Why do we collect information about you?
The NHS aims to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided, or plan to provide to you.
Health records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with the Data Protection Act.
Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold on to any other third parties.
Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.
Our legal reason for collecting your information
The Trust has to provide a legal basis for the processing of your information. The Trust is part of the NHS which has a public duty to care for its patients. Under the Data Protection Act the Trust may process information which is appropriate to provide the health and social care treatment to patients, as well as the management of health or social care systems and services.
If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us to not use your information in this way, however there might be times when we still have to share your information; if this is the case we will discuss this with you.
What records do we hold?
If you are a patient, we hold records about you which may include:
Basic details such as address, date of birth, next of kin/emergency contact details
Name, address and date of birth: We collect your name, address and date of birth to enable us to send you letters about your care such as appointment letters. Additionally, your name, address and date of birth are used to identify you and distinguish you from other patients. A change of name or incorrect date of birth can result in misidentification; please inform us of any changes to your details.
Telephone numbers: We collect contact telephone numbers for you which will be used to contact you about your care. We will use your mobile telephone number to send a text message reminder of a forthcoming appointment.
If you do not wish for your mobile number to be used in this way, please contact the Information Governance Department.
Next of kin / emergency contact information: We collect details of your next of kin as a person you would like to be contacted in an emergency. The person you name as a next of kin has no legal right to any confidential information held by us about you or to make any decisions about your care. An individual who wishes to make a decision about your care must obtain the appropriate legal Power of Attorney. If a patient dies in the hospital, we will contact the patient’s relatives and/or the named next of kin to provide information on the bereavement services managed by the Trust such as a bereavement meeting with an Emergency Department consultant or the annual memorial service. If a named next of kin or patient’s relative does not wish to be contacted in this way, they should inform the member of staff involved with the care of their relative.
The Trust participate in National End of Life Care Audits/surveys. A patient’s next of kin may be contacted to ask if they would like to participate in the audit or survey. Participation in these audits helps the Trust and the NHS to improve end of life care for patients.
Ethnicity: We are legally required to collect your ethnicity to ensure that we provide a fair and open service where all patients receive equal treatment. An individual’s ethnicity can also have a bearing on the type of illnesses an individual is susceptible to. Anonymised information on patient’s illnesses/disease and their ethnicity is passed by us to the Department of Health & Social Care who share this information with the World Health Organisation to identify patterns in illness or diseases.
Disability or language preferences: This information is collected to enable the Trust to provide care which meets your needs such as accommodating wheelchair users or providing interpreters.
Religion: We offer all patients a Chaplaincy service. Your religion is passed to the Chaplains who run this service to enable them to visit you whilst in hospital to ensure the pastoral and spiritual needs of patients, their families and staff members are adequately supported.
Details about contact the Trust has had with you such as clinical visits
We maintain manual and electronic information about your inpatient and outpatient visits, and visits to the Emergency Department. Details of your outpatient clinic visits, stays in hospital, appointment letters, notes, x-rays, laboratory tests and reports relating to your health and treatment are stored in a manual and electronic record.
Your record is shared with clinical staff providing your care, to ensure consistent, appropriate and safe healthcare is provided to you.
Details and records about your treatment and care
To ensure the treatment and care provided to you by the Trust is appropriate and consistent, details and records about the treatment and care you have been provided will be recorded. This will ensure that there is a full and comprehensive record which is available to all clinical staff who are involved with providing you care and treatment.
We work in partnership with other NHS organisations such as:
The clinical staff from these organisations may attend a Multidisciplinary meeting (MDT) to review a patient’s care and treatment to ensure the best care and treatment is being provided. If you do not wish for your information to be shared with a Multidisciplinary Team, please inform your consultant.
During your treatment the healthcare professional you see will make notes and write a report or letter about the care they have provided to you. Copies of letters will be sent to your GP and a copy will be placed in your manual and electronic record. Therefore it is very important we have your correct GP details.
Where we do not have your correct GP details, information about the care you have been given may not be received by your GP in a timely manner. This could affect your on-going care.
