Security of Information
Confidentiality affects everyone: Surrey and Sussex Healthcare NHS Trust collects, stores and uses large amounts of personal data every day, such as medical or personal records which may be paper-based or held on a computer.
We take our duty to protect your personal information and confidentiality very seriously and are committed to taking appropriate measures to ensure it is held securely and only accessed by those with a need to know.
At executive level, we have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all our information systems and the data they hold. The SIRO also makes sure that any associated risks or incidents are documented and investigated appropriately. We also have a Caldicott Guardian who has particular responsibility for providing advice on protecting patient confidentiality and sharing patients’ information securely when appropriate.
The NHS Care Record Guarantee
Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
The Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing. Copies of the full document can be obtained from:
Why do we collect information about you?
The doctors, nurses and team of healthcare professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care and may be written on paper or held on a computer. They may include:
- Basic details about you such as name, address, date of birth, next of kin, GP practice etc.
- Contact we have had with you such as appointments or clinic visits.
- Notes and reports about your health, treatment and care.
- Results of x-rays, scans and laboratory tests.
- Relevant information from people who care for you and know you well such as health or social care professionals, relatives or carers.
It is essential that we have accurate and up to date information about you so that we can give you the best possible care. Please check that your personal details are correct whenever you visit us and inform us of any changes, for example, to your contact details or GP practice as soon as possible. This minimises the risk of you not receiving important correspondence.
How we use your personal information
In general terms, your records are used to direct, manage and deliver your care so that:
- The doctors, nurses and other health or social care professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you.
- Health and social care professionals have the information they need to assess and improve the quality and type of care you receive.
- Appropriate information is available if you see another doctor, or are referred to a specialist or another part of the NHS or social care.
- Your concerns can be properly investigated if a complaint is raised.
When do we share information about you?
We share information about you with others directly involved in your care; and also share more limited information for indirect care purposes, both of which are described below:
Direct care purposes:
Unless you object, we will normally share information about you with other health and social care professionals directly involved in your care so that you may receive the best quality care. For example every time you attend the hospital as a patient, we will send your GP a summary of any diagnoses, test results or treatment given.
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it or we have your permission. Examples of who we may share your information, subject to strict agreement about how it will be used, are:
- Social Care Services
- Education Services
- Local Authorities
- Voluntary and private sector providers working with the NHS
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as when either your or somebody else’s health and safety is at risk; or the law requires us to pass on information.
Indirect Care Purposes:
We also use information we hold about you to:
- Review the care we provide to ensure it is of the highest standard and quality
- Ensure our services can meet patient needs in the future
- Investigate patient queries, complaints and legal claims
- Ensure the hospital receives payment for the care you receive
- Prepare statistics on NHS performance
- Audit NHS accounts and services
- Undertake heath research and development (with your consent – you may choose whether or not to be involved)
- Help train and educate healthcare professionals
Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be de-identified first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and Health and Social Care Information Centre’s websites:
Other ways in which we use your information:
Telephone calls to the Surrey and Sussex NHS Trust are routinely recorded for the following purposes:
- To prevent crime or misuse.
- To make sure that staff act in compliance with Trust procedures.
- To ensure quality control.
- Training, monitoring and service improvement
SMS text messaging and automated voice reminders
We use your telephone number(s) to send your appointment details via SMS text message and we also send automated reminder calls a few days before the appointment.
Most of our patients appreciate these reminders and we know that it reduces the number of missed appointments, but if you do not wish to receive them please let us know by telephoning 01737 768511 Ext: 1580
Your right to object
You have the right to restrict how and with whom we share information in your records that identifies you. If you object to us sharing your information we will record this explicitly within your records so that all healthcare professionals and staff involved with your care are aware of your decision. If you choose not to allow us to share your information with other health or social care professionals involved with your care, it may make the provision of treatment or care more difficult or unavailable. Please discuss any concerns with the clinician treating you so that you are aware of any potential impact. You can also change your mind at any time about a disclosure decision.
How you can access your records
The Data Protection Act 1998 gives you a right to access the information we hold about you (unless an exemption applies). Requests must be made in writing to the Medical Records Subject Access Team at East Surrey Hospital and accompanied by evidence of your identity and the fee.
There is more information about this and an application form that you may wish to use on our website: www.surreyandsussex.nhs.uk
We will then provide your information to you within 40 days of receipt of:
- your written request
- satisfactory evidence of your identity
- authority to act on someone else’s behalf (if appropriate)
- the fee
- an indication of what information you are requesting to enable the Trust to locate it in an efficient manner.
If you think any information we hold about you is inaccurate please let us know.
The Data Controller responsible for keeping your information confidential is:
Surrey and Sussex healthcare NHS Trust
Telephone: 01737 768511
The Data Protection Act 1998 requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:
Information Commissioner’s Office
Telephone: 0303 123 1113
Freedom of Information
The Freedom of Information Act 2000 (FOIA) provides any person with the right to obtain recorded information held by the Surrey and Sussex Healthcare NHS Trust, subject to a number of exemptions. If you would like to request information from us, please visit the Freedom of Information section of our website. However, please be aware that you cannot use the FOIA to obtain access to your personal information – such requests are handled under the Data Protection Act, as described above.