Normal text size icon Increase text size by 30% icon Text Only

Privacy Notice

In the National Health Service (NHS), we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

The Data Protection Act and General Data Protection Regulation (GDPR) 2018 controls how your personal information is used by organisations, businesses or the government. Under the Act Northampton General Hospital NHS Trust is defined as a ‘data controller’ of your personal information. We collect information to help us provide and manage healthcare to our patients. The trust is registered with the Information Commissioners Office. Our Registration number is Z4694847.

 

We will process your personal information fairly and lawfully by; 

a) Only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights;

We do not rely on consent to use your information as a ‘legal basis for processing’.  We rely on specific provisions under Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller.’ 

This means we can use your personal information to provide you with your care without seeking your consent.  However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care 

b) Only collecting and using your information to provide you with your care and treatment and not using it for anything else that is not considered by law to be for this purpose;

We would never share information for marketing or insurance purposes.

c) Only using enough of your personal information that will be relevant and necessary for us to carry out various tasks for the delivery of your care;

d) Keeping your information accurate and up to date when using it and if it is found to be wrong, we will make it right, where appropriate, as soon as we can;

e) Only keeping your information in a way that it will identify you for as long as we are legally required to, whilst ensuring your rights;

f) Having secure processes in place to keep your personal information safe when it is being used, shared, and stored.


In the National Health Service (NHS), we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

The Data Protection Act and General Data Protection Regulation (GDPR) 2018 controls how your personal information is used by organisations, businesses or the government. Under the Act Northampton General Hospital NHS Trust is defined as a ‘data controller’ of your personal information. We collect information to help us provide and manage healthcare to our patients. The trust is registered with the Information Commissioners Office. Our Registration number is Z4694847.

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice.

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.  Further information is available on gov.uk and some FAQs on this law are also available.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs.  However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply.  It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

 

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.  The Trust is working with several local Health Providers including Three Shires Hospital and Isebrook and who will also need to share your confidential patient information with, if they are dealing with your care directly.

During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation. 

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response.

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves.  All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.  

In order to ensure that eligible patients are offered a vaccination as quickly as possible, we may use data about upcoming outpatient appointments to identify patients that can be offered a vaccine. If you are identified as eligible you will be contacted by a member of Northampton General Hospital staff and offered the opportunity to make a booking for a vaccination at the Moulton Park vaccination centre. This is optional and you do not have to accept this offer.

We are also working with other companies which are providing tools and systems which enable the Trust to work more effectively.  These include:

 

Doccla

Butterfly IQ

Attend Anywhere

Microsoft Teams

Consultant Connect

 

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you.  Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.

Health and social care professionals working with you – such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care – keep records about your health and any care and treatment you receive.  This may include:

 

  • Basic details such as name, address, date of birth, phone number, and email address  - where you have provided it to enable us to communicate with you by email

  • Your next of kin and contact details

  • Notes and reports about your physical or mental health and any treatment, care or support you need and receive

  • Results of your tests and diagnosis

  • Relevant information from other professionals, relatives or those who care for you or know you well

  • Any contact you have with us such as home visits or outpatient appointments

  • Information on medicines, side effects and allergies

  • Patient experience feedback and treatment outcome information you provide

 

Most of your records are electronic and are held on a computer system and a secure IT network. New models of service delivery are being implemented, with closer working with GPs and other healthcare and social care providers. To assist this, the use of other electronic patient record systems to share your information will be implemented.  

We process personal data to enable us to provide healthcare services for patients; research; supporting and managing our employees; maintaining our accounts and records; the use of CCTV systems for crime prevention; and data matching under the national fraud initiative.

 

Your information is used to guide and record the care you receive and is vital in helping us to:  

  •   have all the information necessary for assessing your needs and for making decisions with you about your care  
  •  have details of our contact with you, such as referrals and appointments and services you have received
  •   assess the quality of care we give you
  •   properly investigate if you and your family have  a concern or a complaint about your healthcare

 

Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:

  •  Move to another area  
  •  Need to use another service
  •  See a different healthcare professional

We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.

This Trust is registered to the Information Commissioner’s Office; registration number Z4694847

If we are your employer, we process your data to enable us to undertake our responsibilities under law.

Personal data provided by staff members for the purpose of employment:

6(1)(f) Necessary for the purposes of legitimate interests

Special category data provided by staff members for the purpose of employment:

This data is required to manage the operation of the organisation and to ensure compliance with the terms and conditions outlined in your contract, as part of your employment.  

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

Staff Occupational Health Data

Special category data gathered by the Trust in relation to employee health is processed for the reasons of preventative or occupational medicine, and for assessment of working capacity.

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

At Northampton General Hospital NHS Trust, we are committed to ensuring that we collect, store and process personal information about prospective, current and former staff in line with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

 

Information we collect about you

The Trust collects, holds and processes personal data and sensitive data about its current, past or prospective staff including substantive staff, bank and agency workers, contracted staff, volunteers, trainees and those carrying out work experience from recruitment to employment and beyond.

 

Types of personal data we hold

  • Personal data
    The Trust will hold personal data about you for example: Name, address, telephone number, staff number, gender, NI Number, next of kin/emergency contact details, professional membership information, reference information and bank details.

 

  • Sensitive personal data (special categories)
    The Trust will also hold sensitive personal data including race or ethnic origin, religious beliefs, trade union membership, health, sexual orientation, criminal convictions and disabilities.

 

Information provided by you

When you apply for a position within the Trust you will provide us with relevant information about you, including:

  • Name
  • Address and telephone contact details
  • Employment history
  • Qualifications
  • Referee details

 

During the recruitment and selection process we will begin to add further information including:

  • Copies of qualifications/ certificates
  • Pre-employment checks, including references, identity documents and ‘right to work’ information
  • Publically available information such as social media presence
  • Selection information including correspondence, interview notes, and results of any selection tests etc.
  • At appointment we secure photographs for smartcards and ID Cards. This photograph may also be used in local/departmental areas and on the hospital intranet page to support with identification for other staff members.

 

Following your appointment we may add any other information you supply to us or is required as part of your employment such as revalidation information.

 

Information provided by other sources

Information may be provided about you from a number of sources during your recruitment and on-going employment with the Trust including:

 

  • Disclosure and Barring Service disclosures, where applicable, which will tell the organisation about any criminal convictions you may have
  • Referees providing confidential information about your suitability to the role
  • Inter Authority Transfer (IAT) – Information held by your previous NHS employer
  • Information from HM Revenue and Customs (HMRC) relating to your pay and employment
  • Information about your right to work and visa applications
  • Pension Information when transferring within the NHS
  • Information from your manager and HR team relating to your performance, sickness absence and other work related matters
  • Confirmation of your registration with a professional body

 

Legal basis for processing

The Trust will only ever process your personal information where it is able to do so by law and using one of a number of legal bases available under the Data Protection Act 2018 and General Data Protection Regulation 2016 (GDPR).

 

The legal basis for processing we use most often are:

  • Legal Obligations – In many cases we have a legal obligation to hold and process information about you for example informing HMRC of the tax and National Insurance Contributions you have made and ensuring the safety and care of our patients and staff. (GDPR Article 6,1(c))
  • Legitimate Interests – In some cases, for example sharing data between NHS organisations. (GDPR Article 6, 1 (f))
  • Where we process sensitive personal or special categories of data about you (i.e. race or ethnic origin, religious beliefs, trade union membership, health, sexual orientation, criminal convictions and disabilities) we will ensure this is done so using one of the following:

    • Employment Rights – Carrying out obligation’s and specific rights required by us as an organisation for the purposes of employment (e.g. monitoring the equality and diversity of our workforce or DBS checking) (GDPR Article 9, 2(b)).

 

    • Preventative or Occupational Medicine – assessing the working capacity of our employees (GDPR Article 9, 2(h)).

 

Your individual rights

You have certain rights with respect to the data held about you by the Trust. These are: 

  • To be informed why, where and how we use your information
  • To request access to your information
  • To request for your information to be corrected if it is inaccurate or incomplete
  • To request for your information to be deleted or removed where there is no longer necessary for us to hold it
  • To request that we restrict the use of your information
  • To request that we copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
  • To object to how your information is used
  • To challenge any decisions made without human intervention (automated decision making)

 

In accepting employment with the organisation, you accept that the following personal data will be transferred in accordance with streamlining staff movement principles, if you accept an offer with another NHS organisation, or your employment transfers or is seconded to another NHS organisation the following information will be shared:

 

  • Personal data e.g. name, DOB, address, NI Number, to enable the new NHS employer to verify who you are
  • Employment Information e.g. your position, salary, grade, employment dates, dates of any sickness (excluding absence reasons), to enable you to be paid correctly and the new employer to calculate appropriate NHS entitlements for annual leave and sickness
  • Training compliance / competency dates, to reduce the need to repeat nationally recognised training and statutory and mandatory training

 

This information will be shared via the Inter Authority Transfer (IAT) which is the secure process where information is transferred from one NHS employer to another.

