Fair processing - Data protection Act 1998

The Data Protection Act 1998 governs the processing of personal data held on computer systems and in other formats. It restricts how we can use an individual’s data, and consists of eight Data Protection Principles that must be applied when processing personal data.

Organisations that process personal data must register as a 'Data Controller', and notify the Information Commissioner (ICO) why they need to process the data.  The Christie NHS Foundation Trust is the Data Controller of personal information that is collected by the Trust to help us provide and manage healthcare to our patients.      

Principle one under the Data Protection Act 1998 requires the Trust to ensure that all personal information held is processed fairly and lawfully.  The sections below provide you with information about how we use and manage the information we hold about you, including how we share it within the NHS and with non-NHS organisations, and how we maintain confidentiality.     

Full details of all the data processing purposes are listed at the ICO website (http://www.ico.gov.uk/ ).  The Trust is registered with the Information Commissioner and our registration number is Z7091213.     

What is personal data?

Personal data is information that relates to a living individual who can be identified from that data.

How we use your personal information

The Christie NHS Foundation Trust keeps records about the health care and treatment you receive as one of our patients. We collect information about you in order to make sure that you receive the best possible care. This information may be on paper or stored electronically and may include:

  • Basic details (name, address, date of birth, next of kin , ethnicity, religion and contact details)
  • Details about your treatment and care (e.g. appointments, medical history, allergies, symptoms, diagnosis, test results and prescriptions)
  • It helps you because:

    • Accurate and up-to-date information assists us in providing you with the right care
    • Full information is readily available if you see another doctor or are referred to a specialist or another part of the NHS

    It helps the NHS to:

    • Plan and manage the health service
    • Teach and train healthcare professionals
    • Conduct health research and development
    • Prepare statistics on NHS performance
    • Audit NHS Services
    • Monitor how we spend public money

How do we keep your records confidential?

Everyone working for the NHS is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised and consented to by the patient, unless there are other circumstances covered by the law.

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. This will be noted in your records.

Involvement in research

The Christie is an international leader in cancer research and, as such, you may be approached to take part in a research study or clinical trial. To select suitable patients for a clinical trial, members of the research team, such as Research Nurses and Clinical Trials Administrators may need to review your notes to see whether you are eligible. All information will remain entirely confidential and you will always be approached directly to consent to take part in a clinical trial.

If you would prefer not to allow research teams to review your records in order to consider you for a research study, please let us know by writing in to:

Information Governance Department
The Christie NHS Foundation Trust
Wilmslow Road
M20 4BX
Email: information.governance@christie.nhs.uk

Sharing your information

The Trust shares data with a range of organisations. Wherever possible the information is anonymised. However, data may be shared with other organisations as part of their statutory duties for the purposes of caring for a patient In that case the data has to be identifiable to ensure that all parties are always clear exactly whose data is being used.

We may share your information for health purposes with other NHS organisations, e.g. NHS Trusts, general practitioners (GPs), ambulance services and other NHS common services agencies such as primary care agencies.

For your benefit, we may also need to share information from your health records with non-NHS organisations, from which you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of you or others is at risk or where the law requires it.

We may also be asked to share basic information about you in order to run our services, such as your name and address, which does not include sensitive information from your health records. Generally, we would do this to assist partner organisations to carry out agreed or contracted duties for the Trust. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.

Where patient information is shared with other non-NHS organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation. These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the Police, voluntary sector providers and private sector providers.

Your right to object to the sharing of your personal information

You have the right to object to the Trust sharing or using confidential information we have recorded about you. You should raise objections at the point you are asked on your treatment pathway with us. Should you change your mind and wish to raise objections later, you can do this. To help us support your wishes, you are asked to put in writing that you do not wish us to share your information, by contacting:

Information Governance Department
The Christie NHS Foundation Trust
Wilmslow Road
M20 4BX

Tel: 0161 446 8460

Email: information.governance@christie.nhs.uk

Your decision will be discussed with you should there be any adverse consequence that you may not be fully aware of.

Can I see my information?

Under the Data Protection Act 1998 a person may request access to information (with some exemptions) that is held about them by an organisation. This is known as the Right of Subject Access. We will not disclose information to family or friends about medical matters, unless you specifically ask us to. If you consider that any part of the information held in your record is inaccurate, you can apply to have this corrected. If we agree that the information is incorrect, the alteration will be made.

If you require access to your health records you must make a written request to:

Legal Secretary
Central Administration Department
The Christie NHS Foundation Trust
Wilmslow Road
M20 4BX

The Trust can only provide access to information it holds. For example to see the records held by your GP you have to contact your GP practice directly.

The Access to Health Records Act 1990 also allows access, in certain circumstances, to information that we hold on deceased patients.

How long do we retain your records?

All our records are destroyed or retained in accordance with the NHS Code of Practice:

Records Management, which sets out the appropriate length of time each type of NHS records is held for. We do not keep your records for longer than necessary.

All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.

The NHS Care Record Guarantee

The Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing. Copies of the full document can be obtained from:

CQC National Customer Service Centre
Newcastle upon Tyne

Or via http://systems.digital.nhs.uk/rasmartcards/documents/crg.pdf

Raising a concern

If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, please contact:

Patient Advice & Liaison Service (PALS)
The Christie NHS Foundation Trust
Wilmslow Road
M20 4BX

Tel: 0161 446 8217 between the hours of 10am - 4pm. (Outside of these hours call 0161 446 3000 and ask staff to bleep the on-call manager)

Email: pals@christie.nhs.uk

Additionally, you have a right to complain to the Information Commissioner if ever you are unsatisfied with the way the Trust has handled or shared your personal information:

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Tel: 0303 123 1113 (or 01625 545745 if you would prefer not to call an ‘03’ number, or +44 1625 545745 if calling from overseas)

Further information

To learn more about how we use, manage and maintain confidentiality of your information, please speak to the health professionals concerned with your care, or contact:

Information Governance Department
The Christie NHS Foundation Trust
Wilmslow Road
M20 4BX

Tel: 0161 446 8460

Email: information.governance@christie.nhs.uk