Results of X-rays and tests
As part of your care, you may have provided samples e.g. urine or blood etc. which will be processed by the Trust’s laboratory, or, if a specialised test, with a partner laboratory. The results of these tests and a record of the drugs you have been prescribed are stored by the Trust. The Trust is part of Berkshire Surrey Pathology Services (BSPS). BSPS is a joint venture of Pathology Services between Frimley Health, Royal Berkshire, Royal Surrey and Ashford and St Peters NHS Foundation Trusts.
Where you have had an x-ray as part of your treatment, the Trust will keep an electronic copy of this x-ray and may share this with other NHS Organisations who are involved with your care or to whom you have been transferred/discharged/or providing out of hours services.
Relevant information from other NHS Professionals who care for you e.g. your GP
When you visit your GP or another NHS Trust and they refer you to Frimley Health for treatment, they will write to the hospital detailing your current medical conditions and the treatment required.
We may also obtain information to assist in giving you the best, most appropriate care from other people who care for you and know you well, for example health and social care professionals and relatives.
It is good practice for people in the NHS who provide care to discuss and agree with you, what they are going to record about you.
Discuss and agree with you what they are going to record about you
The NHS has seven key principles, one of which is “The NHS aspires to put patients at the heart of everything it does”. Trust staff will work with you to deliver the best possible care including discussing with you the care they are going to provide.
We try to make sure that patients are involved with the decisions about their care. A copy of letters sent to your GP about your care will also be sent to you.
Show you what they have recorded about you, if you ask
To continue to include you in decisions about your care whilst you are in hospital, if you ask during your consultation/treatment, the appropriate staff can show you what they are writing in your medical record about the care they are providing you. However, if you wish to obtain a copy of your medical records, you will need to put your request in writing to the Access to Health Records Team. Information on how to request a copy of your medical record can be found in the 'Our Obligations' section below.
How your records are used
The people who care for you use your records to:
Produce a record of all health decisions made about you and the care provided to you
Your information is used by clinical, support workers and administrative staff; this could include professionals based in another location. Clinical staff access your information to view the care you have been provided and to ensure the care they give you is appropriate, safe and effective.
Clinical support workers and administrative staff may also access your records to support our clinical staff e.g. Support Workers in the delivery of your care, additionally administrative staff ensure the care you have been provided with is recorded correctly and will communicate this with your GP.
Where appropriate, information about your care will be securely shared with other organisations to enable continuation/support of your care e.g. other NHS hospitals, hospices, community services, your GP and Social Services.
Staff within the Trust have access to the Summary Care Records which details basic information and lists your current medication, e.g. this system is accessed by the Trust's Pharmacy staff when issuing your prescriptions. The Trust will use the services of external companies to deliver patient’s prescriptions to them. Where this is the case, the Trust will inform and ensure that patients wish to use such a service.
If you need to be transferred to another hospital for further treatment, information about your medical condition and care will be sent to the hospital you are being transferred to.
We accommodate Hampshire, Slough and Surrey Social Services and work with Social Services staff whilst you are still in hospital to plan your discharge home. Information relating to your discharge arrangements will be recorded by Social Services within their manual and computerised records. Trust staff meet weekly with social services to help plan and manage your discharge from hospital.
We are a Vascular Hub and a Cardiac Centre for Surrey, Hampshire and Berkshire. Therefore, details of your clinical care could be securely shared between the NHS Trusts in these counties to support and deliver your care e.g. your x-ray images taken at Hampshire Hospitals NHS Foundation Trust could be securely shared with clinicians based at Frimley Park Hospital to discuss your care, and then passed to Royal Surrey County Hospital NHS Foundation Trust where your care will be provided.
Support you during your time in hospital
Any dietary requirements are passed to the Catering Department with your choice of meal to ensure your dietary needs are met.
We have a contract with Dial-a-Ride to provide transport to and from the hospital. Therefore, information such as your name and address will be securely shared with Dial-a-Ride to enable them to transport you to and from the hospital. The company will also be provided with basic information about your medical condition to ensure they provide the correct type of transport e.g. room for a wheelchair, oxygen supply etc.
