Use of Patient Information
Why we collect information about you
In the National Health Service we aim to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
These records may include:
- Basic details about you (such as address, date of birth, next of kin)
- Contact we have had with you such as clinical visits
- Notes and reports about your health
- Details and records about your treatment and care
- Results of x-rays, laboratory test etc
- Relevant information from people who care for you and know you well (such as health professionals and relatives)
It is good practice for people in the NHS who provide care to:
- Discuss and agree with you what they are going to record about you
- Give you a copy of letters they are writing about you
- Show you what they have recorded about you, if you ask
How your records are used
The people who care for you use your records to:
- Provide a good basis for all health decisions made by you and care professionals
- Allow you to work with those providing care
- Make sure your care is safe and effective
- Work effectively with others providing you with care
Others may also need to use records about you to:
- Check the quality of care (such as clinical audit)
- Protect the health of the general public
- Keep track of NHS spending
- Manage the health service
- Help investigate any concerns or complaints you or your family have about your health care
- Teach health workers
- Help with research
Some information will be held centrally to be used for statistical purposes. In these instances, we take strict measures to ensure that individual patients cannot be identified.
We use anonymous information, wherever possible, but on occasions we may use personally identifiable information for essential NHS purposes such as research and auditing. However, this information will only be used with your consent, unless the law requires us to pass on the information.
Who are our partner organisations?
We may share information with the following main partner organisations:
- Strategic Health Authorities
- NHS Trusts (Hospitals, PCTs)
- Special Health Authorities
- Ambulance Service
We may also share your information, with your consent and subject to strict sharing protocols about how it will be used with:
- Social Services
- Education Services
- Local Authorities
- Voluntary Sector Providers
- Private Sector
How we keep your records confidential
Everyone working for the NHS has a legal duty to keep information about you confidential.
We have a duty to:
- Maintain full and accurate records of the care we provide to you
- Keep records about you confidential, secure and accurate
- Provide information in a format that is accessible to you (in large type if you are partially sighted etc)
We will not share information that identifies you for any reason, unless:
- You ask us to do so
- We ask and you give us specific permission
- We have to do this by law
- We have special permission for health or research purposes
- We have special permission because the interests of the public are thought to be of greater importance than your confidentiality
You can amend your sharing consents authorisation at any time.
You have the right
You have the right to confidentiality under the Data Protection Act 1998 (DPA), the Human Rights Act 1998 and the common law duty of confidence (the Disability Discrimination and the Race Relations Acts may also apply).
You also have the right to ask for a copy of all records about you.
- Your request must be made in writing to the organisation holding your information
- There may be a charge to have a printed copy of the information held about you
- We are required to respond to you within 30 days
- You will need to give adequate information (for example full name, address, date of birth NHS number etc)
- You will be required to provide identification before any information is released to you
If you think anything is inaccurate or incorrect, please inform the organisation holding your information.
The Data Protection Act 1998 requires organisations to notify the Information Commissioner of the purposes for which they process personal information.
The details are publicly available from the Information Commissioner: