Information about you

Your rights as a data subject

• Right to be informed—see this leaflet and also our website for our privacy notice
• Right of access—please see ‘Request your health records’ section and also our website
• Right to rectification—see ‘How can you help us to help you?’ section
• Right to erasure—not applicable for health data, see ‘Consent’ section
• Right to restrict processing—see ‘Consent’ section
• Right to data portability—we will handle the request accordingly
• Right to object—see ‘Consent’ section
• Rights in relation to automated decision making and profiling—no known instances

What information do you keep about me?

Collectively, all the information we hold about you is called your health record.

It includes general personal information (such as your name, address, next of kin and GP) and sensitive information (such as health reports, test results, operations and other treatments, ethnicity and religion).

These records may be kept in either or both paper and electronic form.

Why do you need information about me?

We need information about you to identify you on each visit and to ensure that you get the best possible care and treatment appropriate to your needs.

How is information about me used?

Your information is collected so we can use it for your direct care. This will involve sharing it with other health and social care professionals involved in your care, such as doctors, nurses, therapists and your GP—as well as some administrative staff.

We also participate in some national audits and will submit your data to the Secondary Uses Service (SUS), the single repository for healthcare data in England, which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services.

Other reasons we need accurate data about you and other patients include:

• Ensuring patient needs are met now and in the future
• Helping staff review the standard of care they provide and inform staff training needs
• Investigating any complaints or legal claims
• Ensuring NHS money is spent wisely
• Improving our services through research

Consent

While we do not require consent to hold and use the information in your records for the provision of healthcare, we will always seek your consent for any secondary use, such as research. The Trust does not use identifiable personal data for research purposes without your agreement.

Sharing of information

Please note that we share information for clinical purposes and as required by UK legislation. For instance, we will automatically send copies of letters and discharge summaries to your GP following a visit, unless you ask us not to. There is more information available on the Trust website indicating how information is shared. You can restrict this by requesting us not to share information.

In certain circumstances, the Trust is legally required to report information to the appropriate authorities. Examples include:

• When there is a serious risk to public health such as with certain infectious diseases
• The prevention, detection or prosecution of a serious crime
• At the request of a formal court order

In all cases we would only disclose the minimum information necessary.

Objections to use of your information

You can withdraw or object to the use of your information by contacting the Data Protection Officer. See contact details on the blue panel of this leaflet.

Reminder service

For our appointment reminder services, a third party will send automated voice or text messages, or get an agent to call or email you. This reduces missed appointments and ensures you obtain results faster. If you would like to opt out of this service, please state your wishes at the reception desk.

Access to health records

Can I access my health records?

Yes. You are entitled to see most personal data about you. An exception would be where it was deemed to be harmful to you or someone else. Any reference to third parties, apart from NHS professionals, would also have to be hidden, unless their consent was also obtained.

How do I apply to see my health records?

To request a copy of your own (or a dependent’s) health records it would be helpful if you could complete the Access to Health Records Subject Access Request (SAR) application form.

Requests can be verbal or written with or without the form but in all cases the request will need to be recorded accurately and ID obtained to prove identity. The form saves time and confusion for both the requester and the Trust.

Please provide the approximate dates of any treatment for which you want to see the record and say what type of treatment you received. You can either ask for a copy or come in and view the originals, under supervision.

What’s the cost and how long will it take?

Access to information is free and it will be provided within either 1 month or, if the request is complex, up to 3 months.

How can you help us to help you?

Our staff should confirm your basic details such as your name, address and GP practice each time you visit the hospital. If they forget then please remind them. If you spot errors on the automated check-in, please inform a member of staff.

Please make sure that you always:

• Give us accurate and full information on first contact and check
• Let us know as soon as possible if any of your personal details have changed, otherwise there is a danger you will miss crucial appointments or that we won’t be able to contact you quickly in an emergency
• Provide your NHS number if possible
• Tell us if you notice mistakes in the information we have about you, as this helps us keep our information reliable and up-to-date
• Always give your full regular registered name rather than nicknames/short name or other name, as we have to match our records with your GP practice records—the spelling and order of names is particularly important and accounts for around 70% of errors

Confidentiality

Health records should not be left where unauthorised people can access or view them. If you observe any instance where we do not respect the confidentiality of your or other’s information we would like you to report this to a member of staff or our Information Governance team at chelwest.information.governance@nhs.net.

