How We Use Your Information

This Practice has taken steps to ensure compliance with the new regulation so that your information is held securely and is available when your health care professionals need it in connection with your care and treatment.

Why we collect personal information about you?

The staff caring for you need to collect and maintain information about your health, treatment and care, so that you can be given the best possible care.

What is our legal basis for processing your personal information?

Any personal information we hold about you is processed for the purposes of ‘provision of health or social care or treatment or the management of health of social care systems and services under chapter 2, section 9 of the Data Protection Act 2018

What personal information do we need to collect about you and how do we obtain it?

Personal information about you is collected in a number of ways. This can be from another hospital, directly from you or your authorised representative. We will likely hold the following basic personal information about you: your name, address (including correspondence), telephone numbers, date of birth, next of kin contacts and your GP details, etc. We might also hold your email address, marital status, occupation, overseas status, place of birth and preferred name or maiden name.

What do we do with your personal information and what we may do with your personal information?

Your records are used to directly, manage and deliver healthcare to you to ensure that:

  • The staff involved in your care have accurate and up to date information to assess and advise on the most appropriate care for you.
  • Staff have the information they need to be able to assess and improve the quality and type of care you receive.
  • Appropriate information is available if you see another healthcare professional, or are referred to a specialist or another part of the NHS, social care or health provider.

Who do we share your personal information with and why?

We may need to share relevant personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities such as NHS England, Public Health England, other NHS trusts, general practitioners (GPs), ambulance services, primary care agencies, etc. We will also share information with other parts of the NHS and those contracted to provide services to the NHS in order to support your healthcare needs.

We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services or private care homes. However, we will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or where current legislation permits or requires it.

How we maintain your records?

Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.

We hold and process your information in accordance with the Data Protection Act 2018. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.

We have a duty to:

  • maintain full and accurate records of the care we provide to you;
  • keep records about you confidential and secure;
  • provide information in a format that is accessible to you.

Use of Email Sometimes we may communicate with patients via email. Please be aware that the Practice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.

What are your rights?

If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. You have the right to:

  • Request access to the personal data we hold about you. (This is known as a ‘Subject Access Request’). More information on Subject Access Requests can be found in the patient information folder.
  • Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards.
  • Refuse/withdraw consent to the sharing of your health records: we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, (e.g. research
  • Request your personal information to be transferred to other providers on certain occasions.

Where can I find further information?

If you would like to know more about how we use your information or if you do not wish to have your information used in any of the ways described above, please contact Louise Threlfall at end of this leaflet.

If you would like to know about more general information about the Data Protection Act 2018, or if you have a complaint, you can contact the Information Commissioner’s Office.

Information Commissioner’s Office Wycliffe House

Water Lane Wilmslow Cheshire SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

If you would like a copy of your health record please contact:

Louise Threlfall

Marshalls Cross Medical Centre

Who is the Data Protection Officer?

As part of compliance with GDPR, the Practice has appointed a Data Protection Officer –

Mr Craig Walker, Head of Information Governance & Quality Assurance
St Helens and Knowsley Teaching Hospitals NHS Trust
St Helens,
Merseyside,
WA10 3TP

Telephone: 0151 676 5698

Email: ig@sthk.nhs.uk