About your information

Personal data means any information relating to a living person, who can be identified, directly or indirectly from that information. Examples of personal data are name, identification number (such as NHS number), address, and date of birth.

Special categories of personal data include:

• Race
• Ethnic origin
• Political opinions
• Religion
• Trade union membership
• Genetics (for example DNA)
• Biometrics (for example body measurements)
• Health information
• Sex life or sexual orientation

We may hold a number of personal details about you.

We keep records about your healthcare and treatment you receive as our patient. This helps you to receive the best possible care because:

• Accurate and up to date information helps us to provide you with the right and best quality care.
• Information required to treat you is readily available if you need to see another doctor or are referred to another part of the NHS.

It also helps the NHS to:

• Prepare statistics on NHS performance.
• Audit NHS services.
• Monitor how we spend public money.
• Plan and manage the health service.
• Teach and train healthcare professionals.
• Conduct health research and service evaluation.
• Plan and develop better services across the healthcare community.

We currently store your data in paper and electronic form. You may have both a securely stored paper clinical record and an electronic record on a clinical system. Systems your information may be held on include Rio and SystmOne.

Under the Common Law Duty of Confidence, the Data Protection Act 2018, and the UK General Data Protection Regulation (UK GDPR), information provided to us in confidence will be used for the purposes advised.

Information and records held is accessed on a 'need to know' basis and training is provided to our colleagues on keeping information confidential, safe, and secure.

All of our staff are required to protect your information. Only the staff who need to are allowed to access your records and personal information.

We may share your data with other health and social care organisations for your care. In this case, the data about you will be identifiable to make sure that everyone involved is clear whose data it is.

When patient information is accessed and used for individual care, then consent is implied, without patients explicitly giving their permission. This is because it is reasonable for patients to expect that relevant confidential patient information will be shared on a need-to-know basis. Examples of health organisations that we might share your information with include your GP or other healthcare organisations if you are referred to them for care. We share information from your health records with other non-healthcare organisations from which you are also receiving care, for example Social Care.

If patients choose to withdraw their consent this may mean it isn't possible to continue providing care and treatment to the patient. Patients are encouraged to discuss this further with the health professional involved in their care.

For purposes beyond individual care, explicit consent is generally required. There are exemptions, for example when required by law or when there is an overriding public interest.

The law strictly controls the sharing of your information and any agency or third-party organisation which receives information about you from the Trust is under a strict legal duty to keep your information confidential.

There are recognised benefits to sharing information with your family, friends or carers so that they can support you in your care.

Our staff will help you to understand these benefits and will:

• Explain to you, your family or carers that we are bound by law and professional codes of conduct and that we have a duty of confidentiality to you.
• Discuss with you what particular information you would like to share and/or withhold.
• Record your views in your medical records and regularly check with you whether those views have changed.
• Explain to your family, friends or carers what information cannot be shared and the reasons for this.

It is important to recognise that we have the same duty of confidentiality to other people if they provide information about you.

Additionally, we may provide your family, friends or carers with general information about you. For example, information about your condition and the behaviour it might cause and advice on managing that behaviour, particularly in a crisis situation. We may also provide contact details for local and national support groups or your care coordinator.

Under the UK GDPR and Data Protection Act 2018 you have specific rights in relation to your data.

The Trust has a duty to provide you with information in relation to how your personal and special category data is collected, stored and processed.

This is provided within this document and also within our privacy notice which can be found in the Your information including privacy notices and statement or you can request a copy from any member of staff.

You have the right to request the rectification of inaccurate personal data and the right to request the erasure of your personal data.

However, the rights to rectification and erasure are not absolute rights and it may be that it is necessary for the Trust to continue to process your personal data for lawful and legitimate reasons.

You have the right in certain circumstances to ask the Trust to stop processing your personal data in relation to any Trust service. You can also request that you do not wish to receive information from the Trust.

However, the right to object to, or restrict processing are not absolute rights and it may be that it is necessary in certain circumstances for the Trust to continue to process your personal data for a number of lawful and legitimate reasons.

If you wish to object your information being processed, receiving information from the Trust, wish to have information rectified or erased, in the first instance please send your request in writing via email to DPOEnquiries@nottshc.nhs.uk.

The Trust doesn't use your information to make automated decisions about you, nor to undertake profiling.

You can request a copy of the information the Trust holds about you by emailing accesstoinformation@nottshc.nhs.uk. You can also telephone us to make this request, the number can be found on the back page of this leaflet.

This information is generally available to you free of charge subject to the receipt of appropriate identification.

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows individuals to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. If you wish to make such a request, please email accesstoinformation@nottshc.nhs.uk.

To safeguard your information and to support your rights, the Trust have appointed a Data Protection Officer (DPO).

The role of the DPO is to monitor internal compliance with data protection legislation and inform and advise staff, patients, carers and the public in relation to data protection. The DPO can be contacted by emailing DPOEnquiries@nottshc.nhs.uk.

To learn more about how we use, manage and maintain confidentiality of your information, please visit: Your information including privacy notices and statement.

Studies show that patients do better when services are actively engaged in research and the Trust is committed to offering service users, carers and staff the opportunity to be involved.

There are distinct differences between research studies, service evaluations and audits.

Research studies try to generate new or transferable knowledge. They might be designed to generate or test a hypothesis or compare different clinical interventions.

Service evaluations are designed to define or determine the effectiveness of current services or care pathways to see if they meet the needs of our patients.

Clinical audits are used to determine if the Trust is meeting a predetermined standard. Most clinical audits are considered to be part of the delivery of direct care to our patients, and the Trust has a legal obligation to conduct them. A small number of clinical audits are conducted based on approval under Section 251 of the NHS Act 2006.

