Privacy

Under the data protection law we are legally required to explain how we use your personal information and your data protection rights.

Privacy notice (PN) for healthcare, employment and staffing services.

Being open with people about how the Trust uses their information is a key requirement under the UK General Data Protection Regulation (UK GDPR) and shows that we care about this information.

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

You can find more detailed information about how we use your information for the following specific purposes from the links in the below table:

PurposeGoal/AimMore information
ResearchAims to improve the quality of life for people living with chronic or terminal illnesses, ensuring that people can live the best quality life for the longest amount of time possible.Find out more on the Trust website.

Find out how health researchers use information.  
Health Information Exchange (HIE) also known as the Great North Care Record (GNCR)  Provides secure sharing of patient demographics, visits, appointments, laboratory results, including microbiology results, radiology and pathology reports to health professionals at the point of care.Find out why the Trust makes patient information available to frontline staff who are directly involved in a patient’s care.

Find out more about the Great North Care record here
Patient Engagement Portal  Provides patients with access to digital healthcare communications such as appointment details, letters, and clinical information which are currently available in our patient portal provided by Health Call via the NHS app.  The Trust’s Breast Services Clinic is piloting the new platform.

You can find more information on the My Health Call Patient Engagement Platform here.

For more details on the NHS app please visit https://www.nhs.uk/nhs-app/
Optimised Patient Tracking & Intelligent Choices Application (OPTICA)  Gateshead Health NHS Foundation Trust is taking part in the Improving Elective Care Co-ordination for Patients Programme which aims to support the better coordination of care for those patients who need treatment.   The Trust is using the OPTICA tool which works in the data area (Foundry) to help us deliver better care to patients who need support to be discharged from hospital.

Together, these aim to improve the delivery of treatment through better use of the information that the hospital holds, making sure the data is valid and accurate, and that the hospital can discharge their patients in a safer and more efficient way. This will improve the experience for patients and their carer’s.
Find out more about the OPTICA tool here.

Read more about the project here
Integrated Elective Care Co-Ordination for Patients Programme (IECCP)  Gateshead Health NHS Foundation Trust is taking part in the Improving Elective Care Co-ordination for Patients Programme which aims to support the better coordination of care for those patients who need treatment.

The aim is to improve the delivery of planned treatment through better use of the information that the Trust holds, making sure the data is valid and accurate, and that the Trust can use the information to improve on the waiting times for elective care.
Find out more on the NHS England Website

Read more about the plan here
How we use your information.

Trust main contact details.

Name: Gateshead Health NHS Foundation Trust

Address: Queen Elizabeth Hospital, Queen Elizabeth Avenue, Sheriff Hill, Gateshead, NE9 6SX 

General phone number: Switchboard 0191 482 0000 

Link to the general enquiry form

Website: Gateshead Health NHS Foundation Trust

We are the controller for your information. A controller decides on why and how information is used and shared.

Data Protection Officer contact details

Our Data Protection Officer is Dianne Ridsdale and is responsible for monitoring our compliance with data protection requirements.

You can contact them with queries or concerns relating to the use of your personal data at [email protected]

How do we get information and why do we have it?

The personal information we collect is provided directly from you for one of the following reasons: 

We also receive personal information about you indirectly from others, in the following scenarios:

  • from other health and care organisations involved in your care so that we can provide you with care
  • from family members or carers to support your care
  • from other organisations to support your employment and development.

What information do we collect?

Personal information is any information relating to a person that can be directly or indirectly identified from that information.   

This includes, but is not limited to: 

  • Name,  
  • Date of birth,  
  • Address 
  • Full postcode,  
  • Telephone numbers,  
  • Next of kin  
  • NHS number

We currently collect and use the following personal information:

  • personal identifiers and contacts (for example, name and contact details)
  • photographic identity (photo ID) (for example, photographs of staff for ID badges or our website)
  • image recordings through closed circuit television (CCTV) for prevention and detection of crime.
  • Financial information for employment or payment services (for example payroll, pension)

More sensitive information is any information which requires more protection than personal information. 

This includes, but is not limited to information such as:  

  • Medical history including details of appointments and contact with you,  
  • Medication,  
  • Emergency appointments and admissions,  
  • Clinical notes,  
  • Treatments,  
  • Results of investigations,  
  • Supportive care arrangements,  
  • Social care status,  
  • Race,  
  • Ethnic origin,  
  • Genetics  
  • Sexual orientation 
  • Biometrics  

We process the following more sensitive data (including special category data):

  • data concerning physical or mental health (for example, details about your appointments or diagnosis)
  • data revealing racial or ethnic origin.
  • data concerning a person’s sex life.
  • data concerning a person’s sexual orientation.
  • genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
  • biometric data (where used for identification purposes)
  • data revealing political opinions [unlikely to apply outside of employment conditions]
  • data revealing religious or philosophical beliefs.
  • data revealing trade union membership [unlikely to apply outside of employment conditions]
  • data relating to criminal or suspected criminal offences.

