Collecting, using and keeping your information secure

Privacy

  • We collect information about you to help provide you with the best possible care
  • We have a legal duty to keep your information secure. We have regular audits and independent reviews to make sure that we do
  • We share your information with other health and social care organisations involved in your care
  • We also use your information to contribute to planning, service improvements and medical research. In the case of research, we remove any information that identifies you personally
  • We use other organisations to help us process your information – we ensure that your information is also handled securely by them, including when they are based outside of the UK
  • We will only use your information for these reasons if it is lawful
  • For most patients information is retained for a minimum of eight years from when you were last seen
  • You can request access to the information we hold about you and you can ask us to correct any errors

Why do you collect my information?

We collect information about you to help us provide you with the best possible care. The information we collect includes your name, date of birth, NHS number, contact details and notes and correspondence about your health and care.

This information also helps us to plan and improve our services and contributes to medical research. For research purposes, we remove any information that identifies you personally. 

What are your legal duties as an NHS Trust?

The law allows us to use your information for your care, for service improvement and for research. We are bound by the General Data Protection Regulation to use your information fairly and lawfully. 

In certain circumstances, there may be other reasons why we would use your information – for example, to share information with the police in order to prevent a serious crime – but it will always be in line with our legal duty. 

Will my information be shared with anyone else?

We share your information with other health and social care organisations involved in your care. In turn, health and social care organisations involved in your care share your information with us.

We share your information with other NHS organisations to contribute to planning or service improvements.

We share with our research partners to undertake medical research. For these purposes, we remove any information that identifies you personally.

We use other organisations to help us process your information, for example to run our electronic patient records system. The information can only be used in the way that we instruct them to use it. 

How is my information kept secure?

We have a legal duty to keep your information secure. Our staff undertake annual training about information security and we have regular audits and independent reviews to make sure that we do keep your information safe. We use other organisations to help us process your information. We make sure these organisations also comply with their legal obligations to keep your information secure, including when they are based outside of the UK. 

How long will you keep my information?

Information is retained for a minimum of eight years from when you were last seen for most patients. For some types of information, we retain the information a longer period. For example, maternity and children’s records must be retained for at least 25 years.

What are my rights regarding my information?

You have the right to request a copy of the information that we hold about you – this is called a ‘subject access request.’ We will provide this on paper or electronically within one month of your request in most cases.

If the information that we hold about you is incorrect, you have the right to have it corrected.

More information and contacts
 
You can find out more by reading our patient privacy notice.

Our Data Protection Officer is Philip Robinson, you can contact him at:

ICT Division, Charing Cross Hospital, London, W6 8RF
Email: imperial.dpo@nhs.net
Telephone: 020 3311 7344

If you want to access the information that we hold about you, please email: imperial.accesstohealthrecords@nhs.net

Imperial College Healthcare NHS Trust is a registered data controller under the Information Commissioner’s Office. 

You can contact the Information Commissioner’s Office at:

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF  
Website: www.ico.org.uk/concerns
Telephone: 0303 123 1113