Patient privacy notice

Collecting, using and keeping your information secure

Imperial College Healthcare NHS Trust is committed to protecting your privacy when you use our services. This privacy notice explains your rights as a Trust service user, how we use information about you, and how we protect your privacy.

What this notice will tell you:

  • How data may be processed in response to COVID-19;
  • Our legal basis for processing your data;
  • Our purpose for processing your data;
  • Whether you have to provide it to us;
  • How long we store it for;
  • Whether there are other recipients of your personal data;
  • Whether we intend to transfer it to another country;
  • Your rights and freedoms; and,
  • How to lodge a complaint against the Trust to our regulatory body.

Data Processing in response to COVID-19

The health and social care system is facing significant pressures due to the Covid-19 outbreak. As such, the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s-Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak.

What information do we collect from you?

When you attend one of our hospitals or services, data is recorded about you on paper and electronically. We will need to collect information pertaining to your identity, contact information, health information, diagnoses, and other information which allows us to administer healthcare.

What are our legal duties?

We exercise our official authority by collecting, using and, if necessary, sharing your information in order to provide you with care. The Trust will also use personal data to improve medical diagnoses and treatment.

Will the Trust share your data with anyone else?

We share your data with other health and social care organisations directly involved in you care. We will always have a legal framework in place with organisations to ensure that your data will be shared appropriately. We will not provide researchers with data that identifies you personally, unless you have provided explicit, informed consented to this or there is legal justification to provide this information. Where you have elected to apply the National Data Opt Out to your record, we will not share your personal confidential information for purposes beyond the purposes of supporting the provision of health and social care.

What data about me stored elsewhere is shared with the Trust?

If you are already a patient of the Trust, we will be able to view your ‘summary care record’. Apart from the summary care record, other NHS organisations involved in your care may share information with us to help us care for you.

How is my data handled safely?

We have a legal duty keep your data secure. Our staff undertake annual data security and protection training, and the Trust is subject to regular audits and independent reviews to make sure that we do keep your data safe. When we use other organisations to process your data, we ensure these processors comply with legal obligations to keep your data secure.

How long will the Trust keep the data?

The Records Management Code of Practice for Health and Social Care 2016 sets out what people working with or in NHS organisations in England need to do to manage records correctly. This Code of Practice is based on current legal requirements and professional best practice and was published on 20 July 2016 by the Information Governance Alliance (IGA).

How can I access the information the Trust holds about me?

 

By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. To submit such a request, we ask that you contact the Health Records team via:

Who can I complain to?

The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation.

You can complain to the ICO at:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: www.ico.org.uk/concerns
Telephone: 0303 123 1113.

The Trust is registered as a data controller under the registration number Z1152836.

Contacting the Data Protection Office

The Trust’s Data Protection Officer is Philip Robinson, you can contact him at:

8th Floor of Salton House
ICT Division
St Mary's Hospital
Praed Street
London
W2 1NY

Email: imperial.dpo@nhs.net

More information and contacts

You can find out more by reading our full patient privacy notice.

Additional privacy notices

Imperial College Healthcare NHS Trust patient privacy notice

Imperial College Healthcare NHS Trust (ICHT) is committed to protecting your personal data (link to personal data info). This privacy notice explains your rights, how we use information about you, and protect your privacy.

 

< class="p3" style="margin-bottom: 0px; font-variant-numeric: normal; font-variant-east-asian: normal; font-stretch: normal; font-size: 12px; line-height: normal; font-family: 'Helvetica Neue';">What the privacy notice includes:

processing data in response to COVID-19

what data we collect  

our legal duty

how the Trust share your data

how long we store your data

who we share personal data with

what data about me from elsewhere is shared with the Trust?

security of your data

your individual rights

how long the Trust keeps your data?

How you can access the information the Trust holds about you

comments, complaints and suggestion

 

Processing data in response to COVID-19

The health and social care system is facing significant pressures due to the Covid-19 outbreak. As such, the Secretary of State requires NHS Digital; NHS England and Improvement; Arm’s-Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information for the purpose of providing you with the most appropriate health care.

What data we collect

When you attend one of our hospitals or services, data is recorded about you on paper and electronically. We need to collect data to include your identity, contact, health diagnoses, and other information which allows us to provide healthcare.

Our legal duty

We exercise our official authority by collecting, using and, if necessary, sharing your data in order to provide you with care. The Trust will also use personal data to improve medical diagnoses and treatment.

