The Data Protection Act 1998 became law on 1 March 2000. The Act is designed to protect personal information about living individuals, and sets standards which must be satisfied when obtaining, recording, holding, using or disposing of personal data.
The Trust must comply with eight enforceable principles of good information handling practice.
The Data Protection Principles
Personal data must be:
- Processed fairly and lawfully;
- Obtained only for one or more specific and lawful purposes;
- Adequate, relevant and not excessive in relation to the purpose(s) for which they are processed;
- Accurate and where necessary kept up to date;
- Not kept for longer than necessary;
- Processed in accordance with the individual’s rights
- Protected by appropriate security (practical and organisational);
- Not transferred to countries outside the European Economic Area, unless there is adequate protection.
A leaflet outlining how your information is used by the Trust is available below.
Northampton General Hospital NHS Trust’s Information Held About You – Your Rights can be found here.
Our Fair Processing Statement can be found here.
The Act also provides living individuals with a right of access to personal information held about them. This right applies to all information held on computers and also covers most manual records.
Request for Information
All patients have the right to see their own health records under the Data Protection Act. In addition, personal representatives of deceased patients and any person who has a claim arising from a patient's death may have access to the records under the Access to Health Records Act 1990.
You may request a copy of your records, subject to payment of a fee. If you become aware of any incorrect information that we are holding about you, then you have the right to request that this information be changed or erased.
How to apply for information under the general right of access
Your application should:
- Be in writing
- Include a name and address for correspondence
- Describe the information that you are requesting, giving us enough detail about the information to allow us to correctly identify and find it
Requests should be sent to:
The Health Records ManagerNorthampton General Hospital NHS TrustCliftonvilleNorthamptonNN1 5BD
By email using this link
Exceptions to access
The Trust has the right to deny access to a patient's health records if one of the following conditions applies:
- If in the Trust's opinion, based on the assessment of the healthcare professional in charge of the care, access would disclose information likely to cause serious harm to the physical or mental health or condition of the patient or to any other person.
- If giving access would disclose information which would identify information provided by or about a third party (this does not apply if the individual concerned has given their consent).
Complaints and review
The Trust is committed to providing you with an efficient and courteous service, but it is inevitable that things may go wrong occasionally. Let us know when this happens so that we can put matters right as soon as possible. In most cases the Information Governance Manager will be able to sort out any concerns that you have at the time they arise.
Anyone not satisfied with the response to his or her request for information may make a formal complaint by writing to:
Information Governance Manager
Northampton General Hospital NHS TrustCliftonvilleNorthamptonNN1 5BD
Tel: 01604 523881
marking ‘Data Protection Complaint’ as a ‘Subject Header’ and stating when the original request for information was made.
The Trust’s target for a substantive response to a complaint is twenty-five working days. Complainants will be kept informed if any delays appear likely.
Anyone not satisfied with the outcome of a complaint may ask the Information Commissioner to undertake an independent review of their complaint.
A leaflet outlining the Trust’s Complaints Procedure for the Data Protection Act is available on request
The Information Commissioner is an independent public official who reports directly to parliament. The Commissioner is responsible for regulating the Data Protection Act. More information can be found on the Information Commissioner’s website at https://ico.org.uk.