Information Governance
Confidentiality of personal information
Information about you
Your rights as a data subject
- Right to be informed—see this leaflet and also our website for our privacy notice
- Right of access—please see ‘Request your health records’ section and also our website
- Right to rectification—see ‘How can you help us to help you?’ section
- Right to erasure—not applicable for health data, see ‘Consent’ section
- Right to restrict processing—see ‘Consent’ section
- Right to data portability—we will handle the request accordingly
- Right to object—see ‘Consent’ section
- Rights in relation to automated decision making and profiling—no known instances
What information do you keep about me?
Collectively, all the information we hold about you is called your health record.
It includes general personal information (such as your name, address, next of kin and GP) and sensitive information (such as health reports, test results, operations and other treatments, ethnicity and religion).
These records may be kept in either or both paper and electronic form.
Why do you need information about me?
We need information about you to identify you on each visit and to ensure that you get the best possible care and treatment appropriate to your needs.
How is information about me used?
Your information is collected so we can use it for your direct care. This will involve sharing it with other health and social care professionals involved in your care, such as doctors, nurses, therapists and your GP—as well as some administrative staff.
We also participate in some national audits and will submit your data to the Secondary Uses Service (SUS), the single repository for healthcare data in England, which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services.
Other reasons we need accurate data about you and other patients include:
- Ensuring patient needs are met now and in the future
- Helping staff review the standard of care they provide and inform staff training needs
- Investigating any complaints or legal claims
- Ensuring NHS money is spent wisely
- Improving our services through research
Consent
While we do not require consent to hold and use the information in your records for the provision of healthcare, we will always seek your consent for any secondary use, such as research. The Trust does not use identifiable personal data for research purposes without your agreement.
Sharing of information
Please note that we share information for clinical purposes and as required by UK legislation. For instance, we will automatically send copies of letters and discharge summaries to your GP following a visit, unless you ask us not to. There is more information available on the Trust website indicating how information is shared. You can restrict this by requesting us not to share information.
In certain circumstances, the Trust is legally required to report information to the appropriate authorities. Examples include:
- When there is a serious risk to public health such as with certain infectious diseases
- The prevention, detection or prosecution of a serious crime
- At the request of a formal court order
In all cases we would only disclose the minimum information necessary.
Objections to use of your information
You can withdraw or object to the use of your information by contacting the Data Protection Officer. See contact details on the blue panel of this leaflet.
Reminder service
For our appointment reminder services, a third party will send automated voice or text messages, or get an agent to call or email you. This reduces missed appointments and ensures you obtain results faster. If you would like to opt out of this service, please state your wishes at the reception desk.
Access to health records
Can I access my health records?
Yes. You are entitled to see most personal data about you. An exception would be where it was deemed to be harmful to you or someone else. Any reference to third parties, apart from NHS professionals, would also have to be hidden, unless their consent was also obtained.
How do I apply to see my health records?
To request a copy of your own (or a dependent’s) health records it would be helpful if you could complete the Access to Health Records Subject Access Request (SAR) application form.
Requests can be verbal or written with or without the form but in all cases the request will need to be recorded accurately and ID obtained to prove identity. The form saves time and confusion for both the requester and the Trust.
Please provide the approximate dates of any treatment for which you want to see the record and say what type of treatment you received. You can either ask for a copy or come in and view the originals, under supervision.
What’s the cost and how long will it take?
Access to information is free and it will be provided within either 1 month or, if the request is complex, up to 3 months.
How can you help us to help you?
Our staff should confirm your basic details such as your name, address and GP practice each time you visit the hospital. If they forget then please remind them. If you spot errors on the automated check-in, please inform a member of staff.
Please make sure that you always:
- Give us accurate and full information on first contact and check
- Let us know as soon as possible if any of your personal details have changed, otherwise there is a danger you will miss crucial appointments or that we won’t be able to contact you quickly in an emergency
- Provide your NHS number if possible
- Tell us if you notice mistakes in the information we have about you, as this helps us keep our information reliable and up-to-date
- Always give your full regular registered name rather than nicknames/short name or other name, as we have to match our records with your GP practice records—the spelling and order of names is particularly important and accounts for around 70% of errors
Confidentiality
Health records should not be left where unauthorised people can access or view them. If you observe any instance where we do not respect the confidentiality of your or other’s information we would like you to report this to a member of staff or our Information Governance team at chelwest.information.governance@nhs.net.
Confidentiality of personal information—your information, your rights
How can you help us to help you?
Accuracy of data
Our staff should always verify your basic details such as name, address and GP practice each time you visit the hospital.
If you spot errors on the automated check in, please inform a member of staff.