 

How information is accessed and secured

The Trust will use your information to administrate your employment and associated functions, personal data will be shared between relevant colleagues who legitimately need the information to carry out their duties e.g. your line manager and the HR department.

The Trust maintains electronic and paper records relating to your recruitment and employment, with information held by the HR department and locally with your line manager.

All paper files are kept in secure locked cabinets/cupboards and only relevant staff will have access to this information. Electronic information is accessed on a need to know basis only using the Trust’s ESR system. Some information may be held on

the Trust’s secure drives or shared folders where access is only granted to appropriate individuals.

 

How staff data is used

The Trust uses staff data for all purposes associated with the administration of the employer/employee relationship and to meet our legal obligations. The purposes for which we may use staff data (including sensitive personal information) include:

 

  • Process your recruitment application and correspond with you in relation to Trust vacancies
  • Maintaining staff records
  • Recruitment and selection
  • Managing Human Resource employment matters (e.g. promotion, training and development, conduct, attendance, appraisals, management progress, grievances, misconduct investigations, disciplinary actions and complaints)
  • Administering finance (e.g. salary, pension and staff benefits)
  • Complying with visa requirements
  • Providing facilities such as IT/system access, library services and car parking
  • Monitoring equal opportunities
  • Preventing and detecting crime, such as using CCTV and using photo’s on ID badges
  • Providing communication about the Trust, news and events Maintaining contact with past employees
  • Provision of wellbeing and support services
  • Compliance with legal obligations such as making external/statutory returns to NHS England, sharing information with HMRC
  • Carrying out research, surveys and statistical analysis (including using third party data processors to carry out the national staff survey)
  • To enrol you as a Foundation Trust member
  • Carrying out audits

 

The Trust processes sensitive personal data for a number of administrative purposes:

 

  • Equal opportunities monitoring
  • Managing Human Resources/Financial processes such as administering sick pay and sick leave, managing absence, administrating Maternity Leave and associated pay schemes
  • Managing a safe environment and ensuring fitness to work
  • Managing obligations under Equal Opportunities Legislation
  • Provision of Occupational Health and Wellbeing service to individuals
  • Payment of trade union membership fees

 

Keeping information up to date

All staff are responsible for ensuring that the information held on ESR is always up to date and should notify their line manager promptly of any changes.

 

How long is information kept?

The Trust will keep your records for the period of time defined in the Documentation Management Policy (NGH-PO-123).

 

Sharing information with third parties

The Trust may disclose personal and sensitive information with a variety of recipients including:

 

  • Our employees, agents and contractors where there is a legitimate reason for them receiving the information
  • Current, past or potential employers of our staff to provide or obtain references
  • Professional and regulatory bodies (e.g. Nursing and Midwifery Council (NMC), Health and Care Professions Council (HCPC), General Medical Council (GMC)) in relation to the confirmation of conduct including complaints, job description and information provided as part of the recruitment process
  • Government departments and agencies where we have a statutory obligation to provide information (e.g. HMCR, NHS Digital, Department of Health and the Home Office)
  • The Disclosure and Barring Service (DBS) and DBS Update Service where we require a DBS check for certain roles
  • Third parties who work with us to provide staff support services (e.g. counselling)
  • Crime prevention or detection agencies (e.g. the police, security organisations, department for works and pensions and local authorities)
  • Internal and external auditors
  • Debt collection and tracing agencies
  • Courts and tribunals
  • Trade union and staff associations
  • Survey organisations for example for the annual national NHS Staff Survey

 

Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the disclosure of your personal data to such persons.

 

Using your photograph

If you agree to your photograph being taken, or taking part in a video for trust purposes, we will first seek your consent to publish, republish, transmit or broadcast any still and/or video images and audio recordings across a range of print, online, broadcast and social media channels to promote the principles and practices of the hospital. We will also seek your consent to storing images and recordings in the NGH photo library for three years.

 

Sharing information with the NHS business service authority

The Trust also shares employee records information with NHS Business Services Authority. The information which you provide during the course of your employment (including the recruitment process) will be shared with the NHS Business Services Authority for maintaining your employment records, held on the national NHS Electronic Staff Record (ESR) system.

 

On commencement of employment with the organisation, your personal data will be uploaded into the ESR system. ESR is a workforce solution for the NHS which is used by the organisation to effectively manage the workforce, leading to improved efficiency.