How can you help us to help you?

Accuracy of data

Our staff should always verify your basic details such as name, address and GP practice each time you visit the hospital.

If you spot errors on the automated check in, please inform a member of staff.

Always ensure that you:

• Give us accurate and full information on first contact and check it
• Let us know ASAP if any of your personal details have changed, or you risk missing crucial appointments or we won’t be able to contact you quickly in an emergency
• Provide your NHS number if possible
• Tell us if you notice mistakes in the information we have about you, as this helps us keep our information reliable and up to date
• Always give your full regular registered name rather than nicknames/short name or other name, as we have to match our records with your GP practice records. The spelling and order of names is particularly important, and accounts for around 70% of errors

Confidentiality

Health records should not be left where unauthorised people can access or view them. If you observe any incidence where we do not respect the confidentiality of your or other’s information, please report this to a member of staff or to our Information Governance Team. See useful contact information on this leaflet. 

Data protection

Chelsea and Westminster Hospital NHS Foundation Trust is required to comply with laws and regulations that apply to protecting your data and how it is used. They are the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Information about you

Your rights as a data subject:

• Right to be informed – covered on this page and on the 'How we use your information' page
• Right of access – please see ‘Access to health records’ below and the 'Request your health records' page
• Right to rectification – see ‘How can you help us to help you?’ above
• Right to erasure – not normally applicable to health data
• Right to restrict processing and/or Right to object – only applies under certain circumstances, please see 'Further details' below
• Right to data portability – we will handle the request accordingly
• Rights in relation to automated decision making and profiling – we will handle requests accordingly

What information do you keep about me?

Collectively, all the information we hold about you is called your health record. It includes general personal information (for example your name, address, next of kin and GP) and sensitive information such as health reports, test results, operations and other treatments, ethnicity and religion. These records are kept in both paper and electronic form.

Why do you need information about me?

To identify you on each visit, and in order to ensure that you get the best possible care and treatment appropriate to your needs.

How is information about me used?

Your information is collected so we can use it for your direct care. This will involve sharing it with other health and social care professionals involved in your care, such as doctors, nurses, therapists and your GP as well as some administrative staff.

We will also participate in some national audits and submit your data to the Secondary Uses Service (SUS) which is the single repository for healthcare data in England which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services.

Other reasons we need accurate data about you:

• Ensure patient needs are met now and in the future
• Help staff review the standard of care they provide and feed staff training needs
• Investigate any complaints or legal claims
• Ensure NHS money is spent wisely
• Improve our services through research

Research is generally consent based and you will be invited to opt in. The Trust does not use identifiable personal data for research purposes without your agreement.

Consent

We do not require consent to hold and use information in your records for provision of healthcare.

If consent is needed for any secondary use, such as research, then this will be obtained separately.

Sharing of information

Please note that we share information for direct care purposes and as required by UK legislation. We will automatically send copies of letters and discharge summaries to your GP and to your home following a visit unless you ask us not to. See 'How we use your information' for more details.

In certain circumstances the hospital is legally required to report information to the appropriate authorities. Examples include:

• Where there is a serious risk to public health such as with certain infectious diseases
• The prevention, detection or prosecution of a serious crime
• At the request of a formal court order

In all cases we would only disclose the minimum information necessary.

National Data Opt Out (NDOO)

This was introduced following the National Data Guardians report in 2013 and implemented in 2018, and allows you to opt out of your data being shared for secondary uses (eg service development and research). The Trust has a policy in place and complies with the NDOO.

• Further details about the National Data Opt Out

Reminder/appointment outcome service

For any reminder/appointment outcome service that we run, a third party will send automated voice or text messages or get an agent to call you or e-mail you. This reduces missed appointments ensures you obtain results faster and patients find it helpful. Links to outcome letters are also sent electronically.

Please make the Trust aware if others access your email, phone or text messages. The services assume that you are the only person that accesses the information relating to your appointment.

Access to health records

Can I get access to my health records?

Yes. You are entitled to see most personal data about you by submitting a subject access request (SAR). Exceptions would be where it was deemed to be harmful to you or someone else. Any reference to third parties, apart from NHS professionals, would also have to be hidden, unless their consent was also obtained.

How do I apply to see my health records?

Please see 'Request your health records' or write to the Health Records Department (addresses below).

What is the cost and how long will it take?

Access to information is usually free, and it will be within either one calendar month or, if the request is complex, up to three months.