Charities such as the Stroke Association, Samaritans, Age UK and Macmillan work alongside Trust staff to support patients, and you could ask for them to be contacted to help you whilst both in hospital and after you have been discharged. This will only be done with your explicit consent.
The Trust uses whiteboards in ward areas, this is to help identify you during your stay for example when a Doctor is trying to find you or a Porter needs to take you for a procedure. Your initial and surname will be displayed on the whiteboard which may be in a public area, if you do not wish for your name to be displayed you must inform a member of Trust staff as soon as possible.
CCTV cameras are installed around the Trust to assist in the prevention, investigation and detection of crime and anti-social activity. CCTV recording and equipment are securely stored in a restricted area and password protected; all images are deleted after a set period of time unless the images form part of an investigation. Requests for viewing of images are managed by the Local Security Management Specialist.
Body Warn Cameras are used within the Trust by security personnel to assist with deterring acts of aggression or verbal physical abuse towards staff. Body Warn Cameras are worn in a prominent position and used in an open and honest manner. Images captured by body worn cameras will be deleted directly from the camera unless required for evidence purposes; if this is the case footage may be handed over to the Police if it forms part of criminal proceedings.
Check the quality of care provided (e.g. clinical audit)
We run surveys to improve the quality of care and treatment provided to patients, by contacting patients after they have been discharged from hospital. If you do not wish to be contacted in this way, please inform the ward staff during your admission.
The Department of Health & Social Care mandates all NHS Trusts to undertake clinical audits on care delivered to patients, which can be undertaken by clinical staff employed by us or by external audit companies. This could involve individuals who have not been involved with your direct care accessing your medical records.
We have an annual clinical audit programme which requires all clinical staff to participate. Clinical staff review patient medical records to audit the care provided, and to identify ways in which the care could be improved in the future.
The Trust participates in a number of National Clinical Audits including: 2018/19
Further information can be found at: National Clinical Audits
Occasionally, external companies will audit our treatment of patients to provide assurance to the Trust and our Commissioners on the care and treatment provided to patients. In some instances the auditors may review a patient’s medical record. These individuals are bound by strict codes of confidentiality. If you do not wish your records to be accessed by these staff, please write to the Information Governance Department.
Investigate any concerns or complaints you or your family have raised to the Trust about your health care
In order to deal with issues raised by you or to process your complaint or legal claim, staff within our Legal Department and Complaints Department will access your medical records and may share this information with other staff as well as external third parties where applicable, including our solicitors or NHS Resolution.
We take patient safety very seriously. If an incident occurs which was not expected we will investigate it, therefore the staff involved in your care, with support from the Trust's Risk Management Department, will access your medical records.
To help teach and train new members of staff
The Trust partners with a number of universities/colleges to teach and train student and newly qualified Doctors and Nurses in order to help them gain valuable experience and practice in delivering medical care.
If you do not wish for your medical records to be used for teaching and training new staff, please write to the Information Governance Department.
Manage the services provided by the Trust
Every NHS Trust is performance managed. Statistical information about patient care is collated by the Trust e.g. the length of time patients are treated in the Emergency Department, how long patients have waited for an outpatient appointment, etc.
The Trust will use and share coded patient information to undertake statistical analysis on the management and performance of NHS Services locally and the NHS as a whole.
We use statistical information about patients to improve the services we provide such as reviewing the length of time a patient has stayed in hospital or the number of hospital infections. This information is coded so individual patients cannot be easily identified.
Coded information about patient care is sent to NHS Digital on a daily basis. NHS Digital manages information sent to the Department of Health & Social Care. This information is used by NHS Digital and the Department of Health & Social Care to review the treatment provided to patients across the NHS and identify trends/changes in the health of the population.
Undertaking research is an important element of providing healthcare. Clinical staff are actively encouraged to participate in research trials. The Trust's Research and Development Department manages all research projects undertaken by us. Your participation in a research project will only take place with your explicit consent. The Trust occasionally works with other organisations e.g. universities and external organisations to pilot new ways of working, with the aim to provide improved and more efficient services to patients. Where the Trust undertakes this work you will be informed and be asked if you wish to participate.
If you do not wish for your information to be used please write to the Information Governance Department.