Who do we share information with?

We may share information with the following types of organisations:

  • third party data processors (such as IT system suppliers)
  • planners of health and care services (such as Integrated Care Boards)
  • General Practitioner’s (GP) 
  • Ambulance Services 
  • Local Authorities
  • Private sector providers who work with the Trust. 
  • Northumbria Healthcare NHS Foundation Trust (Payroll) 
  • Education establishments

In some circumstances we are legally obliged to share information. This includes:

  • when required by NHS England to develop national IT and data services.
  • when registering births and deaths
  • when reporting some infectious diseases (such as meningitis, measles)
  • when a court orders us to do so
  • where a public inquiry requires the information (such as Covid-19)
  • where there is a need for employment services (such as the Department of Work and Pensions (DWP) and HM Customs and Revenue (HMRC) 

We will also share information if the public good outweighs your right to confidentiality. This could include:

  • where a serious crime has been committed
  • where there are serious risks to the public or staff
  • to protect children or vulnerable adults

We may also process your information to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality.  These purposes comply with the law and public interest reasons.

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information must be one listed within Article 6.  The Trust uses the following:

(a) We have your consent – this must be freely given, specific, informed and unambiguous such as the use of website cookies.

(b) We have a contractual obligation – between a person and a service, such as a service user and privately funded care home.

(c) We have a legal obligation – the law requires us to do this, for example where NHS England or the courts use their powers to require the data. See this list for the most likely laws that apply when using and sharing information in health and care.

(e) We need it to perform a public task – a public body, such as an NHS organisation or Care Quality Commission (CQC) registered social care organisation, is required to undertake activities by law. See this list for the most likely laws that apply when using and sharing information in health and care.

(f) We have a legitimate interest – for example, a private care provider making attempts to resolve an outstanding debt for one of its service users.

Sensitive or special category data

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using sensitive information must be one listed within Article 9.  The Trust uses the following:

(b) We need it for employment, social security and social protection reasons (if authorised by law). See this list for the most likely laws that apply when using and sharing information in health and care.

(f) We need for a legal claim, or the courts require it.

(g) There is a substantial public interest (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(h) To provide and manage health or social care (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(i) To manage public health (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(j) For Archiving, research and statistics (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
  • we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
  • we have a legal requirement to collect, share and use the data.
  • for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case-by-case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service.

How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:

  • securely dispose of your information by shredding paper records or wiping hard drives to legal standards of destruction.
  • archive your information with an Archive Service where we have contracts in place.

What are your data protection rights?

Anyone the Trust has personal/sensitive information on, has rights to that information.

These rights apply in circumstances where relevant conditions are met and it may not always be possible for the Trust to meet a request, however if it’s your information you have a right to ask and start those conversations.

The Trust is only allowed to process your information if it has a legal basis to do so as outlined in the “lawful basis” section of this notice.  Your rights will differ depending on the lawful basis the Trust is using to process your personal information.

The lawful basis page of the ICO Guide to the UK GDPR has a useful table that shows the varying rights that apply depending on the lawful basis, however if it’s your information you have a right to ask and start those conversations.

The Trust does not need to seek your explicit consent for every instance of processing and sharing if the processing is carried out in accordance with this notice. Where the Trust is relying on people’s consent to use their information, then you have the right to withdraw that consent by contacting that person or department that obtained your consent.

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information (known as a subject access request).
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please click here to find more details, information and contacts if you wish to make a request.

National data opt-out.

  • we are applying the national data opt-out because we are using confidential patient information for planning or research purposes.
  • we are not applying the national data opt-out because we are not using confidential patient information for planning or research purposes.
  • we are not applying the national data opt-out because although we are using confidential patient information for planning and research, an agreed exemption applies

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified, and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

How do I complain?

If you have any concerns about how the Trust has or is using your personal information, you can raise a concern or complaint with the Data Protection Officer.

Address: Information Governance Team, Trust HQ, Queen Elizabeth Hospital, Sherriff Hill, Gateshead NE9 6SX  

Email: [email protected] 

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Privacy notice for children and young people

The Hospital keeps information about you to help look after you.

This includes things like your name, age, address, family, any treatment you are having or have had and anything else important for your care.

The Hospital keeps this information safe and only shows it to people that need to see it, for example your doctor.

Date of last review 13/09/2023