How the Trust share your data

We share your data with other health and social care organisations directly involved in your care. We will always have a legal framework in place with organisations to ensure that your data will be shared appropriately. We will not provide researchers with data that identifies you personally, unless you have provided explicit, informed consent to this or there is legal justification to provide this information. Where you have elected to apply the national data opt out to your record, we will not share your personal confidential information for purposes beyond the provision of health and social care.

What data about me from elsewhere is shared with the Trust?

If you are already a patient of the Trust, we will be able to view your summary care record. Apart from the summary care record, other NHS organisations involved in your care may share information with us to help us care for you.

Security of your data

We have a legal duty keep your data secure. Our staff undertake annual data security and protection training, and the Trust is subject to regular audits and independent reviews to make sure that we do keep your data safe. When we use other organisations to process your data, we ensure these processors comply with legal obligations to keep your data secure.

How long the Trust keeps your data

The records management code of practice for Health and Social Care 2016 sets out what people working with or in NHS organisations in England need to do to manage records correctly. This code of practice is based on current legal requirements and professional best practice and was published on 20 July 2016 by the Information Governance Alliance (IGA).

How you can access the information the Trust holds about you

By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. To submit such a request, we ask that you contact the Health Records team via:

Email imperial.accesstohealthrecords@nhs.net;

Phone: 0203 313 04001

Post: Health Records Department, Charing Cross Hospital, Fulham Palace Road, London, W6 8RF.

Comments, complaints and suggestions

The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation.

You can complain to the ICO at: Wycliffe House
Water Lane
Wilmslow

Cheshire SK9 5AF

Website: www.ico.org.uk/concerns, Telephone: 0303 123 1113.

The Trust is registered as a data controller under the registration number Z1152836.

Imperial College Healthcare NHS Trust patient privacy notice

Imperial College Healthcare NHS Trust (ICHT) is committed to protecting your personal data (link to personal data info). This privacy notice explains your rights, how we use information about you, and protect your privacy.

 

What the privacy notice includes:

processing data in response to COVID-19

what data we collect  

our legal duty

how the Trust share your data

how long we store your data

who we share personal data with

what data about me from elsewhere is shared with the Trust?

security of your data

your individual rights

how long the Trust keeps your data?

How you can access the information the Trust holds about you

comments, complaints and suggestion

 

Processing data in response to COVID-19

The health and social care system is facing significant pressures due to the Covid-19 outbreak. As such, the Secretary of State requires NHS Digital; NHS England and Improvement; Arm’s-Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information for the purpose of providing you with the most appropriate health care.

What data we collect

When you attend one of our hospitals or services, data is recorded about you on paper and electronically. We need to collect data to include your identity, contact, health diagnoses, and other information which allows us to provide healthcare.

Our legal duty

We exercise our official authority by collecting, using and, if necessary, sharing your data in order to provide you with care. The Trust will also use personal data to improve medical diagnoses and treatment.

How the Trust share your data

We share your data with other health and social care organisations directly involved in your care. We will always have a legal framework in place with organisations to ensure that your data will be shared appropriately. We will not provide researchers with data that identifies you personally, unless you have provided explicit, informed consent to this or there is legal justification to provide this information. Where you have elected to apply the national data opt out to your record, we will not share your personal confidential information for purposes beyond the provision of health and social care.

What data about me from elsewhere is shared with the Trust?

If you are already a patient of the Trust, we will be able to view your summary care record. Apart from the summary care record, other NHS organisations involved in your care may share information with us to help us care for you.

Security of your data

We have a legal duty keep your data secure. Our staff undertake annual data security and protection training, and the Trust is subject to regular audits and independent reviews to make sure that we do keep your data safe. When we use other organisations to process your data, we ensure these processors comply with legal obligations to keep your data secure.

How long the Trust keeps your data

The records management code of practice for Health and Social Care 2016 sets out what people working with or in NHS organisations in England need to do to manage records correctly. This code of practice is based on current legal requirements and professional best practice and was published on 20 July 2016 by the Information Governance Alliance (IGA).

How you can access the information the Trust holds about you

By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. To submit such a request, we ask that you contact the Health Records team via:

Email imperial.accesstohealthrecords@nhs.net;

Phone: 0203 313 04001

Post: Health Records Department, Charing Cross Hospital, Fulham Palace Road, London, W6 8RF.

Comments, complaints and suggestions

The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation.

You can complain to the ICO at: Wycliffe House
Water Lane
Wilmslow

Cheshire SK9 5AF

Website: www.ico.org.uk/concerns, Telephone: 0303 123 1113.

The Trust is registered as a data controller under the registration number Z1152836.

About this page

  • Last updated