Keep track of NHS spending
We receive payment for the services we provide to patients.
Clinical Commissioning Groups (CCG’s) are responsible for paying us for these services. In order to be paid for the services delivered, information on patient’s treatment needs to be passed to these clinical commissioning groups.
The information will be coded so individual patients cannot be identified. In some cases, the names of the patients will need to be provided; for instance when requesting funding for high cost drugs, or specialised care such as IVF treatment or for Individual Funding Requests to the CCG, this will be discussed with you before your information is shared.
Ensure the Trust is delivering the right services to the right patients
To help improve the quality of services, better outcomes for patients and ensuring the right treatment is being provided to patients, the Department of Health & Social Care has mandated Trusts to achieve certain standards – Commissioning for Quality and Innovation (CQUIN). To achieve these standards the Trust will work with other NHS organisations to share information relating to patients to provide them with the best possible care e.g. frequent A&E attenders.
You will always be informed when the Trust identifies a need to share your information with another organisation to provide you with the best possible care.
To help ensure the Trust is meeting the needs and satisfaction of the community it serves, it will commission companies to run questionnaires or surveys on the Trust’s behalf, only the minimum information will be securely shared with these companies and these companies are bound by strict confidentiality clauses.
The Trust is working to the NHS goal of being paperless or paper light by 2020, therefore, is investing millions of pounds implementing new electronic systems to provide you with the best possible care. When implementing new systems, patient records will be used in the testing and development of these new systems. If you do not wish for your information to be used in this way, please contact the Information Governance Department.
Sharing your information with NHS/External Organisations
We will share your information with other organisations, to assist with giving you the best care possible. Where we share your information with these organisations, they are subject to strict information sharing protocols. Anyone who receives information from the Trust has a legal duty to keep it confidential and secure. Only information that is required and appropriate to support your care and treatment will be provided.
Where we share your information with other organisations that do not form part of your care, permission from yourself will be sort before sending the information unless we have a legal obligation to provide the information or we have to because the interest of the public is thought to be of greater importance.
Frimley Health are part of the Hampshire and Berkshire Diabetic Eye Screening Program and the Surrey Diabetic Eye Screening Program (DESP), these ensure that diabetic patients eye screening pathway is seamless from entry to primary care through to integration with NHS Management, treatment and care including liaison between Acute Trusts and Hospital Eye Services. Staff at Frimley Health will access the eye screening program systems which are held at Health Intelligence for Hampshire and Berkshire and EMIS Care for Surrey to view detailed patient eye treatment information, more information can be found at www.desphiow.co.uk or www.berkshiredes.nhs.uk.
There are occasions where we have a legal duty to pass patient information to external organisations which operate to oversee and address issues relating to the management of the NHS as a whole. These include:
We will notify the Central Registrar of Births and Deaths every time a baby is born or when there is a death in our hospitals
Notification of infectious diseases including Food Poisoning are reported to Public Health England
The Care Quality Commission which has the powers of inspection and entry into required documentation
Coroners investigations into the circumstances of a death
Reports of deaths, major injuries and accidents to the Health and Safety Executive
The NHS Security Management Service collects information on reported security incidents (e.g. thefts of patient/staff property, assaults on NHS staff)
NHS Counter Fraud Authority is responsible for policy and operational matters relating to the prevention, detection and investigation of fraud in the NHS
For the management of NHS Prescription Services
Information must be provided to the Police when requested to help identify a driver alleged to have committed a traffic offence (The Road Traffic Act 1988)
Information must be provided to the Police to help prevent an act of terrorism or prosecuting a terrorist (The Terrorism Act 2000 and Terrorism Prevention and Investigation Measure Act 2011)
For the protection of a child or vulnerable adult for safeguarding purposes
Report cases of Female Genital Mutilation
To protect your best interests, your information may be securely shared in an emergency situation. We have developed extensive emergency contingency plans including in the event of fire, flood, loss of power, etc. If an emergency occurred within the hospital, details of patients currently within the hospital or due to come into hospital might be securely shared with external organisations that are assisting us to manage the emergency. For example, in the case of severe weather the Trust has a contract with a company to provide 4-wheel drive vehicles to enable patients to get to and from hospital. Patient information would be securely shared with the company providing this service.