 

Further information

If you wish to ask the Trust about a data protection issue, request information on data we process, request a copy of your data, make a request for data to be erased, rectified or you have concerns about the processing of your personal data by us you may contact:

 

The Data Controller

 

The Chief Information Officer & SIRO
Northampton General Hospital NHS Trust
Cliftonville
Northampton,
NN1 5BD
Telephone:01604 634 700

 

Information Governance Team
Northampton General Hospital
Cliftonville
Northampton,
NN1 5BD
Telephone:01604 543881
Email: dataprotectionact@ngh.nhs.uk

 

Data Protection Officer
Northampton General Hospital
Cliftonville
Northampton,
NN1 5BD
Telephone:01604 523224
Email: dpo@ngh.nhs.uk

 

If you are still unhappy with the outcome of your enquiry you can write to:

The Information Commissioner’s Office Wycliffe House
Water Lane 
Wilmslow
Cheshire
SK9 5AF 
Telephone:0303 123 1113

Privacy Notice for Essential Workers and Household members COVID-19 Testing

The Department of Health and Social Care has implemented a COVID-19 national testing programme for those defined as ‘essential workers’ (a definition of essential workers can be found at the end of this notice) and for people living within the same household as those workers. This privacy notice is applicable if we (Northampton General Hospital NHS Trust) have contacted you and you have agreed to a COVID-19 priority antigen test, or you have proactively provided us with your information to put yourself forward to receive the test.

The COVID-19 priority antigen test will confirm whether you currently have COVID-19. The result of the test will enable you or people in your household to know whether to continue to self-isolate or if it is safe to return to work.

The test is completely voluntary, and you do not have to take it.

The Department of Health and Social Care has commissioned the virus testing programme on behalf of the UK and will be Controller1 for the purposes of data protection legislation in regards to the undertaking of the test, collection of the results, and sharing these results with people who have undertaken the test. The Department of Health and Social Care will decide what information is required from you in order to undertake the test, and how it needs to be used. They may also ask for your consent to share the results with us or your employer. For further information on the testing process and data sharing by The Department of Health and Social Care website.

At different points throughout the process, other organisations may also have Controller status, depending on what they are doing with your information. Our responsibility, for which we are Controller, is in respect to the initial data collection and identification of eligible people for referral. We will pass your details to our test centre (who are a processor2 of The Department of Health and Social Care), this is called an employer referral. The employer referral portal is an online system which allows employers to refer essential workers who are self-isolating, either because they or a member(s) of their household have coronavirus symptoms, to the COVID-19 national testing programme. It is a secure portal for employers to use to upload the full list of names and contact details of self-isolating essential workers.

It is still called an employer referral even if you do not work directly for us, but are being prioritised though our local referral programme.

You will only be referred with your permission.

If referred through the employer referral portal, you will receive a text message with a unique invitation code to book a test for yourself (if symptomatic) or a household member(s) (if symptomatic) at a regional testing site.

(1) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; This is the person or organisation legally responsible and accountable for the personal information.

(2) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; They will only act on instruction from the controller and must not use the information for their own purposes.

Each organisation processing (3) your personal data will require a different level of information about you, but all will use the minimum necessary to do what they are required to by the Controller.

 

Controller contact details

Northamptonshire Clinical Commissioning Group
Francis Crick House
Summerhouse Road
Northampton
NN3 6BJ

 

Data Protection Officer contact details

Email: nelcsu.dpo@nhs.net
Telephone:
03000 428438

 

What personal data we collect

  • The details we may need from you are:
  • first and last name
  • date of birth
  • sex
  • mobile phone number
  • email address
  • address (including postcode)
  • vehicle registration number (if you are taking a test at a regional test site)
  • NHS Number (for English residents and only if you know it – Wales/Scotland/NI residents may need to provide a different local identifier, which will be specified upon registering for a test)
  • National Insurance (NI) Number
  • other household members’ first and last names

 

Purpose of the sharing

To enable an employer referral to the COVID-19 national testing programme.

 

The Lawful conditions for processing

In order that we can carry out processing of your personal data, we need a lawful basis to do so. The lawful basis for processing, storing and sharing this data are:

  • The General Data Protection Regulation, Article 6(1)(e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

We have been given an instruction by The Department of Health and Social Care to identify essential workers within their locality, and where appropriate make contact with them directly, or provide a means by which they can provide their details to us.This is to ensure the maximum number of essential workers are able to carry out their role, and to minimise the risk of the onward transfer of coronavirus. This establishes (3) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; the activity as a public task.


In addition, an Article 9 Condition for processing should be adhered to:

  • The General Data Protection Regulation, Article 9(2)(h) the processing is necessary for medical diagnosis, the provision of health treatment and management of a health and social care system.


We will be referring you to the Department of Health and Social Care so that a medical test can be undertaken. It is necessary to share the information so that a test can be conducted.

