Patient privacy notice
Collecting, using and keeping your information secure
Imperial College Healthcare NHS Trust is committed to protecting your privacy when you use our services. This privacy notice explains your rights as a Trust service user, how we use information about you, and how we protect your privacy.
What this notice will tell you:
- How data may be processed in response to COVID-19;
- Our legal basis for processing your data;
- Our purpose for processing your data;
- Whether you have to provide it to us;
- How long we store it for;
- Whether there are other recipients of your personal data;
- Whether we intend to transfer it to another country;
- Your rights and freedoms; and,
- How to lodge a complaint against the Trust to our regulatory body.
Data Processing in response to COVID-19
The health and social care system is facing significant pressures due to the Covid-19 outbreak. As such, the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s-Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak.
What information do we collect from you?
When you attend one of our hospitals or services, data is recorded about you on paper and electronically. We will need to collect information pertaining to your identity, contact information, health information, diagnoses, and other information which allows us to administer healthcare.
What are our legal duties?
We exercise our official authority by collecting, using and, if necessary, sharing your information in order to provide you with care. The Trust will also use personal data to improve medical diagnoses and treatment.
Will the Trust share your data with anyone else?
We share your data with other health and social care organisations directly involved in you care. We will always have a legal framework in place with organisations to ensure that your data will be shared appropriately. We will not provide researchers with data that identifies you personally, unless you have provided explicit, informed consented to this or there is legal justification to provide this information. Where you have elected to apply the National Data Opt Out to your record, we will not share your personal confidential information for purposes beyond the purposes of supporting the provision of health and social care.
What data about me stored elsewhere is shared with the Trust?
If you are already a patient of the Trust, we will be able to view your ‘summary care record’. Apart from the summary care record, other NHS organisations involved in your care may share information with us to help us care for you.
How is my data handled safely?
We have a legal duty keep your data secure. Our staff undertake annual data security and protection training, and the Trust is subject to regular audits and independent reviews to make sure that we do keep your data safe. When we use other organisations to process your data, we ensure these processors comply with legal obligations to keep your data secure.
How long will the Trust keep the data?
The Records Management Code of Practice for Health and Social Care 2016 sets out what people working with or in NHS organisations in England need to do to manage records correctly. This Code of Practice is based on current legal requirements and professional best practice and was published on 20 July 2016 by the Information Governance Alliance (IGA).
How can I access the information the Trust holds about me?
By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. To submit such a request, we ask that you contact the Health Records team via:
- Email firstname.lastname@example.org;
- Phone: 0203 313 04001; or
- Post: Health Records Department, Charing Cross Hospital, Fulham Palace Road, London, W6 8RF.
Who can I complain to?
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation.
You can complain to the ICO at:
Telephone: 0303 123 1113.
The Trust is registered as a data controller under the registration number Z1152836.
Contacting the Data Protection Office
The Trust’s Data Protection Officer is Philip Robinson, you can contact him at:
8th Floor of Salton House
St Mary's Hospital
More information and contacts
You can find out more by reading our full patient privacy notice.
Additional privacy notices
About this page
- Last updated