If you are an overseas visitor being treated by the Trust we need information about you in order to comply with our legal obligations and to ensure the Trust is paid for any services provided to you, as well as undertake any processing that will allow us to verify whether you are entitled to free NHS care. We may share and receive information about you from other organisations as detailed in this privacy notice as well as the Department of Health & Social Care, when you are referred for treatment or in response to questions relating to your eligibility for free NHS Care, further information can be found at https://www.gov.uk/government/publications/overseas-nhs-visitors-implementing-the-charging-regulations
Where necessary if you are an overseas visitor your non-medical information may be sent to the Home Office, the information provided may be used and retained by the Home Office for its own purposes, which include enforcing immigration controls overseas, at the ports of entry and within the UK. The Home Office may also share this information with other law enforcement and authorised debt recovery agencies for purposes including national security, investigation and prosecution of crime, and collection of fines and civil penaltieshttps://www.gov.uk/government/organisations/home-office. For more information on the services provided to overseas visitors visit; https://www.fhft.nhs.uk/your-visit/help-with-your-visit/overseas-visitors/
We occasionally use external companies based outside of England e.g. Scotland and the United States of America to measure and monitor outcomes of clinical procedures to enable us to provide the best possible care.
Below is a list of when the Trust is sending your information overseas:
Technical and Organisation Measures in place
Sweden / USA
Analysing data and helping adjust Insulin settings to improve Glucose control for Diabetics
EU contract in place for transfer overseas
Data Processing contract in place
Yes, 256 bit encryption
Analysis of Cardiology images
EU contract in place for transfer overseas
Data Processing contract in place
Yes, 256 bit encryption
Analysis of Pathology Results
EU contract in place for transfer overseas
Data Processing contract in place
Yes, 256 bit encryption
Providing a Pharmacy Homecare Service
Privacy Shield for overseas transfer
Secure end to end encrypted email
Pseudonymised patient information
The Trust creates lots of letters each day, to help us manage this work load we outsource some dictation to DictateIT, only your hospital number is sent to the company via a secure system, no other patient identifiers are used.
The Radiology Department has a contract with Telemedicine Clinic (TMC) to provide out of hours reporting on x-ray images. This means that if you attend the Trust late at night and have an x-ray, a clinician is available to review the x-ray and provide a report to the consultant providing your care.
We are working with the Kent, Surrey and Sussex and Oxford Academic Health Science Networks (AHSN) as part of the Enhancing Quality Programme & Enhanced Recovery Programme. The Enhancing Quality Programme (EQ) is a clinical change programme which triangulates information to drive quality improvements in clinical interventions, patient reported outcomes and patient experience. Only coded information is passed to the AHSN so patients cannot be identified.
The Trust is part of the Berkshire Connected Care group, this is a partnership of the Health and Social Care organisations that provide care to the residents of Berkshire. Information from your health and care record from the partner organisations will be stored in a single secure system linking together all your information to provide a more coordinated service and improve the quality of care we provide.
The Care and Health Information Exchange primary purpose is to provide clinical and care professionals with complete and accurate up-to-date information from a number of Health and Social Care Providers across Hampshire. Even though the Trust does not feed your information into the exchange some staff who are caring for you at the Trust may require access to your record on the system to ensure your care is consistent and correct.
Frimley Health NHS Foundation Trust alongside 30 local authorities, community, mental health and social care services form part of the Frimley Sustainability and Transformation Plan (STP) which is part of the NHS England’s five-year strategy to close the gap between Health & Wellbeing, Care & Quality and Finance & Efficiency, building strong collaborative relationships to work together to achieve shared goals and ambitions for our population. There may be occasions where your basic information is securely shared to help with planning services as part of the STP.
The Trust is moving to an Integrated Care System as part of the STP, this is a system in which commissioners and healthcare providers in partnership with local authorities take explicit collective responsibility for resourcing the provision of health in our area. Frimley Health Care System is a consortium of 30 public and private care providers with five Clinical Commissioning Groups, five GP Federations, 10 Local, District and County Authorities, two Ambulance trusts and five mental health and community providers including Virgin Care. Your coded information may be securely shared between members of the consortium to ensure that the optimum timely care is provided to you.
