About Us

How we use your information

General Data Protection Regulations Statement.

Newcastle upon Tyne Hospitals NHS Foundation Trust is a ‘Data Controller’ under the European General Data Protection Regulations and the UK Data Protection Act 2018. This means that we are legally responsible for ensuring that all personal data that we hold and use is done so in a manner that meets the current and future data protection principles. We must notify the Information Commissioner about all our data processing activities. Our Data Processing registration number is Z6173332 and details of our registration can be found on the Information Commissioner’s website at www.ico.org.uk

Collecting your information

Why we collect information about you

Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive. These records help to ensure that you receive the best possible care from us. The information may be written down on paper (manual records), held on a computer or a mixture of both. The records may include:

  • basic details about you, such as name, date of birth, address, NHS number, next of kin and ethnicity
  • contacts we have had with you, such as visits to a health professional
  • details and records about your health, treatment and care you receive
  • relevant information from other health professionals, relatives or those people who care for you and know you well
  • information based on the professional opinion of the staff caring for you.

We need your information to provide direct care to patients. Direct care can be provided in your home in a local clinic or in hospital. To provide that care we are required to share some of your data with staff, including Doctors, Nurses, Therapists, Laboratory Technicians etc.

We also may share some limited data to assist in Commissioning of Services, Planning and Research. Where the sharing of data is a legal requirement we will ensure that the minimum amount of data is used and wherever possible the data will be anonymised. This is standard practice for commissioning, contract or research and audit purposes.

There may be some limited circumstances where information regarding the Safeguarding of patients or the public may be legally  shared  with other agencies involved in the protection and safety of individuals.

Lawful Basis for processing.

The processing of personal data for the provision of direct care is supported under the Regulations in Article 6 (1)(e) 'necessary for the performance of a task carried out in the public interest or in the exercise of official authority' and Article 9(2)(h) 'necessary for the purposes of preventative or occupational medicine for the assessment of working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems'

How your information is used to help you

Your information is used to ensure that:

  • staff caring for you have accurate and up to date information to help them decide the best possible care and treatment needed for you
  • we can contact you in relation to your care and treatment
  • we can contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients
  • treatments and services meet the needs of local communities
  • information is available should you need another form of care, for example if you are referred to a specialist or another part of the NHS
  • there is a good basis for looking back and assessing the type and quality of care you have received
  • your concerns can be properly investigated should you need to complain.

How we keep your information confidential and secure

Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality. Generally your information will only be seen by those providing or administering your care.

You may be receiving care from other people as well as the NHS such as private healthcare companies or social services. We may need to share information about you so we can all work together for your benefit.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it and usually only with your consent.

When we pass on any information we will ensure it is kept confidential and secure. A few administrative processes require information that may identify you, however wherever possible, processes will use anonymised information.

The Information about you will be retained in line with the Records Management Code Of Practice For Health and Social Care. Full details and retention schedule can be found here.

Sharing your information

The Trust is a partner in the Great North Care Record (GNCR) which facilitates the sharing of your electronic health record with other Hospitals, GPs and local authority for direct care. Access to the different electronic health record systems is managed through a secure third party, Cerner who control view access of any records held by the different organisations. All access is authorised and audited. For further information about the Great North Care Record contact them directly by telephone 0344 811 9587 or email: gncarerecord@nhs.net  or via their website www.greatnorthcarerecord.org.uk/

We also collect information about you from our Community Services including our health visiting services, school nursing services and diabetes services. This includes information about your referrals, assessments, diagnoses, activities (for example, taking a blood pressure test) and, in some cases, your answers to questionnaires.

We do this in order to assess the effectiveness of our care so that we can provide you with the best possible care and ensure that we can continually improve our services.
The data is securely sent to NHS Digital, which is the central organisation that receives the same data from all publicly-funded Community Services across England. NHS Digital removes all identifying details and combines the data we send with the data sent by other care providers, forming the Community Services Data Set (CSDS).

The CSDS data set is used to produce anonymised/pseudonymised reports that only show summary numbers of, for instance, patients referred to different types of services. It is impossible to identify any individual patient in the reports, but the reports do help us to improve the care we provide to you and other patients.

The benefits of the CSDS to you as a patient include:

  • ensuring that Community Services are available to all patients in all areas by measuring the care that is being delivered
  • better care, through monitoring progress to allow future services to be planned
  • informing patients about the care offered at different hospitals
  • more personalised and better organised care for patients through understanding what care is needed nationally, for example understanding how many patients who are discharged from hospitals then need looking after at home

Find more information about how NHS Digital uses your personal data including their lawful basis for processing, how long they hold it for and your rights here.

Manage your choice about how your confidential patient information is used beyond your own individual care. Alternatively, you can call 0300 303 5678.

Newcastle upon Tyne Hospitals NHS Foundation Trust works closely with other organisations to support patient care. This means that information will be shared between ourselves and other organisations who may be caring for you. These may include:

  • Clinical Commissioning Groups (CCGs)
  • your GP, pharmacy and other hospitals
  • out of hours medical services
  • NHS walk-in centres
  • ambulance services
  • NHS common services agencies such as dentists, ophthalmic services, etc
  • local authority departments, including social services, education and housing
  • voluntary sector providers who are directly involved in your care
  • private sector providers (private hospitals, care homes, domiciliary care agencies, hospices, contractors providing services to the NHS, etc).

We will only share information where it is clearly in your best interests to do so or where other legal reasons apply. 

In some circumstances we may share limited data with;

  • Current, past or potential employers
  • Legal representatives
  • Educators and examining bodies
  • Police forces
  • Security organisations
  • Central and local government.
  • Voluntary and charitable organisations

Anyone who receives information from us is also under a legal duty to keep it confidential and secure

Covid-19 and Data Sharing

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.

The full explanation of this emergency use can be found here

Sharing your information without consent

We will normally ask you for your consent to share information about you. However, there are times when we may be required by law to share your information without your consent. These may be:

  • where there is a serious risk of harm or abuse to you or other people
  • where a serious crime, such as assault, is being investigated or where it could be prevented
  • notification of new births
  • where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
  • where a formal court order has been issued
  • where there is a legal requirement, for example if you had committed a Road Traffic Offence

Right To Object

You have the right to object to some or all the information being processed under Article 21 of the regulations. You need to be aware that this is the right to raise an objection and is not the absolute right to have your wishes granted.

Right To Access and Correct

You have the right to access the data about you that is held or shared and have any inaccuracies corrected. There is no right to have medical records deleted except when ordered by a court of Law.

If you wish to make Subject Access Request you must put the request in writing to the;

Subject Access Team
Medical Records Department
Freeman Hospital
Newcastle upon Tyne
Tel: 0191 2137783
Email: tnu-tr.subjectaccessrequests@nhs.net

Right to Complain.

You can get support with your SAR request or advice on how to make a complaint from the Patient Advice and Liaison Service (PALS).  PALS staff are available Monday to Friday, 9am-4pm and can be contacted:

Freephone 0800 032 02 02
Email: northoftynepals@nhct.nhs.net

The Trust’s Data Protection Officer (DPO) is responsible for ensuring that NUTH complies with the data protection legislation  The DPO is the person to contact if you would like to know more about how we use your information, require information in any accessible format or language or if (for any reason) you do not wish to have your information used in any of the ways described.  His contact details are:

Richard Oliver
Data Protection Officer
Newcastle upon Tyne Hospitals
Regent Point
Newcastle upon Tyne
Email: nuth.dpo@nhs.net

© Copyright Newcastle upon Tyne Hospitals NHS Foundation Trust 2020 Site by TH_NK