The Trust collects important information about you to help us to deliver your care. Using this information in research studies, service elevations and clinical audits can help improve the standard of care we provide, develop new treatments and monitor safety. The outcomes from these projects can help ensure the NHS provides better healthcare for you, your family and future generations.

Wherever possible, the Trust will use anonymous data for research studies, service evaluations and clinical audit. However sometimes the nature of a project means that pseudonymised or fully identifiable data is needed. We will only use confidential information about you for research studies, service evaluations and clinical audits when we're allowed to do so under the law.

You might be invited to take part in a research study or service evaluation about the care you are receiving or that you have received in the past. If you're invited to participate, the team running the project will explain how your confidential information will be processed to help you decide if you'd like to participate.

Taking part in a research study or service evaluation is voluntary; if you decide to take part but then change your mind, you can withdraw from the project at any time. Your care won't be affected if you decide not to take part or if you withdraw from a project.

Some research studies, service evaluations and clinical audits are approved under Section 251 of the NHS Act 2006. Section 251 approval means that the team running the project have been given permission to use your confidential information without having to ask for your consent.

If you don't want your confidential information to be used for research studies, service evaluations or clinical audits which have been approved under Section 251, you can opt-out under the National Data Opt-Out Scheme.

If you'd like to know more about the work of the Trust's Research and Evidence team, please contact research@nottshc.nhs.uk or visit For Researchers and Evaluators.

The NDOO allows you to decide whether you want your personal information to be used for research projects, service evaluations and clinical audits without your consent.

If you are happy for your information to be used for research projects, service evaluations and clinical audits without your consent, you don't need to do anything.

If you want to opt-out, you can register your choice online via Choose if data from your health records is shared for research and planning - NHS.

You can still take part in a research study, service evaluation or audit if you want to, even if you've opted out of allowing your personal data to be used without your consent.

You can change your decision to opt-out at any time and the care you receive from the Trust won't be affected.

The Trust uses the CRIS (powered by Akrivia Health) platform for research studies, service evaluations and clinical audits. The platform is a safe and secure digital database which has received ethical approval from an independent research ethics committee. It allows authorised users, such as researchers and auditors, to look at large volumes of anonymised and pseudonymised data which makes it easier to see patterns and trends for example, what treatments work for some people but not for others. The data within the platform is copied from the Trust's Electronic Patient Record System, but any information that could be used to directly identify you is removed before it can be accessed by the researchers or auditors. The platform also allows information that the Trust holds to be linked with information held by other organisations such as other healthcare providers.

If you don't want your personal information to be uploaded to the CRIS (powered by Akrivia Health) platform, you can register your preference to opt-out at Choose if data from your health records is shared for research and planning - NHS.

If you would like to know more about the CRIS (powered by Akriva Health) platform, please contact CRIS@nottshc.nhs.uk. Alternatively, you can visit: Information about CRIS and what it can do.

Patients Know Best (PKB) is UHDB's free online patient portal which provides you with access to your personal health records and is designed to improve your patient experience. PKB is a free online patient portal that you can access from any computer, tablet or smartphone or through the NHS App.

PKB securely stores all your health information in one place. It sends you instant notifications when new details, such as appointments, test results, or questionnaires, are available. Further information can be found on the Patients Know Best website.

PKB cannot see your health record and has no control over your record. They keep your information on secure servers. They encrypt the data so no one can see your health record except the people you choose or those with a lawful basis. PKB are registered with the Information Commissioner's Office ( ICO ), which regulates data protection in the UK, and their registration number is Z2704931.

Any information that you choose to input in your PKB account is yours to decide who to share it with, if anyone.

PKB tracks software usage to improve software quality. PKB does not track identifying information or records. PKB uses cookies to improve website operation and usage; for example, we use cookies to set a user's language and to monitor usage trends. Cookies do not contain identifying information such as IPs, health data or personal details.

You are able to see a view of who has viewed the data that you have given your health and care team permission to see by using the access log functionality: Manual - PKB external wikis

For more information, please see PKB's privacy notice: Privacy Statement - Patients Know Best

The Trust participates in the Nottinghamshire Care Record which is a secure digital platform that provides 'view only' access to medical records held by different providers in one place. The platform enables different healthcare providers to electronically share health and social care information, such as hospital and GP attendances, test results, medication and care plans with other Nottinghamshire health and social care providers.

Access is strictly controlled, and only staff who are appropriately trained and authorised can access the information. Data in the platform is only used to provide direct care to you; it is not used for research or service planning purposes. The Trust is Data Controller for all data that we share via the platform. The Interweave Consortium are the Data Processors and provide all the technical infrastructure needed to operate and maintain the platform.

A Data Processing Agreement is in place between the different healthcare providers that use the platform and the Interweave Consortium Interweave Digital. The Agreement is a legally binding document which stipulates how, when and by whom data should be processed. More information about The Notts Care Record is here: The Notts Care Record - Digital Notts.

If you have any queries about the way that your personal data is processed, please contact the Information Governance team: Telephone: 0115 969 1300

Email: informationgovernance@nottshc.nhs.uk

If you would like to make a complaint about the way the Trust processes your personal data, please contact the Patient Advice and Liaison Service (PALS).

 

Patient Advice and Liaison Service (PALS)

Highbury, Hospital, Bulwell Nottingham NG6 9DR

Telephone: 0115 993 4542 Monday to Friday 8.30am until 4.30pm (excluding Bank Holidays)

Email: PALSandcomplaints@nottshc.nhs.uk

You can also contact the Information Commissioner's Office:

Information Commissioner's Office, Wycliffe House Water Lane Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Visit: www.ico.org.uk