The Summary Care Record (SCR) is a summary electronic patient record of national health services patient data held on a central secure database covering the whole of England. The purpose of the system is to make ‘essential’ patient data readily available anywhere the patient seeks treatment. The Trust does not feed any information into the system however staff that are treating you at the Trust may access the SCR to view your record, we will inform you when we do this.
The Trust has various Integrated Care Teams which are teams of health professionals that integrate health, care and support services from across our area to work together to provide you with seamless care whether in the Trust, the community or in your home, only information that is essential to the care the ICT team is providing will be securely shared within the ICT team.
All organisations we share your information with are subject to strict information sharing protocols. Anyone who receives information from us also has a legal duty to keep it confidential and secure. Where we share your information with these organisation we will let you know.
We will not share information with external organisations unless:
• It supports your care and treatment
• You ask us to do so
• We ask your permission
• We have to by law
• We have special permission for health or research purposes; or
• We have to because the interests of the public are thought to be of greater importance than your confidentiality.
Everyone working for the NHS has a legal duty to keep information about you secure and confidential
Our guiding principle is that we are holding your records in strict confidence.
Where the Trust is processing information that could result in a risk to the privacy of the individual the Trust is obliged to complete a Data Protection Impact Assessment (DPIA).
FHFT list of (DPIA) that have been approved.
We will not disclose any patient/personal information to a third party such as a private organisation, solicitor, employer, police officer without obtaining your explicit consent.
Where you have asked a company to act on your behalf e.g. solicitor, we will not release information about you without your explicit consent.
Explicit consent is when an individual is given the option to agree or disagree with the use of their personal information being used, collected or disclosed to others.
Staff must only access your information if they are involved in your care
All staff working for the NHS are bound by the Common Law Duty of Confidentiality which means only staff involved with your care are entitled to access information relating to you. This is detailed within the confidentiality agreements signed by staff working at the Trust and is included within mandated annual training provided to staff.
All clinical staff are bound by strict professional codes of conduct which incorporate confidentiality clauses. Further information can be found on the British Medical Association (BMA), General Medical Council (GMC) and Nursing and Midwifery Council (NMC) websites.
We audit staff access to patient information to ensure they continue to abide by the Common Law Duty of Confidentiality.
Refusing or withdrawing consent
Under the General Data Protection Regulation (GDPR) the Trust does have a legal basis for processing patient information without consent, for example to specialists consulting with each other about your care needs within the Hospital. The legal justification for this is documented below:
Article 6(e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
Article 9(h): processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.
Communicating about your care within Frimley Health NHS Foundation Trust does not require your consent to process your personal data to deliver your healthcare and treatment. However, an individual has the right to object to the processing of their information for purposes other than direct care e.g. performance management of services, external clinical audits (see section 'how your records are used').
The NHS has implemented a National Opt-Out Programme, whereby patients have the right to opt-out of their information being used for reasons other than the patients individual care and treatment such as, planning and research purposes to help improve the care, treatment and quality of NHS services. For more information on the National Opt-Out Programme visit: https://digital.nhs.uk/national-data-opt-out.
If you register for the National Opt-Out Programme, please let us know and we will record these preferences on our systems.
You have the right to confidentiality under the Data Protection Act, the Human Rights Act 1998 and the Common Law Duty of Confidentiality
Data Protection laws give individuals rights in respect of the personal information that we hold about you. These are:
Be informed why, where and how we use your information.
Ask for access to your information.
Ask for your information to be corrected if it is inaccurate or incomplete.
Ask for your information to be deleted or removed where there is no need for us to continue processing it.
Ask us to restrict the use of your information.
Ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
Object to how your information is used.
Challenge any decisions made without human intervention (automated decision making).
The above Acts outline the legal framework which governs information provided by patients to the Trust, has been provided in confidence and must remain confidential unless the patient has given their consent for their information to be shared.
