COVID-19 privacy notice

What is a privacy notice?

A privacy notice is a statement that describes how Surrey and Sussex Health Care NHS Trust collects, uses, retains and discloses personal information. Different Organisations sometimes use different terms and it can be referred to as a privacy statement, a fair processing notice or a privacy policy.

To ensure that we process your personal data fairly and lawfully we are required to inform you:

  • Why we need your data
  • Our legal reason for collecting your information
  • How it will be used and
  • Who it will be shared with

This information also explains what rights you have to control how we use your information.

The law determines how organisations can use personal information. The key laws are: the Data Protection Act the Human Rights Act 1998 (HRA), relevant health service legislation, and the common law duty of confidentiality.

The data controller responsible for your personal data is Surrey and Sussex Healthcare NHS Trust.  The Trust is registered with the Information Commissioner’s Office.

Registration number: Z720627X

Detailed information about how we use your information is on the Accessing your information page.

You can also download a copy of our privacy notice below.

Data Protection laws gives individuals rights in respect of the personal information that we hold about you.  These are:

  • To be informed why, where and how we use your information.
  • To ask for access to your information.
  • To ask for your information to be corrected if it is inaccurate or incomplete.
  • To ask for your information to be deleted or removed where there is no need for us to continue processing it.
  • To ask us to restrict the use of your information.
  • To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
  • To object to how your information is used.
  • To challenge any decisions made without human intervention (automated decision making)

National data opt out policy

A secure and accessible tool for people to opt-out of their confidential patient information being used for reason other than their individual care and treatment is available.  This means patients have more control over how their information is used and gives them the opportunity to make informed choices about whether they wish their confidential patient information to be used just for their individual care and treatment or also used for research and planning purposes.

Further information is available at NHS data matters.

From March/April 2020 when necessary, the Trust will apply the policy to its data.

You can also opt-out of the national screening programmes.  Further information is available at GOV.UK.

How do I access information you hold about me?

Under the Data Protection Legislation living individuals have a number of rights relating to the personal information that organisations hold about them. One of these is the right to view or obtain copies of the information that we hold about you, including your medical records. This is known as a subject access request or SAR.

More information on how to access information we hold can be found on the Accessing your information page on our website.

Consent and withdrawing consent

The possible consequences of refusing consent will be fully explained to the patient at the time of application of consent and could include delays in receiving care.

In those instances where the legal basis for sharing of confidential information relies on the patient’s explicit or implied consent, then the patient has the right at any time to refuse their consent to the information sharing, or to withdraw their consent previously given.

In instances where the legal basis for sharing information without consent applies then the patient has the right to register their objection to the disclosure, and the Trust is obliged to respect that objection.

In instances where the legal basis for sharing information relies on a statutory duty/power, then the patient cannot refuse or withdraw consent for the disclosure.

We have a duty to:

Ensure your information is accurate and up to date

We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date.

Our staff will check with patients that we have the most accurate and up to date information. However, where patients identify information held by us which is inaccurate, they are asked to notify us either in person when they attend an appointment, or by contacting your own GP.

Store your medical information

Records are retained in accordance with national guidance from the Department of Health and Social Care and the Records Management Code of Practice for Health and Social Care 2016. Records including confidential information are securely destroyed in line with this code of practice.

More information on the retention of records in the NHS can be found on the NHS Digital website.

Keep your information about you secure and confidential

All staff working for the NHS are bound by the Common Law Duty of Confidentiality which means only staff involved with your care are entitled to access information relating to you. This is detailed within the confidentiality agreements signed by staff working at the Trust and is included within mandated annual training provided to staff.

All clinical staff are bound by strict professional codes of conduct which incorporate confidentiality clauses. Further information can be found on the British Medical Association (BMA), General Medical Council (GMC) and Nursing and Midwifery Council (NMC) websites.

We audit staff access to patient information to ensure they continue to abide by the Common Law Duty of Confidentiality.

We also ensure all staff are trained on both Information Governance and Data Security on an annual basis to ensure they know and understand how to keep your information secure and confidential at all times.

Provide information in a format that is accessible to you

For support in accessing patient information or for a translation of this document, an interpreter or a version in large print, Braille or audio; please contact the patient advice and liaison service (PALS) office on 01737 231 958.

The data protection officer for the Trust is Dipa Bhella, information governance manager. Should you have any further queries on the uses of your information please contact on  01737 768 511 or email sash.data.protection@nhs.net

You can also contact the Information Commissioner’s Office, the UK’s independent body set up to uphold information rights.

Information Commissioner’s Office 
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF

ICO Website: https://ico.org.uk/for-the-public/ 
Helpline: 0303 123 1113 (local rate) or 01625 545 745