Skip to content. | Skip to navigation

Personal tools

You are here: Home > Your visit > Patient leaflets > Information Governance > Confidentiality of personal information—your information, your rights

Confidentiality of personal information—your information, your rights

How can you help us to help you?

Accuracy of data

Our staff should always verify your basic details such as name, address and GP practice each time you visit the hospital.

If you spot errors on the automated check in, please inform a member of staff.

Always ensure that you:

  • Give us accurate and full information on first contact and check it
  • Let us know ASAP if any of your personal details have changed, or you risk missing crucial appointments or we won’t be able to contact you quickly in an emergency
  • Provide your NHS number if possible
  • Tell us if you notice mistakes in the information we have about you, as this helps us keep our information reliable and up to date
  • Always give your full regular registered name rather than nicknames/short name or other name, as we have to match our records with your GP practice records. The spelling and order of names is particularly important, and accounts for around 70% of errors


Health records should not be left where unauthorised people can access or view them. If you observe any incidence where we do not respect the confidentiality of your or other’s information, please report this to a member of staff or to our Information Governance Team. See useful contact information on this leaflet. 

Data protection

Chelsea and Westminster Hospital NHS Foundation Trust is required to comply with laws and regulations that apply to protecting your data and how it is used. They are the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Information about you

Your rights as a data subject:

  • Right to be informed – covered on this page and on the 'How we use your information' page
  • Right of access – please see ‘Access to health records’ below and the 'Request your health records' page
  • Right to rectification – see ‘How can you help us to help you?’ above
  • Right to erasure – not normally applicable to health data
  • Right to restrict processing and/or Right to object – only applies under certain circumstances, please see 'Further details' below
  • Right to data portability – we will handle the request accordingly
  • Rights in relation to automated decision making and profiling – we will handle requests accordingly

What information do you keep about me?

Collectively, all the information we hold about you is called your health record. It includes general personal information (for example your name, address, next of kin and GP) and sensitive information such as health reports, test results, operations and other treatments, ethnicity and religion. These records are kept in both paper and electronic form.

Why do you need information about me?

To identify you on each visit, and in order to ensure that you get the best possible care and treatment appropriate to your needs.

How is information about me used?

Your information is collected so we can use it for your direct care. This will involve sharing it with other health and social care professionals involved in your care, such as doctors, nurses, therapists and your GP as well as some administrative staff.

We will also participate in some national audits and submit your data to the Secondary Uses Service (SUS) which is the single repository for healthcare data in England which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services.

Other reasons we need accurate data about you:

  • Ensure patient needs are met now and in the future
  • Help staff review the standard of care they provide and feed staff training needs
  • Investigate any complaints or legal claims
  • Ensure NHS money is spent wisely
  • Improve our services through research

Research is generally consent based and you will be invited to opt in. The Trust does not use identifiable personal data for research purposes without your agreement.


We do not require consent to hold and use information in your records for provision of healthcare.

If consent is needed for any secondary use, such as research, then this will be obtained separately.

Sharing of information

Please note that we share information for direct care purposes and as required by UK legislation. We will automatically send copies of letters and discharge summaries to your GP and to your home following a visit unless you ask us not to. See 'How we use your information' for more details.

In certain circumstances the hospital is legally required to report information to the appropriate authorities. Examples include:

  • Where there is a serious risk to public health such as with certain infectious diseases
  • The prevention, detection or prosecution of a serious crime
  • At the request of a formal court order

In all cases we would only disclose the minimum information necessary.

National Data Opt Out (NDOO)

This was introduced following the National Data Guardians report in 2013 and implemented in 2018, and allows you to opt out of your data being shared for secondary uses (eg service development and research).

Reminder/appointment outcome service

For any reminder/appointment outcome service that we run, a third party will send automated voice or text messages or get an agent to call you or e-mail you. This reduces missed appointments ensures you obtain results faster and patients find it helpful. Links to outcome letters are also sent electronically.

Please make the Trust aware if others access your email, phone or text messages. The services assume that you are the only person that accesses the information relating to your appointment.

Access to health records

Can I get access to my health records?

Yes. You are entitled to see most personal data about you by submitting a subject access request (SAR). Exceptions would be where it was deemed to be harmful to you or someone else. Any reference to third parties, apart from NHS professionals, would also have to be hidden, unless their consent was also obtained.

How do I apply to see my health records?

Please see 'Request your health records' or write to the Health Records Department (addresses below).

What is the cost and how long will it take?

Access to information is usually free, and it will be within either one calendar month or, if the request is complex, up to three months.

Contact details

Health Records Department
Chelsea and Westminster Hospital
369 Fulham Road
SW10 9NH

Health Records Department
West Middlesex University Hospital
Twickenham Road

Further information

Information Governance Team

For questions on information governance or the use of your data please email .

Data Protection Officer (DPO) and Head of Information Governance
Graham Trainor

Caldicott Guardian
Dr Julian Collinson

Senior Information Risk Owner (SIRO)
Kevin Jarrold

Freedom of Information

For non-personal information requests please email .

The Data Protection Officer for the Trust can be contacted at

Information Commissioner’s Office (ICO)


Was this page useful to you?

Share this page