So that we can provide you with the best possible service, a variety of information is collected about you from a range of sources, such as your General Practitioner. This information is used to support your healthcare. Under the General Data Protection Regulation (GDPR) information about your physical and mental health, racial or ethnic origin and religious belief are considered as sensitive personal information and is subject to strict laws governing its use. This page explains why Calderdale and Huddersfield NHS Foundation Trust collects personal information about you, the ways in which such information may be used, and your rights under the General Data Protection Regulation. The Trust is legally responsible for ensuring its processing of personal information is in compliance with the general data protection regulation.
Confidentiality affects everyone: the Calderdale and Huddersfield NHS Foundation Trust collect’s, stores and uses large amounts of personal and sensitive personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.
We take our duty to protect personal information and confidentiality very seriously and we are committed to comply with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.
The General Data Protection Regulation (GDPR) 2018 requires the Trust to process:
Sensitive personal data (Health Records) under 9(2)(h) – “Necessary for the reasons of preventative or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services” and occasionally 9(2)(c) “when it is necessary to protect the vital interests of a person who is physically or legally incapable of giving consent”
Personal data under 6(1)(e) “Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Trust (Data Controller)” and occasionally 6(1)(d) “ when it is necessary to protect the vital interests of a person who is physically or legally incapable of giving consent”
Personal data under 6 (1) (f) "Processing is necessary for the purposes of the legitimate Interests pursued by the Data Controller or by a third party"
Personal data under 6(1)(b) “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
Calderdale and Huddersfield NHS FT may need to keep and process information about you for employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to comply with contractual, statutory, and management obligations and responsibilities. We collect information during the recruitment process, whilst you are working for us and at the time when your employment ends. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Trust and protect our legal position in the event of legal proceedings.
All clinicians and health and social care professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care. They may be paper or electronic and they may include:
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes to your contact details or GP Practice as soon as possible. This minimises the risk of you not receiving important correspondence.
By providing the Trust with their contact details, patients are agreeing to the Trust using those channels to communicate with them about their healthcare, i.e. by letter (postal address), by voice mail or voice message (telephone or mobile number), by text message (mobile number) or by email (email address).
In general your records are used to direct, manage and deliver the care you receive to ensure that:
The Care Record is a shared system that allows Health or social care professionals within theCalderdale and Huddersfield Health and Social Care community to appropriately access the most up-to-date and accurate information about patients to deliver the best possible care.
The Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing. Copies of the full document can be obtained from:
This Records Management Code of Practice for Health and Social Care 2016 is a guide for the NHS to use in relation to the practice of managing records. It is relevant to organisations who work within, or under contract to NHS organisations in England. This also includes public health functions in Local Authorities and Adult Social Care where there is joint care provided within the NHS.
The Code is based on current legal requirements and professional best practice. It will help organisations to implement the recommendations of the Mid Staffordshire NHS Foundation Trust Public Inquiry1 relating to records management and transparency.
All patient records are destroyed in accordance with the NHS Records Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained.
The Trust does not keep patient records for longer than necessary and all records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.
We share information about you with others directly involved in your care; and also share more limited information for indirect care purposes, both of which are described below:
Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us also has a legal duty to keep it confidential.
Direct Care Purposes
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information.
Indirect Care Purposes:
We also use information we hold about you to:
Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be de-identified first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and NHS Digital’s websites:
Your Data Matters to the NHS
Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments.
You can choose whether your confidential patient information is used for research and planning.
To find out more visit: www.nhs.uk/your-nhs-data-matters
Telephone calls to the Trust are routinely recorded for the following purposes:
Under the General Data Protection Regulation (GDPR)
You have the right to restrict how and with whom we share information in your records that identifies you. If you object to us sharing your information we will record this explicitly within your records so that all healthcare professionals and staff involved with your care are aware of your decision. If you choose not to allow us to share your information with other health or social care professionals involved with your care, it may make the provision of treatment or care more difficult or unavailable.
Please discuss any concerns with the clinician treating you so that you are aware of any potential impact. You can also change your mind at any time about a disclosure decision.
The possible consequences of refusing consent will be fully explained to the patient at the time, and could include delays in receiving care.
In those instances where the legal basis for sharing of confidential personal information relies on the patient's explicit or implied consent, then the patient has the right at any time to refuse their consent to the information sharing, or to withdraw their consent previously given.
In instances where the legal basis for sharing information without consent relies on HRA CAG authorisation under Section 251 of the NHS Act 2006, then the patient has the right to register their objection to the disclosure, and the Trust is obliged to respect that objection.
In instances where the legal basis for sharing information relies on a statutory duty/power, then the patient cannot refuse or withdraw consent for the disclosure.
When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact number and mobile telephone number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.
We employ surveillance cameras (CCTV) on and around our sites in order to:
You have a right to make a Subject Access Request of surveillance information recorded of yourself and ask for a copy of it. Requests should be directed to the address below and you will need to provide further details as contained in the section ‘How you can access your records’. The details you provide must contain sufficient information to identify you and assist us in finding the images on our systems.
We reserve the right to withhold information where permissible by the General Data Protection Regulation (GDPR) 2018 and we will only retain surveillance data for a reasonable period or as long as is required by law. In certain circumstances (high profile investigations, serious or criminal incidents) we may need to disclose CCTV data for legal reasons. When this is done there is a requirement for the organisation that has received the images to adhere to the GDPR.
The GDPR 2018 gives you a right to access the information we hold about you on our records. Requests must be made in writing to the Access to Health Records Department. The Trust will provide your information to you within one month (this can be extended dependent on the complexity of the request) from receipt of your application.
Click into our Health Records page for information and the form you need to complete.
The Data Controller responsible for keeping your information confidential is:
Huddersfield Royal Infirmary
Main Switchboard: 01484 342000
Data Protection Officer Contact:
Patients who have a concern about any aspect of their care or treatment at this Trust, or about the way their records have been managed, should contact the Patient Advice& Liaison Service (PALS).
If you have any concerns about how we handle your information you have a right to complain to the Information Commissioners Office about it.
The GDPR 2018 requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, SK9 5AF
Telephone: 0303 123 1113
The Freedom of information Act 2000 provides any person with the right to obtain information held by the Calderdale and Huddersfield NHS Foundation Trust, subject to a number of exemptions. If you would like to request some information from us, please visit the Freedom of information section of our website.
Please note: if your request is for information we hold about you (for example, your health record), please instead see above, under "How You Can Access Your Records".