Normal text size iconIncrease text size by 30% iconText Only

Privacy Notice

In the National Health Service (NHS), we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

The Data Protection Act and General Data Protection Regulation (GDPR) 2018 controls how your personal information is used by organisations, businesses or the government. Under the Act Northampton General Hospital NHS Trust is defined as a ‘data controller’ of your personal information. We collect information to help us provide and manage healthcare to our patients. The trust is registered with the Information Commissioners Office. Our Registration number is Z4694847

We will process your personal information fairly and lawfully by; 

a) Only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights;

We do not rely on consent to use your information as a ‘legal basis for processing’.  We rely on specific provisions under Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller.’ 

This means we can use your personal information to provide you with your care without seeking your consent.  However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care 

b) Only collecting and using your information to provide you with your care and treatment and not using it for anything else that is not considered by law to be for this purpose;

We would never share information for marketing or insurance purposes.

c) Only using enough of your personal information that will be relevant and necessary for us to carry out various tasks for the delivery of your care;

d) Keeping your information accurate and up to date when using it and if it is found to be wrong, we will make it right, where appropriate, as soon as we can;

e) Only keeping your information in a way that it will identify you for as long as we are legally required to, whilst ensuring your rights;

f) Having secure processes in place to keep your personal information safe when it is being used, shared, and stored.

Health and social care professionals working with you – such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care – keep records about your health and any care and treatment you receive.  This may include:

 

  • Basic details such as name, address, date of birth, phone number, and email address  - where you have provided it to enable us to communicate with you by email

  • Your next of kin and contact details

  • Notes and reports about your physical or mental health and any treatment, care or support you need and receive

  • Results of your tests and diagnosis

  • Relevant information from other professionals, relatives or those who care for you or know you well

  • Any contact you have with us such as home visits or outpatient appointments

  • Information on medicines, side effects and allergies

  • Patient experience feedback and treatment outcome information you provide

Most of your records are electronic and are held on a computer system and a secure IT network. New models of service delivery are being implemented, with closer working with GPs and other healthcare and social care providers. To assist this, the use of other electronic patient record systems to share your information will be implemented.  

 

We process personal data to enable us to provide healthcare services for patients; research; supporting and managing our employees; maintaining our accounts and records; the use of CCTV systems for crime prevention; and data matching under the national fraud initiative.

Your information is used to guide and record the care you receive and is vital in helping us to:  

  •   have all the information necessary for assessing your needs and for making decisions with you about your care  
  •  have details of our contact with you, such as referrals and appointments and services you have received
  •   assess the quality of care we give you
  •   properly investigate if you and your family have  a concern or a complaint about your healthcare

Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:

  •  Move to another area  
  •  Need to use another service
  •  See a different healthcare professional

We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.

This Trust is registered to the Information Commissioner’s Office; registration number Z4694847

If we are your employer, we process your data to enable us to undertake our responsibilities under law.

Personal data provided by staff members for the purpose of employment:

6(1)(f) Necessary for the purposes of legitimate interests

Special category data provided by staff members for the purpose of employment:

This data is required to manage the operation of the organisation and to ensure compliance with the terms and conditions outlined in your contract, as part of your employment.  

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

Staff Occupational Health Data

Special category data gathered by the Trust in relation to employee health is processed for the reasons of preventative or occupational medicine, and for assessment of working capacity.

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

The Trust works with partner academic organisations to support and mentor students and apprentices during their placements. Student and apprentice information is processed in accordance with the individual learning agreements in place with the academic institution.

This data is required to facilitate support and mentoring of individuals and to ensure compliance with the terms and conditions outlined via contract or learning agreement.

Personal data provided by students for the purpose of employment:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

As a Trust we have a duty to eliminate unlawful discrimination, harassment or victimisation, to advance equality of opportunity and to foster good relations. All public bodies must treat people from different groups fairly and equally. Data on equality and diversity is captured in accordance with the Equality Act 2010.