 

Recipient or categories of recipients of the shared data

The data will be shared with The Department of Health and Social Care and their appointed Processors. You can read the full details on the government coronavirus website.

 

Right to object

You have the right under Article 21 of the GDPR to object to your personal information being processed. Please contact us if you wish to object to the processing of your data. You should be aware that this is a right to raise an objection which is not the same as having an absolute right to have your wishes granted in every circumstance. You will need to provide information on your specific circumstances which relate to the reasons you are objecting.

 

Right to access and correct

You have the right to access any identifiable data that is being shared and have any inaccuracies corrected.

 

Retention period

Your information will be stored in line with the Records Management Code of Practice for Health and Social Care 2016. This means we will keep your information for up to 8 years before we dispose of it. In some circumstances, for example where we are legally required to, we may keep your information for a longer period of time.


Information that identifies you will be stored securely and processed in the UK. We will ensure that there are appropriate security safeguards including strong cyber security.


Information that does not, and cannot, identify you may be stored and processed outside of the UK. For example, information purely about the number of tests conducted, or the number of outcomes from tests.

 

Right to Complain

You have the right to complain to the Information Commissioner’s Office.
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).

Processors’

To assist us in collecting this information and processing the swab tests, we have appointed the following processors:

  • Derbyshire Healthcare United
  • Eurofins Genomics
  • Northamptonshire Clinical Commissioning Group

 

Data Sharing

In order to enable an employer referral, we will share the information you provide us with the Department of Health and Social Care.

 

List of essential workers and those prioritised for testing (England only)


All NHS and social care staff, including:

  • doctors, nurses, midwives, paramedics, social workers, care workers, and other frontline health and social care staff including volunteers
  • the support and specialist staff required to maintain the UK’s health and social care sector
  • those working as part of the health and social care supply chain, including producers and distributors of medicines, and medical and personal protective equipment
  • NHS Blood and Transplant frontline staff (blood donation staff, specialist nurses for organ donation, staff running therapeutic apheresis services in NHS hospitals)
  • those providing ancillary support to NHS workers (such as hotel accommodation for NHS staff)

 

Essential public services staff, including:

  • prisons, probation, courts and tribunals staff, judiciary religious staff
  • charities and workers delivering critical frontline services
  • those responsible for the management of the deceased
  • journalists and broadcasters covering coronavirus or providing public service broadcasting
  • public health and environmental staff, such as specialist community public health nursing

 

Public safety and national security staff, including:

  • police and support staff
  • Ministry of Defence civilians, contractors and armed forces personnel (those critical to the delivery of critical defence and national security outputs and critical to the response to the coronavirus pandemic), including defence medical staff.
  • fire and rescue service employees (including support staff), National Crime Agency staff, those maintaining border security, prison and probation staff and other national security roles, including those overseas
  • British Transport Police and the Maritime and Coastguard Agency

 

transport workers, including:

  • those who keep the air, water, road and rail passenger and freight transport modes operating during the coronavirus response.
  • those working on transport systems through which supply chains pass

 

Education and childcare workers, including:

  • support and teaching staff
  • social workers
  • specialist education professionals

 

Critical personnel in the production and distribution of food, drink and essential goods, including:

  • those involved in food production, processing, distribution, sale and delivery
  • those critical to the provision of other essential goods, such as medical supply chain and distribution workers, including community pharmacy and testing (such as PHE labs), and veterinary medicine
  • workers critical to the continuity of essential movement of goods
  • local and national government staff critical to the effective delivery of the coronavirus response, or delivering essential public services, such as the payment of benefits
  • public and environmental health staff, including in government agencies and arm’s length bodies
  • funeral industry workers
  • frontline local authority staff and volunteers, including those working with vulnerable children and adults, victims of domestic abuse, and the homeless and rough sleepers (and hotel staff supporting these groups)
  • voluntary sector organisations providing substance misuse treatment

 

utilities, communication and financial services staff, including:

  • staff needed for essential financial services provision (including but not limited to workers in banks, building societies and financial market infrastructure)
  • the oil, gas, electricity and water sectors (including sewerage)
  • information technology and data infrastructure sector and primary industry supplies to continue during the coronavirus response
  • essential staff working in the civil nuclear, chemicals, telecommunications (including but not limited to network operations, field engineering, call centre staff, IT and data infrastructure, 999 and 111 essential services), postal services and delivery, payments providers and waste disposal sectors

 

Introduction

This information tells you what happens to the information that Northampton General Hospital collects about you when you visit the hospital and what we do to keep it safe.

 

What do we collect?

We collect information about you such as:

  • Your name
  • Your address
  • Your birthday and year
  • Your family doctor
  • What we do to care for you
  • The reason that you are coming to see us
  • The name of the person who will normally bring you to your appointments
  • Any information that your doctor, you or your family gives us

 

Why do we collect it? 

Our main purpose is to deliver healthcare to you. To do this we collect information tohelp us to care for you in the best way.

We ask for your address so that we know where we can contact you. We ask for your date of birth as your age may be important to your care.

Each time you come to see us or stay in the hospital we will write down things that you tell us, things that we tell you and any medicines or exercises we give you. This means we can look back at what we have done for you to make sure we are treating you in the best way.

 

What do we do with it?

We keep your information electronically and on paper. All of this information together is called your health record. You might also hear it called your ‘notes’ by our doctors and nurses.

When you first come into hospital, you will have your own health record and will be given a number. Everyone’s health record number will be different.

Anyone involved in your direct care at the hospital can see what has been collected. This way we can use the information you have given us to make the right choices about your care.

 

Who do we share it with?

We will share the information we record about you with your family doctor. This keeps them up to date about what we are doing for you.

Your parents or guardians should also get a copy of any letters we send to your doctor about your care. Sometimes we might also share it with other health professionals involved in your care. We might also share it with your school if we think it is important for them to know. If you have a social worker we will share it with them too.

If you tell us something that makes us worried about your safety or the safety of someone else you know, we might have to share this with other people outside of the hospital - even if you don’t want us to. This is part of our job to keep you and others safe.

 

Keeping your health record safe

Everyone working in our hospital understands that they need to keep your information safe. This is called Information Governance, and is all about keeping your information confidential or protecting your privacy.

Our staff and any students from universities or colleges are taught about how to keep your information private and safe.

We tell them that they are only allowed to look at your information if they are involved in your care or if they need it to help us run our hospital. They understand that they must keep any information about you safe.

This is very important when we look at the information that identifies you. This information might include your name or address and anything you come to see us about. We are not allowed to give any of this information to anyone who shouldn’t see it. This includes talking to people about it.

 

Checking we are doing our best

All hospitals are checked by organisations who make sure we are treating and caring for patients and families in the best way we can. The people who check and inspect us might ask to see a small number of health records. They check that notes are written clearly and are kept safe to ensure that we recording and storing your information safely.

 

How long do we keep the information for?

All hospitals treating children must keep their information until the child’s 26th birthday. After this we will destroy it unless we feel it needs to be kept for your ongoing care or for your safety.

 

If we have an incident or complaint

Sometimes we need to use patient information to help us investigate incidents, complaints or legal claims. If a patient is identified, they or their guardian will be informed.

 

Am I able to see the information you collect about me?

Yes.

If you are in our hospital you may ask to see the records while you are with us. You or your family will need to ask your doctor or nurse first though as there may be things that we would need to explain to you such as abbreviations or medical words.

 

Can I have a copy of my records?

Yes.

If you are under 13, your parent or guardian will need to write or email us to tell us what they want to see. It may just be part of your record, your x ray or a report.

We will check they are who they say they are to make sure we are not sharing your information with anyone who shouldn’t see it. If you are over 13 you can request your health records yourself.

 

If I think some of my information is wrong can I do anything about it?

Yes.

You or your parent or guardian will need to contact the medical records team to tell them what it is that you think is wrong so that we can correct it. You can email the team using this address: Health.Records@nhg.nhs.uk.

 

Caldicott Gardian and Data Protection Officer

The Caldicott Guardian and Data Protection Officer are responsible for ensuring that any information we collect about you is processed in a confidential, legal and appropriate manner.

If you have any concerns about the use of your information you can contact:

Data Protection Officer
Northampton General Hospital
Cliftonville
Northampton
NN1 5BD

DPO@ngh.nhs.uk

 

If I'm unhappy with the way you've used my information can I do anything?

Yes.

You can tell us by emailing DPO@ngh.nhs.uk or you can contact the Information Commissioners Office by visiting https://ico.org.uk/global/contact-us.

 The Information Commissioners Office is an authority which makes sure we are protecting your privacy and that we are doing things correctly.

The Trust works with partner academic organisations to support and mentor students and apprentices during their placements. Student and apprentice information is processed in accordance with the individual learning agreements in place with the academic institution.

This data is required to facilitate support and mentoring of individuals and to ensure compliance with the terms and conditions outlined via contract or learning agreement.

Personal data provided by students for the purpose of employment:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

As a Trust we have a duty to eliminate unlawful discrimination, harassment or victimisation, to advance equality of opportunity and to foster good relations. All public bodies must treat people from different groups fairly and equally. Data on equality and diversity is captured in accordance with the Equality Act 2010.

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

Special Category Personal Data provided to the Trust for the purpose of compliance with Equality legislation:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

Most people who receive treatment in hospitals or psychiatric units for mental health conditions are there voluntarily and have the same rights as people receiving treatment for physical illnesses. However, a small number of patients may need to be compulsorily detained under a section of the Mental Health Act

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

9(2)(c) Necessary to protect the vital interests of a data subject who is physically or legally incapable of giving consent

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

Photographs and video footage where an individual can be clearly identified will only be used after explicit written consent has been obtained. The individual can request the photo, video or audio to be removed from the NGH photo library at any time by contacting communications@ngh.nhs.uk. Every effort will be made to remove the content however it may not be possible to control use of the photograph, video or audio completely.

Photographs, videos and audio recording may be;

  •  Used on the hospital magazine Insight
  •  Used on promotional materials such as posters or adverts
  •  Used on the NGH website, social media channels and other digital communications
  •  Used in news media and their associated websites and social media channels including print,       television and radio
  •  Stored in the NGH photo library

Personal data for the purpose of promoting the work of the Trust:

6(1)(a)Consent of the data subject

For your benefit  we may need to share information from your health records with non-NHS organisations from which you are also receiving direct care, such as social services or private healthcare organisations. We may also need to share your information, such as blood test results, for direct care processing purposes by a non-NHS organisation under an agreement with the Trust. We will always seek your permission to share your information with organisations for purposes other than your direct care.
However, in exceptional situations we may need to share information without your permission if:

  • It is in the public interest – for example, there is a risk of death or serious harm
  • The Registrar of Births, Deaths and Marriages asks for the contact details of the next of kin, in order to help carry out their statutory duty to register the death of a patient.
  • There is a legal need to share it – for example, to protect a child under the Children Act 1989
  •  A court order tells us that we must share it
  • There is a legitimate enquiry from the police under the Data Protection Act for information related to a serious crime.

We hold a list of the information sharing agreements we currently have in place with our partner organisations.

National & Local Surveys

Your personal data may be used for the purposes of the NHS Patient Survey Program, and this may include passing data to a CQC approved contractor. The anonymised reports produced by the survey programs are used to help make service improvements.

The processing basis for the Trust to use your information for the NHS Patient Survey Program is set out in Article 6(1)(e) of the General Data Protection Regulations which allows data to be processed where the “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.

Research

We may share data for approved research projects. Your consent will always be requested before any information is shared with the approved research project.  In most instances the information will be made anonymous so that you cannot be identified. We will always request approval from the NHS Health Research Authority's Confidentiality Advisory Group. The Health Research Authority has further details on patient information and health and care research.

Personal data provided by individuals for the purpose of research:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

Safeguarding

There is a duty of care to report safeguarding concerns to partner organisations to support an individual’s welfare. There is useful information on the Trust’s safeguarding page on the importance of safeguarding for adults and children and how staff are supported to act in the best interests of the individual.

https://www.northamptongeneral.nhs.uk/About/Safeguarding/Safeguarding

Public security

Data may be shared with the police or other national security agencies where it is necessary and proportionate to support the prevention, investigation and detection of crime.

Tuberculosis

Data may be provided to the Trust by partner agencies to support the management of patients with tuberculosis or suspected tuberculosis.

Infection Control

Data may be provided to the Trust by partner agencies to support the management of public health.

CQC Accessing Records

CQC has powers under the Health and Social Care Act 2008 to access and use information where they consider this is necessary to carry out their functions as a regulator. Where possible inspectors should explain why they are asking to look at certain records. They will consider any concerns and objections raised to them, and whether they can achieve CQC’s purpose by accessing the records of someone else. However, CQC relies on its legal powers to access information rather than consent, therefore may use its powers to access records even in cases where objections have been raised.

More detail on how they ensure compliance with data protection law (including GDPR) are included in CQC’s Privacy Statement.

EMRAD

This Trust is part of a group of NHS hospitals in the East Midlands that have a shared NHS radiology system, which is used by our healthcare professionals to access your radiology records. If necessary, your radiology records may also be accessed by healthcare professionals in other NHS hospitals in the East Midlands to ensure you receive consistent, safe and effective clinical care and treatment, irrespective of where you receive your care. If you have any concerns about providing information or how we use it, please discuss this with radiology staff so that you fully understand the potential impact on your care or treatment. Further details on how they ensure compliance with data protection law (including GDPR) are included in EMRAD’s Privacy Notice.

 

Ultramed Limited

The Trust has partnered with Ultramed Limited to use their ‘MyPreOp’ solution. This is a program used in the preparation of patients for procedures, operations and appointments. The Trust will ask patients to set up an account with Ultramed and input personal data to allow the management of their upcoming treatment. Ultramed will share this data with the Trust. The Trust do not provide any data about you to Ultramed. Ultramed are registered with the Information Commissioner’s Office and their registration number is ZA092775

 

Information Sharing Agreements 

Northampton General Hospital NHS Trust has Information Sharing Agreements in place with the following organisations:

 

  • 3D Lifeprints UK Ltd
  • Abbott Nutrition
  • Age UK Northamptonshire (Age UK)
  • Alliance Medical Ltd
  • AMS Ltd
  • BadgerNet
  • Blatchfords
  • Careflow
  • Carnall Farrar Ltd
  • Carnall Farrar Ltd - Deed
  • CCI Credit Management Ltd
  • Colcoscopy Database
  • Concept Management UK
  • CORS - Templar
  • Darktrace Ltd
  • Datix Ltd
  • Deceased Alliance (NHSBT)
  • Dionach Ltd
  • DMC Healthcare Ltd
  • eTrauma (Open Medical)
  • Experian
  • Harley Street Concierge
  • Inventry Ltd
  • KLS Martin UK Ltd
  • KPMG - Quality Accounts Audit
  • Magpas
  • McKesson
  • Medevolve Ltd
  • Medtronic Ltd
  • Movere - Trustmarque Solutions Ltd
  • My Health and Care Directory
  • National Cancer Patient Experience Survey 
  • NCEPOD
  • NetConsent
  • NPEx (National Pathology Exchange)
  • Newgate Technology Ltd - Nexus Theatres Dashboard
  • Osirium Ltd
  • Patient Surveys
  • PHE Cancer Registry
  • PLICS
  • Pre-Hospital Feedback - EMAS
  • Radiopharmaceuticals
  • Sectra Ltd
  • Senseon Ltd
  • Skylark Project (Hospital and Outreach)
  • Skyline
  • Smarter Security Solutions Ltd
  • TIAA (counter Fraud)
  • TPP - SystmOne eDSM
  • Transformation Nous
  • University of Northampton - Occupational Health
  • University of Northampton - Teledermatology Trial
  • Wright Medical UK Ltd - Blueprint
  • Zesty Ltd

Your personal data may be transferred outside of the UK, for example, if the Trust uses a cloud information technology service which has servers in another country. A Data Protection Impact Assessment will have been completed to ensure that data is held securely and within the requirements of the law.

If your data is transferred overseas there will be a contract in place, and a Data Processing Agreement that ensures responsibility for safeguarding data.

How the NHS and care services use your information

Northampton General Hospital NHS Trust is one of many organisations working in the health and care system to improve care for patients and the public)

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

 

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

 

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

 

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

 

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

 

You can also find out more about how patient information is used at:

 

You can change your mind about your choice at any time.

 

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

 

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation  is not currently compliant with the national data opt-out policy, however is working towards this measure in line with the NHS Digital deadline on March 31st 2020.

If you wish to ask the Trust about a data protection issue, request information on data we process, request a copy of your data, make a request for data to be erased, rectified or you have concerns about the processing of your personal data by us you may contact our Information Governance Team at:

 

The Data Controller
The Chief Information Officer & SIRO
Northampton General Hospital NHS Trust
Cliftonville
Northampton
NN1 5BD

Telephone:01604 634 700


Information Governance Team
Northampton General Hospital
Cliftonville
Northampton
NN1 5BD

Telephone:01604 543881
Email: dataprotectionact@ngh.nhs.uk

 

Patient Advice and Liaison Service (PALS) for complaints
Northampton General Hospital
Cliftonville
Northampton
NN1 5BD

Telephone:01604 545784
Email: pals.ngh@ngh.nhs.uk  

 

Data Protection Officer
Northampton General Hospital
Cliftonville
Northampton
NN1 5BD

Telephone:01604 523224
Email: dpo@ngh.nhs.uk

 

Freedom of Information Officer
Northampton General Hospital
Cliftonville
Northampton
NN1 5BD

Telephone:01604 548661
Email: foi.dept@ngh.nhs.uk

 

Caldicott Guardian
Northampton General Hospital
Cliftonville
Northampton
NN1 5BD

Telephone: 01604 544722

 

© Northampton General Hospital NHS Trust 2021       Privacy Notice | Social Media | Cookie PolicyTerms of Use | Accessibility | Accessibilty Statement