Contact details

Health Records Department
Chelsea and Westminster Hospital
369 Fulham Road
London
SW10 9NH

Health Records Department
West Middlesex University Hospital
Twickenham Road
Isleworth
Middlesex
TW7 6AF

Further information

• Find out more about GDPR and DPA 2018

Information Governance Team

For questions on information governance or the use of your data please email chelwest.information.governance@nhs.net.

Data Protection Officer (DPO) and Head of Information Governance
Graham Trainor
E: DPO.Chelwest@nhs.net

Caldicott Guardian
Dr Ellen Dwyer
E: chelwest.caldicott.guardian@nhs.net

Senior Information Risk Owner (SIRO)
Robbie Clinc
E: via Chelwest.DPO@NHS.net

Freedom of Information

For non-personal information requests please email chelwest.FOI@nhs.net.

The Data Protection Officer for the Trust can be contacted at DPO.Chelwest@nhs.net.

Information Commissioner’s Office (ICO)

• Information Commissioner’s Office
• 0303 123 1113

Sharing information between doctors and nurses caring for you in the hospital and the community helps to ensure you get the best outcome. Keeping your GP up to date is an important part of this. Therefore, for most of our patients we regularly send update letters to their GPs electronically. 

Basic information about your medication, allergies, medical problems and blood test results (but not those from the Sexual Health Service) are also shared between hospitals and GPs using a highly secure NHS network. This means that no matter which clinic or hospital department you attend in London, staff can see the information they need to keep you safe, and tests are not repeated unnecessarily.

Only NHS staff directly involved with your care can access this information. The law says they must keep your information confidential. A log is kept of who accessed your medical records, when and where. This information cannot be shared with anyone else without your consent (unless there is a significant risk to yourself or another person or a judge orders a disclosure).

FAQs

What options do you have? 

• Allow information to be shared with your GP and other NHS services (recommended) or
• Request an opt-out from sharing information with your GP and other NHS services outside the Trust

We strongly recommend for your own safety that you allow us to share information

What happens if you opt out from sharing information with your GP and other NHS services?

The Trust will make its best efforts to prevent information being shared with your GP and other NHS services. However, the electronic patient record system is designed to share information, and we cannot promise that data will not be shared, even if you use a different name. If you do not feel comfortable with this, you may need to consider an alternative care centre. Please note that the block of information sharing will only apply to Chelsea and Westminster Hospital NHS Foundation Trust. Other hospital trusts in North West London that use the same electronic patient record system (Imperial College Healthcare NHS Trust, London North West University Healthcare NHS Trust and The Hillingdon Hospitals NHS Foundation Trust) will continue to have access to your combined medical record if you are a patient in those hospitals. They will continue to share information with your GP and send letters to your home address unless you make a separate request to those hospitals not to do so.

It is important that you are aware of the issues associated with opting out of sharing information:

• If you visit A&E or you are discharged from hospital, your GP will not be notified.
• When you are seen in any hospital clinic, your GP won’t get a letter unless you ask for a paper copy which you can deliver personally.
• Your GP and medical staff at other hospitals you visit outside North West London won’t be able to see information from this Trust.
• Your GP may still be able to view some test results such as blood tests, through their own computer system.

You can change your mind at any time in the future.

What are the risks?

There is a real risk that this could significantly harm your health:

• Your GP won’t know if the Hospital has asked them to change your medication or arrange tests.
• Your GP and other NHS staff will not know that the Trust has hidden your information. They may assume you have no other health problems unless you tell them.
• You could be given medicines that are harmful when you take them with medicines we give to you at this hospital.
• It is your responsibility to ensure your GP and other doctors and nurses have the information they need to treat you safely.

NHS IT systems are now being rebuilt to help information sharing between teams in secure and confidential networks. If you opt out of information sharing, the Trust will make its best efforts to respect your decision. However, it can’t guarantee that no information will be shared even if you use a different name. If you feel uncomfortable with this, you may need to consider transferring to an alternative centre.

Receiving copies of GP correspondence at your home address

You may request that copies of letters sent to your GP are not sent to your home address. This request can be made independently or in addition to a request to block correspondence being sent to your GP. The Trust will make its best efforts to prevent copies of letters being sent to your home address but cannot guarantee that this will not occur. Appointment letters will still be sent out to your home address even if a block has been placed on copies of clinical correspondence.