumstances we are not required to seek your consent. Examples of this are if:

  • there is a concern that you are putting yourself at risk of serious harm;
  • there is a concern that you are putting another person at risk of serious harm;
  • there is a concern that you are putting a child at risk of harm;
  • we have been instructed to do so by a court;
  • the information is essential for the investigation of a serious crime;
  • you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest
    relative’ must receive information even if you object; or
  • your information falls within a category that needs to be notified for public health or other legal
    reasons, e.g. certain infectious diseases.

How we store your personal information

Your information is stored securely in our digital databases. All electronic records are stored in the
UK. Only those with a legitimate reason can access your records for example, those providing your
healthcare.

Whenever we change the way we manage personal data we carry out an assessment, and if any
significant risks to privacy are identified a full Data protection impact assessment is carried out as
required by the General Data Protection Regulation.

There is a requirement for us to hold a record of your information for a set length of time which varies
according to the type of information held. You can find further information on the rules that the we
must follow in this document ‘Records Management Code of Practice for Health and Social Care 2021’.

Your data protection rights

Under data protection law, you have rights including your:

    • right of access – you have the right to ask us for copies of your personal information;
    • right to rectification – you have the right to ask us to rectify personal information you think is
      inaccurate – you also have the right to ask us to complete information you think is incomplete;
    • right to erasure – you have the right to ask us to erase your personal information in certain
      circumstances;
    • right to restriction of processing – you have the right to ask us to restrict the processing of
      your personal information in certain circumstances
    • right to object to processing – you have the right to object to the processing of your personal
      information in certain circumstances;
    • right to data portability – you have the right to ask that we transfer the personal information you
      gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at DPA.requests@bdct.nhs.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at DPO@bdct.nhs.uk. You can also complain to the Information Commissioner’s Office (ICO)  if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk