Protecting your information

We are committed to ensuring personal information is used appropriately and in line with the Data Protection Act.

​Personal information that you give to others can only be used in certain ways. The Data Protection Act 1998 is the law that sets this out. The act contains eight principles and one of these states that personal information must be processed 'fairly and lawfully'. This means you have the right to know how we intend to use the information that you provide to us.

The Trust processes information in relation to:
  • Accounts and records
  • Administration of membership records
  • Advertising, marketing and public relations
  • Crime prevention and prosecution of offenders
  • Data matching
  • Emergency response arrangements
  • Freedom of Information Act 2000 and Environmental Information Regulations 2004
  • Health administration and services
  • Public health
  • Research
  • Staff administration
The Trust does not transfer any information outside the European Economic Area.

Sharing information during an emergency    
The Trust deals with a number of agencies who have a responsibility to plan for and respond to emergencies. Amongst these are local authorities, police, fire and rescue, ambulance and health services. The Trust may also liaise with the Environment Agency and others depending on the circumstances of the emergency.

During an emergency, the Trust has a statutory duty under the Civil Contingencies Act 2004 to share information, including the identification of vulnerable people who may need specific support during the event. If possible, consent will first be sought. However, if an event or situation threatens serious damage to human welfare, this may be set aside. Wherever information is shared, it will be recorded in the patient's records.

Information we may share includes names, addresses, dates of birth, contact details and any other information relevant to the individual in the circumstances of a particular emergency. The Trust will ensure that only the information necessary is shared and information will always be held in the strictest of confidence. When the information is no longer required for this purpose, partner agencies will ensure that it is destroyed or returned to the Trust for destruction.

How we use your information
Information, including personal and sensitive details, is essential in enabling us us to provide effective healthcare. We sometimes need to collect, store and share this information, but must always respect an individual's right to privacy and to be informed about how the information will be used. 

The Data Protection Act 1998 was introduced to achieve a balance between the rights of individuals and the interests of those with legitimate reasons for using personal information. The act applies to all types of personal information, whether on computer, other electronic media, video tape or manual records, and includes both facts and opinions about the individual. 

The Data Protection Act places legal obligations on those who collect, store and share information (data controllers), and gives rights to those who are the subject of that information (data subjects). 
To learn more about the Data Protection Act 1998, please visit the Information Commissioner's Office website, or contact the Information Governance Team. The full Data Protection Act is available on the Government's legislation website.

North West Boroughs Healthcare NHS Foundation Trust is registered with the Information Commissioner's Office as a data controller (registration number: Z8591053).
Further information