<?php echo $image->getTitle() ?>

Data Protection and Access to Health Records

Warrington and Halton Hospitals NHS Foundation Trust is registered with the Information Commissioner's Office to process personal and sensitive personal data under the UK Data Protection Act. The current Act sets new standards for protecting data in accordance with the General Data Protection Act (GDPR).

All our staff have a duty to ensure that personal information, given in confidence, remains confidential. The duty of confidence is reinforced in common law, statute, disciplinary codes and our contract of employment. The privacy statement of the CQC, the independent regulator of health and social care in England, can be read here.

The General Data Protection Regulation (GDPR) came into force on 25th May 2018. GDPR is designed to strengthen data protection law across the EU and will be effective in the UK regardless of the UK’s exit from the EU.

There are many similarities between previous data protection legislation and the new UK Data Protection Act and GDPR, but there will also be a number of changes including new responsibilities placed upon data controllers and processors, increased regulatory powers and new rights for data subjects. The General Data Protection Regulation provides a legal basis for the processing of general personal data and special category data under articles 6 and 9 respectively for healthcare provision.

An overview of GDPR can be found here

Information regarding your rights can be found here

We aim to provide you with the highest quality care. To do this we must keep records about you and the care we provide for you. The General Data Protection Regulation provides a legal basis to process both personal and sensitive data for the provision of health care.

Health Records are held on paper and electronically and we have a legal duty to keep these confidential.

Information collected about you to deliver your health care is also used to assist with:

  • Making sure your care is of a high standard
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care
  • Preparing statistics on our performance for the Department of Health and Social Care and other regulatory bodies
  • Helping train our staff and support research
  • Supporting the funding of your care
  • Reporting and investigation of complaints, claims and untoward incidents
  • Reporting events to the relevant authorities when we are required to do so by law
  • Using statistical information to look after the health and wellbeing of the general public and for planning services to meet the needs of the population.
  • Completion of the NHS patient survey programme

The Trust’s privacy notice which explains how we use your data can be accessed here

The Trust's most recent Data Security and Protection Toolkit Assurance report is available here

A list of Data Protection Impact Assessments is available here

COVID-19 and your information - Supplementary privacy note on COVID-19 for Patients/Service Users - view here.

The National Data Opt-Out

he national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian’s review of Data Security, Consent and Opt-Outs.

You can view or change your national data opt-out choice any time, by visiting: www.nhs.uk/your-nhs-data-matters.

By March-end 2022 all health and care organisations are required to be compliant with the national data opt-out policy, where confidential patient information is used for research and planning purposes. NHS Digital and Public Health England are already compliant and are applying national data opt-outs. Find out more about compliance.

National Data Opt-Out Privacy Notice

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. At this page you can learn more about confidential information, the benefits of sharing data and find out about scenarios when the opt-out will apply.

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your opt-out choice at any time.

Health and care organisations have until 31/03/2022 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

If you require advice about accessing your personal information the Trust’s Medico-Legal team can be contacted on access to your information the Trust’s Medico-Legal team at: whh.medico.legal@nhs.net

The subject access form that we ask you to complete in order to gain access to your records can be accessed here

If you have any further queries on the uses of your information please speak to one of the following:

  • Your healthcare professional.
  • The Patient Advice and Liaison Service (known as PALS). They can be contacted on 01925 635911.
  • Our Data Protection Officer (Information Governance Manager) on 01925 635911 ext. 5673 or at whh.dataprotection@nhs.net
  • Employees and former employees that require access to their personal information should email whh.dataprotection@nhs.net  You can also find out more information by reading the staff privacy notice leaflet that can be found on our extranet. 

Should you wish to complain about the use of your information please contact our complaints team using the PALS information above.

If you remain unsatisfied with the outcome of your enquiry you can write to:

The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephone them on 01625 545700.

Back to Patient and visitor guides