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

Special Category Personal Data provided to the Trust for the purpose of compliance with Equality legislation:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

Most people who receive treatment in hospitals or psychiatric units for mental health conditions are there voluntarily and have the same rights as people receiving treatment for physical illnesses. However, a small number of patients may need to be compulsorily detained under a section of the Mental Health Act

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

9(2)(c) Necessary to protect the vital interests of a data subject who is physically or legally incapable of giving consent

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

Photographs and video footage where an individual can be clearly identified will only be used after explicit written consent has been obtained. The individual can request the photo, video or audio to be removed from the NGH photo library at any time by contacting communications@ngh.nhs.uk. Every effort will be made to remove the content however it may not be possible to control use of the photograph, video or audio completely.

Photographs, videos and audio recording may be;

  •  Used on the hospital magazine Insight
  •  Used on promotional materials such as posters or adverts
  •  Used on the NGH website, social media channels and other digital communications
  •  Used in news media and their associated websites and social media channels including print,       television and radio
  •  Stored in the NGH photo library

Personal data for the purpose of promoting the work of the Trust:

6(1)(a)Consent of the data subject

For your benefit we may need to share information from your health records with non-NHS organisations from which you are also receiving direct care, such as social services or private healthcare organisations. We may also need to share your information, such as blood test results, for direct care processing purposes by a non-NHS organisation under an agreement with the Trust. We will always seek your permission to share your information with organisations for purposes other than your direct care.
However, in exceptional situations we may need to share information without your permission if:

  • It is in the public interest – for example, there is a risk of death or serious harm
  • There is a legal need to share it – for example, to protect a child under the Children Act 1989
  •  A court order tells us that we must share it
  • There is a legitimate enquiry from the police under the Data Protection Act for information related to a serious crime.

We hold a list of the information sharing agreements we currently have in place with our partner organisations.

National & Local Surveys

Your personal data may be used for the purposes of the NHS Patient Survey Program, and this may include passing data to a CQC approved contractor. The anonymised reports produced by the survey programs are used to help make service improvements.

The processing basis for the Trust to use your information for the NHS Patient Survey Program is set out in Article 6(1)(e) of the General Data Protection Regulations which allows data to be processed where the “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.

Research

We may share data for approved research projects. Your consent will always be requested before any information is shared with the approved research project.  In most instances the information will be made anonymous so that you cannot be identified. We will always request approval from the NHS Health Research Authority's Confidentiality Advisory Group. The Health Research Authority has further details on patient information and health and care research.

Personal data provided by individuals for the purpose of research:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

Safeguarding

There is a duty of care to report safeguarding concerns to partner organisations to support an individual’s welfare. There is useful information on the Trust’s safeguarding page on the importance of safeguarding for adults and children and how staff are supported to act in the best interests of the individual.

https://www.northamptongeneral.nhs.uk/About/Safeguarding/Safeguarding

Public security

Data may be shared with the police or other national security agencies where it is necessary and proportionate to support the prevention, investigation and detection of crime.

Tuberculosis

Data may be provided to the Trust by partner agencies to support the management of patients with tuberculosis or suspected tuberculosis.

Infection Control

Data may be provided to the Trust by partner agencies to support the management of public health.

CQC Accessing Records

CQC has powers under the Health and Social Care Act 2008 to access and use information where they consider this is necessary to carry out their functions as a regulator. Where possible inspectors should explain why they are asking to look at certain records. They will consider any concerns and objections raised to them, and whether they can achieve CQC’s purpose by accessing the records of someone else. However, CQC relies on its legal powers to access information rather than consent, therefore may use its powers to access records even in cases where objections have been raised.

More detail on how they ensure compliance with data protection law (including GDPR) are included in CQC’s Privacy Statement.

