Direct Care and Administration
Data Processing Purposes
- Providing direct care and treatment
- Carrying out local clinical audits; reviews of the care provided to make sure it is of the highest standard
- To support national clinical audits and national confidential enquiries
- External validation of care and services provided by Regulatory bodies such as Monitor and the Care Quality Commission
- Waiting list management
- Monitoring performance against national targets
- Activity monitoring
- Paying the hospital and its staff for the care they give you.
- Auditing financial accounts
- Fully investigate any concerns or complaints raised about direct care provided
- We share information safeguard patients and family members with local authorities in line with current legislation
Information may be shared with
Health care cannot be delivered unless relevant information is shared amongst healthcare professionals therefore information will be shared with other health professionals who become involved with your care and may be shared with other organisations. These organisations may include:
- Your GP
- Community Pharmacies
- Community Services e.g. district nurses
- Other NHS hospitals
- NHS Walk-in Centres
- NHS Direct & Care Direct
-
NHS App https://www.nhs.uk/nhs-app/nhs-app-legal-and-cookies/nhs-app-privacy-policy/privacy-policy/
- Out of Hours Doctors Services
- Local Authority Departments, including Social Services, Education and Housing
-
Voluntary organisations
- Private Sector providers (private hospitals, care homes, hospices)
- National audit bodies listed by Healthcare Quality Improvement Partnership (HQIP) and with the National Confidential Enquiry into Patient Outcome and Death
Access to shared systems
The hospital is part of the Cheshire and Merseyside Radiology Network consortium that use the same Radiology system. All access and sharing arrangements are closely monitored by the NHS Trusts within the consortium. More information about the sharing arrangements in place can be obtained from our Radiology Department or Data Protection Officer (DPO).
The hospital is part of the North West Congenital Heart Disease Network; to support direct patient care and treatment the Network routinely shares clinical information. All access and sharing arrangements are closely monitored by the NHS Trusts within the Network. More information about the sharing arrangements in place can be obtained from our Congenital Heart Disease team or Data Protection Officer (DPO).
Further information about the North West CHD Network is available online at: https://www.northwestchdnetwork.nhs.uk/
NHS app
Liverpool Heart and Chest Hospital NHS Foundation Trust supports digital access to patient services via the NHS App. Patients may now securely:
- View appointment correspondence
- Request cancellations or rebooking’s
- Access a single point of contact for managing their care
This functionality is enabled through NHS England’s NHS Wayfinder services, which securely connect appointment and patient data to the NHS App.
When a patient chooses to use the NHS App, relevant data (such as appointment details, NHS number, and contact information) is securely transferred from LHCH to Cisco, who manages the information. Cisco then passes a streamlined version of this data to NHS England’s services, enabling the NHS App to display the necessary information to the patient.
If a patient does not access their appointment correspondence via the NHS App, the Trust will continue to communicate through alternative methods such as postal letters, phone calls, or SMS, in line with internal processes and patient preferences.
All data sharing complies with UK GDPR and the Data Protection Act 2018. Patients are informed of their rights, including the ability to opt out of digital communications and access further information via the NHS App Privacy Policy: NHS App Privacy Policy
Service Privacy Notices
- Targeted Lung Health Checks
Lawful Basis
- GDPR Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- GDPR Article 9(2)(h): Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
- GDPR Article 6(1)(c): processing is necessary for compliance with a legal obligation to which the controller is subject