Being open with people about how the Trust uses their information shows that we care about your information and is a key requirement under UK law.
You can find more detailed information about how we use your information on the Gateshead Health NHS Foundation Trust website under “Privacy.”
Trust Main Contact Details
Gateshead Health NHS Foundation Trust
We are the controller for your information. A controller decides on why and how information is used and shared.
Queen Elizabeth Hospital,
Queen Elizabeth Avenue,
Sheriff Hill,
Gateshead,
NE9 6SX
Data Protection Officer Contact Details
Our Data Protection Officer is Dianne Ridsdale and is responsible for monitoring our compliance with data protection requirements.
You can contact them with queries or concerns relating to the use of your personal information.
Data Protection Officer
Dianne Ridsdale,
Queen Elizabeth Hospital,
Trust HQ,
Queen Elizabeth Avenue,
Sheriff Hill,
Gateshead,
NE9 6SX
Monday – Friday, excl. Bank Holidays
–
How do we get information about you and why do we have it?
Where do we get your information from?
The information we collect is provided:
- Directly by you.
- From other health and care organisations involved in your care
- Family member or carers that support your care.
- Other organisations to support your employment and development
What information do we keep?
We keep information about you and the treatment you receive in both paper and electronic records.
This information is vital to the operation of the NHS and is needed to provide you and others with the best possible healthcare.
What information does the Trust record and why?
The Trust holds information such as:
- Basic details about you, for example your address, next of kin contacts, status etc.
- Details about your treatment, care, and support that you need and receive.
- Investigation results, notes, and reports, such as x-rays and laboratory tests
- Any information you tell us that is important to your treatment or your illness.
This information helps us to:
- Confirm your identity when we need to contact you.
- Make decisions about your care.
- Check your care is effective, correct, and safe.
How do we use your information?
Your information is used in the best interests of you and the care you require. Every effort is made to ensure your information is relevant and confidential.
We need to keep this information to provide proper care.
You can find more detailed information about how we use your information on the Gateshead Health NHS Foundation Trust website under “Privacy.”
Personal Information
We currently collect and use the following personal information:
- Name,
- Date of birth,
- Address,
- Full postcode,
- Telephone numbers,
- Next of kin,
- NHS number,
- photographic identity (photo ID) (for example, photographs of staff for ID badges or our website),
- Image recordings through closed circuit television (CCTV) for prevention and detection of crime,
- Financial information for employment or payment services (for example payroll, pension).
More Sensitive Information
We currently collect and use the following more sensitive information:
- Data concerning physical or mental health (for example, details about your appointments or diagnosis),
- Data revealing racial or ethnic origin,
- Data concerning a person’s sex life,
- Data concerning a person’s sexual orientation,
- Genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service),
- Biometric data (where used for identification purposes),
- Data revealing political opinions (unlikely to apply outside of employment conditions),
- Data revealing religious or philosophical beliefs,
- Data revealing trade union membership (unlikely to apply outside of employment conditions),
- Data relating to criminal or suspected criminal offences.
What is our lawful basis for using your information?
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information must be one listed within Article 6 and Article 9.
The following are the conditions that apply depending on the reason we have your information.
You can find more detailed information about how we use your information on the Gateshead Health NHS Foundation Trust website under “Privacy.”
GDPR Article Summary
Article 6,1
(a) We have your consent – Specific, informed and unambiguous
(b) We have a contractual obligation – With a person and a service
(c) We have a legal obligation – The law requires us to do this.
(e) We need it to perform a public task i.e., provide care – As an NHS organisation we are required to undertake activities by law
Article 9,2
(a) We have your explicit consent – Clear and specific statement of consent
(b) We need it for employment, social security and social protection reasons if authorised by law.
(f) We need it for a legal claim, or the courts require it.
(g) Reasons of a substantial public interest with a basis in law
(h) To provide health and social care with a basis in law
(i) To manage public health with a basis in law
(j) For Archiving, research and statistics with a basis in law
How do we keep your information safe?
The Trust knows the information it keeps is important and private.
Any personal information is kept confidential, and the Trust’s Information Governance policies and procedures are to allow staff to use and keep your information safe.
| What controls are in place to safeguard your information? | All staff including contractors, casual staff and volunteers are governed by the Data Protection Act and confidentiality clauses within their contracts and are trained to respect their duty of confidentiality to you and your information. We keep paper and electronic records securely and access to information is controlled through employee job roles and on a need-to-know basis. This access is regularly reviewed, audited, and updated to ensure staff can only access what they need to access. Trust information governance policies and procedures support staff by providing guidance and best practices when they are managing, handling accessing and using information. All systems are accessed through individual logins by staff and where cloud services are used multi factor authentication is enabled as an extra security level. All staff receive regular awareness communications and training to ensure their practices and knowledge mirror Trust policy, procedure, and core values. |
| Who has access to your information? | Doctors who need to make notes about your care. Nurses and other health professionals require access to your records to add their own notes and to read treatment history if they are part of your care package. Secretaries, receptionists, and other clerical staff have limited access to your records to allow them to complete administrative tasks such as booking appointments and sending letters etc. |
Why and who might we share your information with?
Why might we share you information?
We share information with people who need to know about you to aid with consistency in the care you require or to provide a service to you as an employer.
