All personal data collected by Liverpool Heart and Chest Hospital NHS Foundation Trust is processed in accordance with the requirements of the Data Protection Act 2018 / UK General Data Protection Regulation. This notice explains why we collect personal information and how personal data is used by the hospital.
The Data Protection Act 2018 (DPA 2018) / UK General Data Protection Regulation (UK GDPR)
The hospital processes data on behalf of patients, members of staff and any other living individual identified by manual or automated records.
All personal data collected is held and processed in accordance with the legal obligations placed on the hospital as a data controller by the law. Data controllers are organisations who determine how and why personal data is processed, and the law sets out the main responsibilities for organisations in the data protection principles. We conform to the principles and ensure personal data is collected fairly and processed lawfully. Processing includes obtaining, recording, holding, altering, retrieving, destroying or disclosing.
It is important that the information we hold about you is accurate. If you are aware of any inaccuracies in this information please let a member of staff know. Data is only processed for legitimate purposes, is kept as accurate as possible and only as long as is necessary. We follow the retention periods set out in the Records Management Code of Practice for Health and Social Care. We take all reasonable steps to ensure your data is protected and not shared with anyone who does not have the right to access it.
In addition to the Data Protection Principles patient confidentiality is supported by compliance with the common law duty of confidentiality and the Caldicott Principles covering the use of personal information of patients.
How we use information - patients
The hospital collects and uses your personal information for a number of purposes and the information we collect is important to support your care and is also a record of your relationship with healthcare staff involved in providing your care e.g. doctors nurses, administration and clerical staff.
This relationship is based on mutual trust and confidence and we will do everything possible to protect and maintain that trust. It is important that the details you provide are accurate and that you let us know of any changes to them e.g. if you change address.
How the NHS and Care Services use your information
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
See what is meant by confidential patient information
Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
Find out more about the benefits of sharing data
Understand more about who uses the data
Find out how your data is protected
Be able to access the system to view, set or change your opt-out setting
Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
While the deadline for health and care organisations to comply with national data opt-out policy is now 31 July 2022, your registered choice will be applied by Liverpool Heart and Chest Hospital in line with the policy with effect from 1 April 2022.
Compliance with data protection requirements is monitored by our Information Governance Team and any concerns raised are investigated.
If you have a query about how the Trust uses information, please contact Information Governance email@example.com or our Data Protection Officer: Wyn Taylor, Head of Information Governance and Data Protection Officer firstname.lastname@example.org.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us by email to email@example.com or by post to Information Governance, Liverpool Heart and Chest Hospital NHS Foundation Trust, Thomas Drive, Liverpool, L14 3PE.
You can also complain to the Information Commissioner's Office (ICO) if you are unhappy with how we have used your data. The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Helpline number: 0303 123 1113
ICO Website: https://www.ico.org.uk