How We Use Your Information

Using your personal data: the legal basis and purposes

We will use your personal data to direct, manage and deliver the care you receive to ensure that:

  • The doctors, nurses and other healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you
  • Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive
  • Appropriate information is available if you see another doctor, or are referred to a specialist or another part of the NHS

Your information will also be used to help us manage the NHS:

  • Review the care we provide to ensure it is of the highest standard and quality
  • Manage the health service and ensure our services can meet future patient needs
  • Ensure the Trust receives payment for the care you receive
  • Prepare statistics on NHS performance
  • Audit NHS accounts and services
  • Investigate patient queries, complaints and legal claims
  • Helping to train and educate healthcare professionals

For these purposes we use anonymous data wherever possible.

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e))and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

Your information may also be used to protect the health of the general public.

This data will be processed when it is necessary to comply with a legal obligation (UK GDPR Article 6(1)(c) and necessary for public health (UK GDPR Article 9(2)(j)).  Wherever possible we will use anonymous data.

Your information may also be used to ensure that adult and children’s safeguarding matters are managed appropriately.

This will only be when it is necessary to perform a public task (UK GDPR Article 6(1)(e)) and when it is necessary to carry out obligation under social protection law (UK GDPR Article 9(2)(b)).

Your information may also be used for health research and development (see below).

The legal basis for this processing is necessary to perform a public task (UK GDPR Article 6(1)(e)) and is necessary for scientific or historical research purpose (UK GDPR Article 9 (2)(j)).  However, we must also comply with our Common law duty of confidence and individual consent will be sought for participation in particular research projects. 

NHS Digital 

The Trust is required to share information with NHS Digital under Section 259(1) of the Health and Social Care Act 2012.

When we are required to provide data under this legislation, a Data Provision Notice is issued to the Trust.  This details information such as the purpose, benefits, data required, frequency and legal basis.  An example is the Mental Health Service Data Set.

For more information on how NHS Digital look after your health and care information, please click:

https://digital.nhs.uk/about-nhs-digital/our-work/keeping-patient-data-safe/how-we-look-after-your-health-and-care-information/

General Practice Data for Planning and Research (GPDPR)

Trust GP Practices will provide data to NHS Digital as part of the General Practice Data for Planning and Research (GPDPR) data collection.  this collection will support vital health and care planning and research.  For the latest information regarding the start date of this data collection please click here.

The data held in the GP medical records of patients is used every day to support health and care planning and research in England, helping to find better treatments and improve patient outcomes for everyone. NHS Digital has developed a new way to collect this data, called the General Practice Data for Planning and Research data collection.

The new data collection reduces burden on GP practices, allowing doctors and other staff to focus on patient care.  For further information, please see General Practice Data for Planning and Research: GP Practice Privacy Notice - NHS Digital

If you have already registered a Type 1 Opt-Out with your GP practice, your data will not be shared with NHS Digital.

If you wish to register a Type 1 Opt-out, please complete the following form and return it to your GP practice.

If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the following form and return it to your GP practice.

https://digital.nhs.uk/binaries/content/assets/website-assets/data-and-information/data-collections/general-practice-data-for-planning-and-research/type-1-opt-out-form.docx

Yorkshire and Humber Health Care Record

The Trust participates in the Yorkshire and Humber Health Care Record.  The Yorkshire & Humber Care Record is a shared system that allows Healthcare staff within the Humber, Coast and Vale Health and Social Care community to appropriately access the most up-to-date and correct information about patients, to deliver the best possible care.

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e))and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

The Yorkshire & Humber Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing.

If you would like any further information or would like to discuss this further, please contact the Yorkshire and Humber Care Record on 0113 206 4102. 

Yorkshire and Humber Care Record

SystmOne Information Sharing

Some Trust services use an electronic system called SystmOne.  SystmOne allows us to share your medical records with others providing you with care.  The system is set to automatically share your medical record to ensure that that those treating you have the most up to date information.   This may include district nurses, community services, child health, urgent care and out of hours services.  Please speak to the member of staff involved in your care if you would prefer your record not to be shared.  You are free to change your mind at any time.

For further information, please see Your electronic health record  patient information leaflet. 

Summary Care Record

The Summary Care Record (SCR) is a short summary of your GP medical records. All patients registered with a GP have a Summary Care Record, unless they have chosen not to have one.  The information held in your Summary Care Record gives health and care professionals access to information to provide you with safer care, reduces the risk of prescribing errors and improves your patient experience. 

