You have the right to confidentiality under the Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), the Health and Social Care Act 2012 (HSCA) as well as the common law duty of confidence. The Equality Act 2010 may also apply in some circumstances.
You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.
You have the right to:
- apply for access;
- obtain a copy of your record in a permanent form; and
- have the information provided to you in a way you can understand and explained where necessary, such as when abbreviations are used.
Where you agree, the access right may be met by enabling you to view your record, without obtaining a copy.
Under normal circumstances we will not transfer your information outside of the European Economic Area, however there may be occasions where you require this information to be sent. In these instances, we will ask for and record your consent to do so and will take reasonable steps to ensure the safety of the information that is sent.
How do we keep your records confidential and secure?
Everyone working in the NHS has a legal and professional duty to ensure that all your information is safely and securely protected and kept confidential. All organisations providing care for the NHS or on its behalf must follow the same strict policies and controls as managed by the Department of Health’s Information Governance Framework.
The sharing of your information is strictly controlled. We will not pass on information about you to third parties without your permission unless there are exceptional circumstances, for example, where we are required to by law.
In all cases, where personal information is shared, either with or without your consent, a record will be kept. We also adhere to the revised Caldicott Principles to make sure information is accessed and held securely and appropriately.
Our secure networks, internal and external IT safeguards, use of the national NHS smartcard system and audits all ensure we protect your right to privacy and confidentiality. We only keep your records as long as we need to and are required to by law / national codes (for example, the NHS Records Management Code of Practice) after which they are securely destroyed.