Everyone in the NHS has a legal duty to keep information about their patients confidential and secure. Alder Hey takes your confidentiality and data security very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) and any superseding Data Protection laws.
What do we collect?
For us to look after patients we must keep a record of their name, address, date of birth and family doctor.
We have to record information about the medical condition, related tests and treatment, drugs given or operations. We may record information about the illnesses of other family members, information from GPs, or other hospitals where treatment has been received.
The Data Protection Act
All personal information about patients is kept in the hospital case notes or on computer. The Data Protection Act requires all the information is kept safely and also gives all patients certain rights.
- Patients, or their guardians, have the right to see the information which we keep.
- All information is kept securely and only those who need it to help with treatment, have access to it.
- We only pass on the information about our patients if the other person has a genuine need to know or to protect your health.
- We only pass on the information which is needed and no more.
- You have the right to ask for us to correct incorrect data
- The Data Controller is Alder Hey Children’s NHS Foundation Trust.
Each type of record is held for a certain amount of time before it is recognised as no longer being needed and can be confidentially destroyed. National time periods are shown in the Records Management Code of Practice for Health and Social Care 2016’
Who might we share your information with?
We may have to share information with your GP, other hospitals, social services or schools. Our patients may need care from other organisations who will need information from us in order that they can plan the best treatment.
We have to share information within the NHS to ensure that treatment is properly funded and carried out. The information may not identify individual patients and is usually to help plan future needs of the NHS to check that we are performing satisfactorily, or that a type of treatment is effective.
We also carry out reviews ourselves to help improve investigation and treatment, this is called Clinical Audit.
Some conditions or infectious diseases are required to be added to national registers. Sometimes this does require a patients’ name but if this is the case, we will tell you.
We may be required to pass on information from which patients can be identified without the patient’s (or their guardian’s) permission. This may be for emergency treatment or for official Health Service statistics or if the law demands it.
We also need to share information with the Care Quality Commission who regulates healthcare providers. For more information click here on the link below:
We are a teaching hospital
Teaching and research are very important in the NHS and this hospital is a teaching hospital. We have a responsibility to the students’ universities and colleges to see that they are properly taught and supervised whilst they are with us.
- Our patients have the opportunity to refuse to have any students take part in their treatment.
- Part of the students’ training may involve reviewing some patient records and test results.
- If any of our students or staff involved in any research project would like to use information about individual patients, the patient or their guardian will be informed.
- Permission from the patient or their guardian will be asked for whenever it may be possible to identify any patient individually.
All students are fully aware that it is their duty to keep any information they use during their training confidential.
Some organisations process information for us
Some facilities at Alder Hey are operated in partnership with private contractors and information about our patients may be seen by their employees. Likewise, this may be the case as we are improving our systems and processes to provide greater efficiency and ultimately service users experience. These organistions are required to work to the same standards of confidentiality as all NHS employees, and we have agreements and contracts in place to ensure these standards are maintained.
You can request to opt out of sharing
You have the right to ask that we do not share your information. We may have a discussion with you with regard to the effect on patient care if information is not shared. We have a duty to share where we feel we need to for the wellbeing of patients and may still share the information.
National data opt-out programme
Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments.
In May 2018, strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.
By 2020 all health and care organisations are required to be compliant with the national data opt-out policy, where confidential patient information is used for research and planning purposes. NHS Digital and Public Health England are already compliant and are applying national data opt-outs.
You can choose whether your confidential patient information is used for research and planning. You can view or change your national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters.
If we have an incident or complaint
Sometimes we need to use patient information to help us investigate incidents, complaints or legal claims. If a patient is identified, they or their guardian will be informed.
Sharing information to assess compliance with standards
The Care Quality Commission (CQC) monitor, inspect and regulate NHS services to make sure they meet fundamental standards of quality and safety. The CQC currently inspect NHS hospitals at least once a year against a set of agreed standards.
As part of the CQC’s inspection, the inspectors may look at a small number of patient notes, incident forms and complaints. The aim is to ensure that these documents are managed in accordance with appropriate policies and procedures.
More information about the CQC and the inspection process can be found on the CQC website: www.cqc.org.u
Keeping your records up to date
Please help us to keep our information about you up to date by informing us if you change your address, GP or contact details.
How you can get access to your health record
Patients or their guardian(s) are entitled to apply for copies of their health records. You can do this by completing the form on the Trust website and writing to our Access to Health Records Department (ahc-tr.AccessToHealth@nhs.net) or at the address below.
Our Caldicott Guardian is responsible for ensuring information about you is used properly.
If you have any concerns about the use of your information or wish to opt out of your information being shared please write to: The Caldicott Guardian (at the address below) or by emailing :
This information can be made available in other languages and formats if requested.