Your information and what you should know (privacy notice)

Our hospitals are registered to process personal and sensitive information under the Data Protection Act 1998 - our registration number is Z6690929.

We collect key information about patients, their medical conditions and clinical care. This information is maintained in our patients' paper health record and may also be held electronically on computer systems. All information is held in accordance with the Principles of the Data Protection Act 1998 and all NHS staff have a legal duty to maintain your confidentiality.

We may share information with other NHS providers or social care organisations for the purpose of ongoing care or treatment. We will also share information as required by law, for example, to comply with a court order.

We will anonymise your information wherever possible to protect confidentiality and give patients the opportunity to object, wherever this is appropriate.

We also collect information on staff and volunteers.

What rights do you have as a patient have?

You have the right to:

  • Confidentiality under the Data Protection Act 1998, the Human Rights
    Act 1998 and the common law duty of confidence
  • Ask for a copy of all records about you
  • Have errors in your details corrected.

How can you help us?

  • By pointing out any information in your records which is wrong (telling us when you change address, GP or telephone number for example)
  • By allowing us to share as much information about you as we need to in order to provide you with the best possible healthcare.

Sometimes, we might ask your permission to use records from which you could be identified for important research. Please give us permission unless you feel strongly that you do not want your information used in this way.

What information do we hold about our patients?

We hold basic details about you, such as your address (including correspondence address), telephone numbers, date of birth, sex, next of kin and your GP.

Together with this information, we also hold other details about you, which may include:

  • Your medical conditions
  • Treatment provided and contact you have had with us
  • Results of investigations, such as x-rays and laboratory tests
  • Reports about your health and the care you need
  • Relevant information from other health professionals
  • Smoking status
  • Any learning disabilities
  • Religion
  • Marital status
  • NHS number
  • Occupation
  • Overseas status
  • Place of birth
  • Preferred name or maiden name
  • Where applicable, the date, cause (if died in hospital) and place of death
  • Your ethnic origin, in order to help in planning services and ensuring equal access
  • School details
  • Child protection status
  • Email address.

The care records guarantee (opens in a new window) outlines the duty we have to maintain accurate records of the care we provide to you; keep these records confidential and secure; and provide information in a format that is accessible to you.

Why do we hold this information?

Records about you are used by those caring for you to:

  • Provide a good basis for all healthcare decisions by you and care professionals
  • Enable you to work in partnership with those providing care
  • Make sure the care we provide is safe and effective
  • Work effectively with others providing you with care
  • Remind you about appointments.

Others within the trust and the NHS may also need to use records about you to:

  • Check the quality of care (called clinical audit)
  • Protect the health of the general public
  • Keep track of NHS spending
  • Manage the health service
  • Help investigate untoward incidents, complaints or legal claims
  • Teach healthcare staff
  • Help with research.

If we need to use information that identifies you, for more than your direct care or to check the quality of that care, we will always seek your consent beforehand.

Staff, volunteers and job applicants

  • Records are held for the purposes of running the trust and meeting statutory requirements.
  • Information is also held on job applicants.

Who do we share information with?

We will share information with other parts of the NHS and those contracted to provide services to the NHS in order to support your healthcare needs.

In particular, we will inform your GP of your progress unless you ask us not to.

We may also share your information with other organisations where it may benefit you, for example with social services, community services and clinical commissioning groups (who commission hospital services) and companies that provide services on behalf of the trust.

To assist in the management of the health service, and to protect the health of the general public, we may share information with other parts of the NHS or with other public sector organisations.

We are also required by law to report certain information to the appropriate authorities, for example notification of new births. We may also provide information regarding crimes to the police.

Whenever we share information with other organisations we will do this line with the Data Protection Act (1998) and the NHS Confidentiality Code of Practice (2003).

We share anonymous information with local authorities and the police for the purposes of crime mapping.

We do not share information, in the ways described above, regarding treatment you may have received in the specialities of sexually transmitted infections and human fertilisation and embryology (not withstanding any legal requirements imposed on the trust).

Information on staff and volunteers may be shared with third parties that provide services to the trust and in order to comply with statutory requirements.

How do we maintain your records?

Your health records are held in both paper and computer forms and we must retain these for at least eight years.

Everyone working in the NHS has a legal duty to keep information about you confidential. Generally, only those members of staff directly involved in providing your care are able to see the information.

The details of staff, volunteers and job applicants are held electronically and on paper.

We have a duty to:

  • Maintain full and accurate records of the care we provide to you
  • Keep records about you confidential and secure
  • Provide information in a format that is accessible to you (for example in large type if you are partially sighted).

How can you access your health records?

If you require a paper copy of your health records, please follow the instructions to access your health records.

Staff, volunteers and job applicants should contact our Human Resources department for copies of documentation we hold.

Guidance from the Information Commissioner's Office

The Information Commissioner provides guidance on data sharing online (opens in a new window).

If you email us

We may use email monitoring or blocking software. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Please note that emails sent to us are not secure, and we may choose not to reply via email if we have concerns regarding confidentiality and/or security.

Email is not a guaranteed delivery service - if your communication is important please confirm we have received it by other means.

Complaints or queries

For further information or if you would like to make a complaint, please contact the Patient Advice and Liaison Service (PALS) on 020 8296 2508 or at

If you feel that we have not adequately dealt with your complaint you can complain to the Information Commissioner at the address below:

Information Commissioner's Office

Wycliffe House
Water Lane

Get connected

  • Like us on Facebook 
  • Follow us on Twitter
  • Follow us on Linkedin 
  • Reviews on NHS Choices
  • Watch our videos


  • Like us on facebook
  • Follow us on Twitter 
  • Follow us on LinkedIn
  • Review on NHS Choices
  • Watch our videos

NHS image placement

Healthy Workplace Achievement Award 2016 NHS Choices