The Data Protection Act came into force in March 2000. This Act places a responsibility on the Trust as a data controller to ensure that your information is collected and managed in a secure and confidential way (data protection registration number Z4648205).
The Act also provides you with a right of access to personal information that the Trust holds about you (this applies equally to service users, members of staff and any other individual that the Trust may hold information about in its legal capacity).
As a Trust we take the security of your information very seriously.
To ensure we act to the highest standards we currently hold the following national accreditations;
Please click here to see full details of the Data Protection Act 2018 on the UK Government website.
The Trust may process information in relation to (this is not an exhaustive list):
• Staff Administration
• Accounts and Records (including debt collection, collection of fees linked to overseas visitors, cross border i.e. patients whose treatment who are funded by Scottish, Welsh and Northern Ireland health bodies)
• Health Administration and Services (defined by statute and contract)
• Research
• Crime prevention and prosecution of offenders
• Public Health
• Data Matching
• Advertising, marketing and public relations
• Administration of Membership Records
• Education
• Fundraising
• Pastoral Care
• Property Management
• Processing For Not For Profit Organisations
We also process sensitive classes of information that may include:
- Racial and ethnic origin
- Offences (including alleged offences), criminal proceedings, outcomes and sentences
- Trade union membership
- Religious or similar beliefs
- Employment tribunal applications, complaints, accidents, and incident details
- Ordinary country of residence and nationality
It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the Data Protection Act.
We may, at times, request additional proof of identity.
Your information is used to run and improve the Trust and the services that it provides.
It may be used to:
- Check and report on how effective the Trust and the services it commissions has been
- Ensure that money is used properly to pay for the services it provides
- Investigate complaints, legal claims or important incidents
- Make sure that the Trust gives value for money
- Make sure services are planned to meet patients’ needs in the future
- Review the care given to make sure it is of the highest possible standard
- To manage specialised services that the Trust commissions (or where the Trust has been commissioned to provide those services)
- To improve the efficiency of healthcare services, by sharing information with other organisations (sometimes non-NHS) for a specific, justified purpose
- Support the Trust when seeking reimbursement for treatment that has been provided (but the amount of information used will only be the minimum necessary)
- Fulfil contractual obligations as set out in the NHS Standard Contract
When you are referred to the Trust and then attend any of our hospitals or clinics, information is recorded about who you are, about your condition and about the medical care you receive.
This information is kept in your Health Care File and we also hold information on computer systems (and increasingly more information will be held on these systems and less information will be held in paper based records).
The information is used to ensure you receive proper care and treatment from us but also to support how the Trust is managed and funded. We will share this information with other staff you would expect to be involved as part of your overall care, including your GP and staff who provide care and treatment in a Community setting (such as District Nurses), where it is appropriate for us to do so. (Please note that similar arrangements are in place where you receive and pay for treatment privately from Trust premises).
Where possible the Trust will always use the minimum necessary information about you to undertake its roles and functions.
The Data Protection Act (1998) helps define the information we hold about you and only those with a legitimate relationship to you or have the appropriate authority will have access to this information.
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality.
All staff are required to undertake annual information governance training.
Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared. (Please note that across the NHS there is a series of s251 exemptions in place. These allow the temporary use of confidential patient information for defined purposes without necessarily seeking consent.)
Everyone working for the NHS is subject to the common law duty of confidentiality.
Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.
We may use your information for a number of reasons not directly associated with your care i.e. secondary usage.
For instance, we may pass information about you to other parts of the NHS or other organisations that provide health care services so that the Trust can receive payment for services that it has provided or so that the Trust can pay for services it has commissioned on your behalf. Wherever possible (and in line with national guidance) your name and address will be removed. This will include Clinical Commissioning Groups in England,other commissioning organisations in Northern Ireland, Scotland and Wales and the UK Border Agency in relation to overseas visitors. The Trust will only ever share the minimum necessary information.
The following are examples how your information may be used:
- To meet a legal obligation e.g. we are required by law to inform the Registrar’s Office about births or deaths.
- To help protect the health of the general public, e.g. by notification of certain infectious diseases to the Director of Public Health.
- To carry out clinical audit, which means we compare care and patterns of care within the Trust. For this purpose registers are kept for patients with particular conditions such as cancer, diabetes, stroke etc.
- To meet the guidance on implementing the Department of Health overseas visitor hospital charging regulations (2015)
- To help train and educate clinical staff.
You have the right to know about the information we hold on you and view or receive a copy of it if you wish (this applies equally to staff and service users).
You should ask the doctor, nurse or person looking after you if you want to discuss what is in your Health Care records. Alternatively, you can contact us using the details below to request access to your health record;
Health Records Manager
James Paget University Hospitals NHS Foundation Trust
Lowestoft Road
Gorleston
NR31 6LA
Or email us: dpa@jpaget.nhs.uk
You can also get more information and copies of the application forms via the Health Records section of our website, which is under Departments and Services.
For all other Data Protection Act enquiries, please write to the Trust Information Governance Section, James Paget University Hospitals NHS Foundation Trust, Lowestoft Road, Gorleston, Great Yarmouth, Norfolk NR31 6LA.
PLEASE NOTE: the Trust may allow appropriate clinical staff to undertake private work from Trust premises. Where this occurs different arrangements are in place linked to accessing your record etc. and in the first instance you should contact the clinician that treated you (and who were paid by you or an insurance company) to find out what they require.
Everyone at the Trust is clear about patient confidentiality: information cannot be released without a patient’s consent.
You will be asked which relatives you would like informed during your stay in hospital to keep them up to date on your treatment and progress. For relatives who live in different parts of the country or abroad, it may be acceptable to arrange a password with ward staff. This will help to avoid restrictions on information due to confidentiality.
As a patient/client you will be giving us information about yourself and your condition which could be of a sensitive nature. The hospital has a duty to maintain full and accurate records of the care we provide to you. We will keep the records secure, accurate and confidential.
You should not email patient information or clinical details into the Trust.
All NHS staff sign a confidentiality clause within their contract. We will not pass your information to inappropriate people. Information may be passed to other colleagues involved in your care such as your General Practitioner, a pharmacist dispensing drugs for you, or a radiologist reporting on your x-rays. We may pass information to another NHS organisation such as to another hospital if you are being transferred there for treatment. All such information is passed on with your permission.
Anonymous factual information is also used to plan services, teaching, audits and when taking part in national surveys and research. You may be asked to take part in national surveys and research and this will only happen if you choose to do this by giving your consent to your doctor or nurse
As with any rules there may be exceptions. We may have to pass on your details during a public health emergency or to the police when ordered to do so by a court. We also have a legal duty to notify births.
Your records will also be used to help investigate any concerns or complaints you or your family have about your care.
You can view a leaflet about Patient Confidentiality via our Information Leaflets page on this website.