EMRAD

This Trust is part of a group of NHS hospitals in the East Midlands that have a shared NHS radiology system, which is used by our healthcare professionals to access your radiology records. If necessary, your radiology records may also be accessed by healthcare professionals in other NHS hospitals in the East Midlands to ensure you receive consistent, safe and effective clinical care and treatment, irrespective of where you receive your care. If you have any concerns about providing information or how we use it, please discuss this with radiology staff so that you fully understand the potential impact on your care or treatment. Further details on how they ensure compliance with data protection law (including GDPR) are included in EMRAD’s Privacy Notice.

 

Information Sharing Agreements 

Northampton General Hospital NHS Trust has Information Sharing Agreements in place with the following organisations:

 

3D Lifeprints UK Ltd

Abbott Nutrition

Age UK Northamptonshire (Age UK)

Alliance Medical Ltd

AMS Ltd

BadgerNet

Blatchfords

Careflow

Carnall Farrar Ltd

Carnall Farrar Ltd - Deed

CCI Credit Management Ltd

Colcoscopy Database

Concept Management UK

CORS - Templar

Darktrace Ltd

Datix Ltd

Deceased Alliance (NHSBT)

Dionach Ltd

DMC Healthcare Ltd

eTrauma (Open Medical)

Experian

Harley Street Concierge

Inventry Ltd

KLS Martin UK Ltd

KPMG - Quality Accounts Audit

Magpas

McKesson

Medevolve Ltd

Medtronic Ltd

Movere - Trustmarque Solutions Ltd

My Health and Care Directory

National Cancer Patient Experience Survey 

NCEPOD

NetConsent

NPEx (National Pathology Exchange)

Newgate Technology Ltd - Nexus Theatres Dashboard

Osirium Ltd

Patient Surveys

PHE Cancer Registry

PLICS

Pre-Hospital Feedback - EMAS

Radiopharmaceuticals

Sectra Ltd

Senseon Ltd

Skylark Project (Hospital and Outreach)

Skyline

Smarter Security Solutions Ltd

TIAA (counter Fraud)

TPP - SystmOne eDSM

Transformation Nous

University of Northampton - Occupational Health

University of Northampton - Teledermatology Trial

Wright Medical UK Ltd - Blueprint

Zesty Ltd

Your personal data may be transferred outside of the UK, for example, if the Trust uses a cloud information technology service which has servers in another country. A Data Protection Impact Assessment will have been completed to ensure that data is held securely and within the requirements of the law.

If your data is transferred overseas there will be a contract in place, and a Data Processing Agreement that ensures responsibility for safeguarding data.

If you wish to opt out of sharing your information with other healthcare settings please discuss with your healthcare team at your next appointment. They can discuss with you the impact to your individual health care.

If you wish to ask the Trust about a data protection issue, request information on data we process, request a copy of your data, make a request for data to be erased, rectified or you have concerns about the processing of your personal data by us you may contact our Information Governance Team at:

 

The Data Controller

The Chief Information Officer & SIRO
Northampton General Hospital NHS Trust

Cliftonville

Northampton

NN1 5BD

Telephone: 01604 634 700


Information Governance Team
Northampton General Hospital

Cliftonville

Northampton

NN1 5BD

Telephone: 01604 543881

Email: dataprotectionact@ngh.nhs.uk

 

Patient Advice and Liaison Service (PALS) for complaints

Northampton General Hospital

Cliftonville

Northampton

NN1 5BD

Telephone: 01604 545784

Email: pals.ngh@ngh.nhs.uk  

 

Data Protection Officer
Northampton General Hospital

Cliftonville

Northampton

NN1 5BD

Telephone: 01604 523224

Email: dpo@ngh.nhs.uk

 

Freedom of Information Officer
Northampton General Hospital

Cliftonville

Northampton

NN1 5BD

Telephone: 01604 548661

Email: foi.dept@ngh.nhs.uk

 

Caldicott Guardian

Northampton General Hospital

Cliftonville

Northampton

NN1 5BD

Telephone: 01604 544722

 

© Northampton General Hospital NHS Trust 2019       Privacy Notice | Cookie PolicyTerms of Use | Accessibility