Staff must only use patient information to provide healthcare to a patient. Where staff wish to securely share information to support a patient’s treatment with another organisation (e.g. Social Services, GP, other NHS Trusts), they must make the patient aware. Where staff wish to use patient information for another reason (e.g. teaching, training, research), then explicit consent must be obtained from the patient.
Should you wish to make a complaint about the use of your information, please contact our Complaints team:
Frimley Park Hospital 01276 604336
Heatherwood Hospital 01753 634081
Wexham Park Hospital 01753 634081
If you are still unhappy with the outcome of your enquiry you can write to: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF - Tel: 01625 545700.
We have a duty to:
Maintain full and accurate records of the care we provide to you
We have a legal obligation to store your medical information. The length of time we will store your information is set out by the Department of Health & Social Care. The longest we will keep a patient’s record is 30 years after their care has stopped. More information on the retention of records in the NHS can be found on the NHS Digital website: https://digital.nhs.uk/codes-of-practice-handling-information
We have a legal obligation to ensure your information is accurate and up to date.
Our staff will check with patients that we have the most accurate and up to date information. However, where patients identify information held by us which is inaccurate, they are asked to notify us either in person when they attend an appointment, or by contacting the Trust’s Data Quality Team on (Frimley) Tel: 01276 522403 (Wexham) Tel: 01753 633000.
Keep records about you confidential and secure
All staff working for the NHS are bound by strict confidentiality agreements. We also ensure all staff are trained on both the Data Protection Act, GDPR and the Common Law Duty of Confidentiality to ensure they know and understand how to keep your information secure and confidential at all times.
How to correctly use clinical systems and the measures that need to be taken by all staff to ensure the security of electronic information is covered in Information Governance training which Trust staff must complete on an annual basis.
The Trust’s Information Technology Department has deployed technical security measures to keep your information secure when being stored or transferred electronically, this includes ensuring all security software and encryption is up to date helping to prevent the risk of cyber-attack.
Provide information in a format that is accessible to you (e.g. large type if you are partially sighted)
For support in accessing patient information or for a translation of this document, an interpreter or a version in large print, Braille or audio; please contact the Patient Advice and Liaison (PALS) Office:
Frimley Park Hospital – 01276 526530
Wexham Park and Heatherwood hospitals – 01753 633365
To provide you with a copy of your records when you ask (in accordance with the Data Protection Act)
Under the Data Protection Act and GDPR individuals have the right to obtain a copy of their own information held by us. To obtain a copy of your medical records, please place your request in writing to:
Access to Health Records Team
Frimley Health NHS Foundation NHS Trust, Access to Health Records Team, Larch House, Portsmouth Road, Frimley, Surrey, GU16 7UJ
Tel:01276 52 2427
You will need to provide your information (e.g. full name, address, date of birth, Hospital/NHS number) and two forms of identification. This ensures we are providing confidential information to only the patient. Whilst you might have been regularly treated in the hospital, the staff who process your request for information will never have met you and need to ensure they do not disclose your confidential records to the wrong person.
If you wish for another person to process your request on your behalf they will need to obtain your written permission to do so before the Trust can provide copies of your medical records.
The Common Law Duty of Confidentiality, continues after death, therefore the Trust is unable to provide copies of a deceased patient’s medical records, apart from in very restricted circumstances. Further guidance and assistance can be obtained from the Access to Health Records Team.
We are required to respond to you within 30 days from the date of receiving your request and identification. We aim to prioritise patient requests for copies of their medical records.
With regards to the completion of health insurance forms, if it only requires verification of dates of admission and a hospital stamp, patients can send their forms to the Admissions Office to be processed.
If any medical details are required, the forms must be sent to your consultant’s secretary to be completed by the consultant or a member of their team for which there may be a charge. If the consultant is unable to complete the form, copies of your medical records can be obtained by contacting the Access to Health Records Team.
To enable and support clinical care we will no longer process private health insurance forms for Emergency Department attendances.
Any queries relating to this change of process, please contact the Access to Health Records Team.
Data Protection Officer
The Data Protection Officer for the Trust is Nicola Gould, Head of Information Governance. If you are concerned about how the Trust is sharing or using your information please contact her on:
Tel: 01753 806728