Always ensure that you:
- Give us accurate and full information on first contact and check it
- Let us know ASAP if any of your personal details have changed, or you risk missing crucial appointments or we won’t be able to contact you quickly in an emergency
- Provide your NHS number if possible
- Tell us if you notice mistakes in the information we have about you, as this helps us keep our information reliable and up to date
- Always give your full regular registered name rather than nicknames/short name or other name, as we have to match our records with your GP practice records. The spelling and order of names is particularly important, and accounts for around 70% of errors
Confidentiality
Health records should not be left where unauthorised people can access or view them. If you observe any incidence where we do not respect the confidentiality of your or other’s information, please report this to a member of staff or to our Information Governance Team. See useful contact information on this leaflet.
Data protection
Chelsea and Westminster Hospital NHS Foundation Trust is required to comply with laws and regulations that apply to protecting your data and how it is used. They are the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.
Information about you
Your rights as a data subject:
- Right to be informed – covered on this page and on the 'How we use your information' page
- Right of access – please see ‘Access to health records’ below and the 'Request your health records' page
- Right to rectification – see ‘How can you help us to help you?’ above
- Right to erasure – not normally applicable to health data
- Right to restrict processing and/or Right to object – only applies under certain circumstances, please see 'Further details' below
- Right to data portability – we will handle the request accordingly
- Rights in relation to automated decision making and profiling – we will handle requests accordingly
What information do you keep about me?
Collectively, all the information we hold about you is called your health record. It includes general personal information (for example your name, address, next of kin and GP) and sensitive information such as health reports, test results, operations and other treatments, ethnicity and religion. These records are kept in both paper and electronic form.
Why do you need information about me?
To identify you on each visit, and in order to ensure that you get the best possible care and treatment appropriate to your needs.
How is information about me used?
Your information is collected so we can use it for your direct care. This will involve sharing it with other health and social care professionals involved in your care, such as doctors, nurses, therapists and your GP as well as some administrative staff.
We will also participate in some national audits and submit your data to the Secondary Uses Service (SUS) which is the single repository for healthcare data in England which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services.
Other reasons we need accurate data about you:
- Ensure patient needs are met now and in the future
- Help staff review the standard of care they provide and feed staff training needs
- Investigate any complaints or legal claims
- Ensure NHS money is spent wisely
- Improve our services through research
Research is generally consent based and you will be invited to opt in. The Trust does not use identifiable personal data for research purposes without your agreement.
Consent
We do not require consent to hold and use information in your records for provision of healthcare.
If consent is needed for any secondary use, such as research, then this will be obtained separately.
Sharing of information
Please note that we share information for direct care purposes and as required by UK legislation. We will automatically send copies of letters and discharge summaries to your GP and to your home following a visit unless you ask us not to. See 'How we use your information' for more details.
In certain circumstances the hospital is legally required to report information to the appropriate authorities. Examples include:
- Where there is a serious risk to public health such as with certain infectious diseases
- The prevention, detection or prosecution of a serious crime
- At the request of a formal court order
In all cases we would only disclose the minimum information necessary.
National Data Opt Out (NDOO)
This was introduced following the National Data Guardians report in 2013 and implemented in 2018, and allows you to opt out of your data being shared for secondary uses (eg service development and research). The Trust has a policy in place and complies with the NDOO.
Reminder/appointment outcome service
For any reminder/appointment outcome service that we run, a third party will send automated voice or text messages or get an agent to call you or e-mail you. This reduces missed appointments ensures you obtain results faster and patients find it helpful. Links to outcome letters are also sent electronically.
Please make the Trust aware if others access your email, phone or text messages. The services assume that you are the only person that accesses the information relating to your appointment.
Access to health records
Can I get access to my health records?
Yes. You are entitled to see most personal data about you by submitting a subject access request (SAR). Exceptions would be where it was deemed to be harmful to you or someone else. Any reference to third parties, apart from NHS professionals, would also have to be hidden, unless their consent was also obtained.
How do I apply to see my health records?
Please see 'Request your health records' or write to the Health Records Department (addresses below).
What is the cost and how long will it take?
Access to information is usually free, and it will be within either one calendar month or, if the request is complex, up to three months.
Contact details
Health Records Department
Chelsea and Westminster Hospital
369 Fulham Road
London
SW10 9NH
Health Records Department
West Middlesex University Hospital
Twickenham Road
Isleworth
Middlesex
TW7 6AF
Further information
Information Governance Team
For questions on information governance or the use of your data please email chelwest.information.governance@nhs.net.
Data Protection Officer (DPO) and Head of Information Governance
Graham Trainor
E: DPO.Chelwest@nhs.net
Caldicott Guardian
Dr Julian Collinson
E: julian.collinson@nhs.net
Senior Information Risk Owner (SIRO)
Kevin Jarrold
E: kevin.jarrold@nhs.net
Freedom of Information
For non-personal information requests please email chelwest.FOI@nhs.net.
The Data Protection Officer for the Trust can be contacted at DPO.Chelwest@nhs.net.
Information Commissioner’s Office (ICO)
- Information Commissioner’s Office
- 0303 123 1113