Collecting, using and keeping your information secure
- We collect information about you to help provide you with the best possible care
- We have a legal duty to keep your information secure. We have regular audits and independent reviews to make sure that we do
- We share your information with other health and social care organisations involved in your care
- We also use your information to contribute to planning, service improvements and medical research. In the case of research, we remove any information that identifies you personally
- We use other organisations to help us process your information – we ensure that your information is also handled securely by them, including when they are based outside of the UK
- We will only use your information for these reasons if it is lawful
- For most patients information is retained for a minimum of eight years from when you were last seen
- You can request access to the information we hold about you and you can ask us to correct any errors
Why do you collect my information?
We collect information about you to help us provide you with the best possible care. The information we collect includes your name, date of birth, NHS number, contact details and notes and correspondence about your health and care.
This information also helps us to plan and improve our services and contributes to medical research. For research purposes, we remove any information that identifies you personally.
What are your legal duties as an NHS Trust?
The law allows us to use your information for your care, for service improvement and for research. We are bound by the General Data Protection Regulation to use your information fairly and lawfully.
In certain circumstances, there may be other reasons why we would use your information – for example, to share information with the police in order to prevent a serious crime – but it will always be in line with our legal duty.
Will my information be shared with anyone else?
We share your information with other health and social care organisations involved in your care. In turn, health and social care organisations involved in your care share your information with us.
We share your information with other NHS organisations to contribute to planning or service improvements.
We share with our research partners to undertake medical research. For these purposes, we remove any information that identifies you personally.
We use other organisations to help us process your information, for example to run our electronic patient records system. The information can only be used in the way that we instruct them to use it. Read our leaflet Using technology to give more time for patient care to learn more.
How is my information kept secure?
We have a legal duty to keep your information secure. Our staff undertake annual training about information security and we have regular audits and independent reviews to make sure that we do keep your information safe. We use other organisations to help us process your information. We make sure these organisations also comply with their legal obligations to keep your information secure, including when they are based outside of the UK.
As part of our commitment to provide transparent information about how we process your data, we have published data protection impact assessments for two of our high profile digital projects: the Care Information Exchange, our patient care portal, and Streams, a secure mobile application that allows clinicians to access a patient’s record at the bedside.
We started these assessments ahead of our deployment of the Care Information Exchange and Streams at the Trust. They are live documents that provide an on-going assessment of risk associated with processing personal data under these projects, as well as the mitigations and controls that are in place to protect the data that is processed.
They provide further information about some of the important data processing operations undertaken by the Trust, and the mechanisms that are in place to regulate and safeguard the processing of your personal data. Where necessary, technical security and commercially sensitive information has been redacted from these documents.
The assessments are available on our Publications page.
How long will you keep my information?
Information is retained for a minimum of eight years from when you were last seen for most patients. For some types of information, we retain the information a longer period. For example, maternity and children’s records must be retained for at least 25 years.
What are my rights regarding my information?
You have the right to request a copy of the information that we hold about you – this is called a ‘subject access request.’ We will provide this on paper or electronically within one month of your request in most cases.
If the information that we hold about you is incorrect, you have the right to have it corrected.
More information and contacts
You can find out more by reading our patient privacy notice.
Our Data Protection Officer is Philip Robinson, you can contact him at:
ICT Division, Charing Cross Hospital, London, W6 8RF
Telephone: 020 3311 7344
If you want to access the information that we hold about you, please email: firstname.lastname@example.org
Imperial College Healthcare NHS Trust is a registered data controller under the Information Commissioner’s Office.
You can contact the Information Commissioner’s Office at:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
About this page
- Last updated