Privacy Notice
Security of information
Confidentiality affects everyone. We have a legal basis to gather, store and process
large amounts of information on a daily basis. This includes medical records, personal
records and computerised information for the purposes of preventive or occupational
medicine; medical diagnosis; or if the process is necessary for the performance of a
task carried out in the public interest. This information is used by many people
throughout the course of their daily work.
Our duty to protect information and confidentiality is taken very seriously. We are
committed to taking all reasonable measures to ensure the confidentiality and the
security of all information for which we are responsible, whether computerised or on
paper. This includes regular staff training on the legal obligations they have to maintain
confidentiality and security of information at all times.
We have appointed a Senior Information Risk Owner who is accountable for the
management of all information assets and any associated risks and incidents, and a
Caldicott Guardian who is responsible for the management of patient information and
patient confidentiality.
We take staff training extremely seriously. This is to ensure that nobody will access or
use your information without a relevant reason, and to stop accidental loss, damage
and destruction of any of your medical, personal and electronic records.
Why do we collect information about you?
To make sure you get the best care doctors, nurses and the team of health and care
staff caring for you keep records about your health and any care or treatment you may
receive from the NHS and Social Care. These records help to make sure that you
receive the best possible care. These may be written down in your paper records or
held on a computer. They may include:
- Basic details about you such as name, address, date of birth, next of kin, etc.
- Contact we have had with you such as appointments or clinic visits,
- Notes and reports about your health, treatment and care,
- Results of x-rays, scans and laboratory tests,
- Relevant information from people who care for you and know you well such as
health professionals and relatives.
Always check that your details are correct when you visit us and please tell us of any
changes as soon as possible.
How your personal information is used
Your records are used to manage and deliver the care you receive to make sure that:
- The doctors, nurses and other healthcare members of staff involved in your care
have correct and up to date information, to look at your health and decide on the
right care for you, - Health and care staff have the information they need to be able to look at and
improve the quality and type of care you receive, - Your concerns and worries can be properly investigated if a complaint is raised,
- The right information is available if you see another doctor, or are referred to a
specialist or another part of the NHS and Social Care. - To ensure that you are discharged from hospital as quickly as possible, with the
support you need to go home.
Who do we share personal information with?
Everyone working within the NHS and Social Care (within your local authority/council)
has a legal duty to keep information confidential. Similarly, anyone who receives
information from us has a legal duty concerning your confidentiality. The partner
organisations with which we share information are:
- Other NHS Trusts and hospitals that are involved in your care,
- General Practitioners (GPs),
- Ambulance Services,
- NHS111
- Adults’ and children’s social care services.
You may be receiving care from other sectors as well as the NHS. Therefore we may
need to share information to other agencies about you, so we can all work together for
your benefit. We will only do this if they have a legitimate need, or we have your
permission. These agencies include:
- Community Pharmacies
- Care Homes
- Hospices
- Social Care Services.
- Education Services.
- Local Authorities.
- Voluntary and private sector providers working with the NHS.
- General Medical Council
The Notts Care Record is sub-processed by Interweave: https://www.interweavedigital.com/
We will not provide your information to any other third parties without your permission
unless there are exceptional circumstances, such as, if the health and safety of you
and others is at risk or if the law requires us to pass on information.
Nottingham and Nottinghamshire Ecosystems Platform and Notts
Care Record
The Nottingham and Nottinghamshire Ecosystems Platform and Notts Care Record is
a shared system that allows healthcare staff within the Nottingham and
Nottinghamshire health and social care community to appropriately access the most
up-to-date and correct information about patients involved in their care, to deliver the
best possible care.
If you would like any further information, or would like to discuss this further, please
contact us using the details provided below.
Disclosure of information
You have the right to object to how and with whom we share the information that is
within your records that could identify you. This will be noted within your records so
that all staff involved with your care and treatment are aware of your decision. By
choosing this option, it may mean that the delivery of your care or treatment ia more
difficult. You can also change your mind at any time about your decision.
How you can access your records
The Data Protection legislation gives you a right to access the information we hold
about you in our records. We will provide your information that you are entitled to within
a calendar month once you have provided
- adequate supporting information to enable us to verify your identity and locate
your records, - An indication of what information you are requesting, to enable us to locate it in an
efficient manner.
[Organisation Name] is only the data controller for their data within the Notts Care
Record. If you wish to access the data that other organisations have put in it then you
will need to contact their Information Governance team and request it.
You as an individual have the right to have erased any records that have been
inaccurately added to your medical records, personal records or other computerised
system. If you think any information is inaccurate or incorrect, please contact us using
the details below.
Ultimately, if you are unhappy with the way we have handled your information you
have the right to make a complaint to us or to the Information Commissioner’s Office
(the ICO).
Retention
The retention period for medical records once you have been discharged from care is
eight years. Once this period is up your records will then be destroyed within the
guidelines set out by the Data Protection legislation. There are some exemptions to
this, such as maternity and child’s records; these will be kept for 25 years.
Data Controller
The Data Controller responsible for keeping your information confidential is:
Fountain Medical Centre
Sherwood Avenue
Nottingham
NG24 1QH
Telephone: 01636 704378
The Data Protection Officer can be contacted:
Paul Couldrey
info@pcdc.org.uk
Freedom of Information
The Freedom of information Act 2000 provides any person with the right to obtain
information held by us subject to exemptions.
Notification
The Data Protection Legislation requires organisations to lodge a notification with the
Information Commissioner to describe the purposes for which they process personal
information. These details are publicly available from:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Telephone: 08456 306060
Website: www.ico.gov.uk