In some circumstances we are legally obliged to share information:
- With NHS England to develop national IT and data services
- To register births and deaths
- Report infectious diseases
- When a court orders us to do so
- Where a public inquiry requires the information i.e., Covid-19
- For employment services i.e., the Department of Work and Pensions (DWP) and HM Customs and Revenue (HMRC).
Who might we share you information with?
We may share information with the following types of organisations:
- Third party data processors such as IT system suppliers
- Planners of health and care services such as Integrated Care Boards
- General Practitioner’s (GP)
- Ambulance Services
- Local Authorities
- Private sector providers who work with the Trust.
- Northumbria Healthcare NHS Foundation Trust (Payroll)
- Education establishments
- Law enforcement agencies
- NHS Counter Fraud Agency etc.
| Examples of sharing could also be for any of the following: | ||
| Teaching Some medical files are needed to teach students about real or rare cases which allows students to understand and learn real scenarios before qualifying. | Medical Research You may be given information about research projects and asked to take part in a study or trial. If you do not consent to taking part, you will not be included in the study or trial. | |
| Legal Obligations Sometimes we are required to provide information to protect you and others in law. | NHS Planning We provide information to NHS governing bodies to aid with management, decision making and to ensure we are following the law. | |
How long do we keep your information and what happens to it?
The Records Management Code of Practice for Health and Social Care 2021 provides a framework for consistent and effective records management based on established standards.
It covers organisations working within, or under contract to, the NHS in England.
This is available on the internet and stipulates how we should manage, store, retain and dispose of these types of records.
Current retention and appraisal times are:
- Health records for a minimum of 8 years.
- Staff records until 75th birthday
- Occupational Health records until your 75th birthday
- Maternity records are kept for 25 years.
- Children’s records until their 25th birthday, or 26th birthday depending on if the patient was 17 when treatment ended.
| How are they reviewed? | As part of a record’s lifecycle records are reviewed yearly. A decision is made within this review for any record which has reached its retention timeframe. The options are whether it is to be destroyed, deleted, kept a little longer, or requires permanent preservation. Any decision to keep for longer or permanent preservation must have a documented justification and reasoning within the Trust. |
| What happens when information is no longer needed? | When information is deemed as no longer required after appraisal then it will be securely deleted or destroyed depending on whether it is an electronic or paper record. When information is deemed as requiring permanent preservation it is sent to a secure place of deposit such as a record storage location appointed by the Secretary of State. |
What are your rights on how we use your information?
- The Trust is only allowed to process your information if it has a legal basis to do so as outlined in the “lawful basis” section of this notice.
- Your rights will differ depending on the lawful basis the Trust is using to process your personal information.
- The Trust will always do its best to process your information in accordance with your wishes.
- Please be aware that any restrictions you request may have an impact on the level of care that we could provide.
Under data protection law, you have rights including:
| To ask for access to your information. | You have the right to ask us for copies of your personal information (known as a subject access request). |
| To ask for your information to be corrected if it is inaccurate or incomplete. | You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete |
| To ask for your information to be deleted or removed where there is no need for us to continue processing it. | You have the right to ask us to erase your personal information in certain circumstances. |
| To ask us to restrict the use of your information. | You have the right to ask us to restrict the processing of your personal information in certain circumstances. |
| To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information. | You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. |
| To object to how your information is used. | You have the right to object to the processing of your personal information in certain circumstances. |
| The right to withdraw consent where relevant. | Where the Trust is relying on your consent to use your information, then you have the right to withdraw that consent by contacting that person or department that obtained your consent. |
| You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. | |
National data opt-out
The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
You have a choice about whether you want your confidential information to be used in this way.
- If you are happy with this use of information you do not need to do anything.
- If you do choose to opt out your confidential information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters
- You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Gateshead Health Trust ‘is currently’ compliant with the national data opt-out policy.
How can you access your information?
You can request to see the information we hold about you or a copy of that information can be provided to you, this is called a “Subject Access Request” and includes corporate staff records.
All requests must be submitted to the Trust.
There is a form that can be used which asks for information to enable us to process your request and is available on the Trust website by searching “access to records” or you can contact the teams directly via:
Health Records
Patient Disclosure Team
Health Records Department,
Queen Elizabeth Hospital,
Sherriff Hill,
Gateshead
NE9 6SX
Monday- Friday
–
Staff Record
People and Organisational Development
Workforce Department,
Bensham Hospital,
Fontwell Drive,
Gateshead
NE8 4YL
Monday – Friday
–
Other useful Trust contact details
Patient Advice and Liaison Service (PALS)
A confidential service offering on-the-spot help and advice for patients, relatives, carers, and staff.
PALS Manager,
Gateshead Health NHS Foundation Trust,
Queen Elizabeth Hospital,
Sheriff Hill,
Gateshead NE9 6SX
Monday – Friday
–
Complaints
Work to resolve patients’ problems and help the Trust learn from patients’ experiences to improve services.
Chief Executive,
Gateshead Health NHS Foundation Trust,
Trust Headquarters,
Queen Elizabeth Hospital, Sheriff Hill,
Gateshead
NE9 6SX
Monday – Friday
–
The Information Commissioner’s contact details
If you have any concerns about how the Trust has or is using your personal information, you can raise a concern or complaint with the Data Protection Officer however the Information Commissioner’s Office (ICO) can be contacted if you are not content with the outcome of your confidentiality and data protection complaint or concern raised with the Trust.