Skip to content
Muted
  Vibrant
Map & Directions Contact us

Data protection law

We process data on behalf of our patients, staff and other individuals identified by manual or automated records.  We conform to the principles of data protection and ensure that personal data is collected fairly and processed lawfully under the requirements of data protection legislation.

The Data Protection Act 2018 (DPA 2018) / UK General Data Protection Regulation (UK GDPR) provides protection for individuals regarding the processing of their personal data and places specific data protection & privacy considerations on organisations holding and using their information.

Personal data must processed be in accordance with the principles set out in the law and organisations processing personal data must demonstrate compliance with the principles. 

Personal data is only processed by the hospital for legitimate lawful purposes; information is kept as accurate as possible and only for as long as is necessary.  We take all reasonable steps to ensure your data is protected and not shared with anyone who does not have the right to access it.  

If you are aware of any mistakes in the information we hold about you please let a member of staff know or contact Information Governance - infogov@lhch.nhs.uk or Information Governance, Liverpool Heart and Chest Hospital NHS Foundation Trust, Thomas Drive, Liverpool, L14 3PE.

The law gives you the right to see your health record although there are some exceptions to this.  If you are still undergoing treatment you should talk to the healthcare professional responsible for your care and ask if you could see your notes.  Alternatively, to see or obtain copies of your records you need to make a written request to the hospital.

The Data Protection Principles

(a)          Processed lawfully, fairly and in a transparent manner

(b)          Collected for specified, explicit and legitimate purposes

(c)          Adequate, relevant and limited to what is necessary

(d)          Accurate and where necessary kept up to date

(e)          Kept in a form which permits identification of data subjects for no longer than is necessary

(f)           Processed in a manner that ensures appropriate security of the personal data

 

Key definitions

personal data - any information relating to an identified or identifiable individual (data subject); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

controller - the individual, organisation or organisations which, alone or jointly with others, determines the purposes and means of the processing of personal data

consent of the data subject - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

data concerning health - personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status

Read more

Accessing health records and personal information
Privacy notice
Data subject rights
Data protection by design and default (data protection impact assessments)

  

Return to Data protection and confidentiality