Your SCR contains basic information about allergies and medications and reactions that you have had to medication in the past.

Some patients have previously agreed to have Additional Information shared as part of their Summary Care Record.  This includes information about significant medical history (past and present), reasons for medications, care plan information and immunisations.

During the coronavirus pandemic, your Summary Care Record will automatically have Additional Information included from your GP record unless you have previously told the NHS that you did not want this information to be shared.

Staff will ask your permission to view your SCR (except in an emergency where you are unconscious, for example) and only staff with the right levels of security clearance can access the system, so your information is secure.

The purpose of SCR is to improve the care that you receive, however if you do not want to have an SCR you can opt-out by informing your GP or completing a SCR consent preferences form and returning it to your GP practice.

For further information, please see Summary Care Records (SCR) - information for patients.

Risk Stratification

Trust GP practices use your information for the purposes of Risk Stratification. This is used to identify groups of patients who would benefit from some additional help from their GP or care team. The aim is to prevent ill health and possible future hospital stays, rather than wait for you to become sick.

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e))and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

This processing has Section 251 Approval (CAG 7-04(a)/2013) from the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority.

Our GP practices use the services of a health partner, North of England Commissioning Unit (NECS) to help with Risk Stratification.  NECS process personal confidential data on our behalf under a contractual agreement that requires the security and protection of information. 

Our GP practices can access identifiable information (NHS Number) to see which patients may benefit from additional help.

The Clinical Commissioning Group (CCG) and Public Health have access to de-identified information to help them plan the most appropriate health services for our local population.

If you do not want your information to be used for risk stratification, please speak to your practice manager. 

Electronic Palliative Care Co-ordination System (EPaCCS)

The Trust participates in the Electronic Palliative Care Co-ordination System (EPaCCS). EPaCCS enables the recording and sharing of a patient’s care preferences and key details about their care at the end-of-life. As it is electronic, it can easily be shared 24/7 between all of the clinicians and carers involved in the patient’s care across organisational and geographical boundaries.

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e)) and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

To find out more about EPaCCS and how it supports end-of-life care in Humber, Coast and Vale, please go to: https://humbercoastandvale.org.uk/how/digital-futures/#EPaCCS.

Please click here for the full privacy notice for EPaCCS.

If you have any queries, please contact: hnf-tr.yhcrhcv.carerecord@nhs.net 

Medicines Optimisation

Humber GP Practices work with the North of England Commissioning Support Unit (NECS) to review the prescribing of medicines to ensure that it is safe and cost-effective. This may require the use of identifiable information. 

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e))and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

In cases where identifiable data is required, this is done with Trust agreement. Patient records are viewed in the GP practice and may also be viewed remotely. 

There is a protocol that provides a framework for Medicines optimisation team (MO) members to access patient records for routine medicines optimisation operations.

The protocol is used in conjunction with:

  • NHS Confidentiality Policy (NHS England, 2014)
  • North Of England Commissioning Support (NECS) Standards of Business Conduct procedure
  • NECS Information Risk Policy
  • Relevant professional codes of conduct and ethical standards
  • NHS IG requirements should be adhered to at all times.

The staff groups that are covered by the protocol are:

  • Medicines Optimisation Pharmacists
  • Medicines Optimisation Technicians.

National Fraud Initiative

The Trust participates in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.  This is necessary to comply with a legal obligation (UK GDPR Article 6(1)(c)) and does not require consent under the data protection legislation. For further information, please see the full text fair processing notice

Call recording 

The Trust operates call recording on some telephone lines to Humber Teaching NHS Foundation Trust. Recordings are used for verification purposes, including:

• To support clinical practice
• To provide delivery of training
• To check the quality of the service provided
• For complaints and investigations

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e)) and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

Care Mail 

Care Mail is our initiative to help friends and family stay connected to someone who is an inpatient at one of our Trust locations during Covid-19.  It can also be used to send messages of support, thanks and encouragement to reach our amazing staff who are working so hard to deliver care to our communities.

Our legal basis for processing this information is the legitimate interests of the Trust (UK GDPR Article 6(1)(f)).

National Data Opt Out

Information may only be used for purposes beyond your care when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations.  Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters

You can find out more about how patient information is used for research at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can apply your national data opt-out choice. 

National Patient Survey Programme

The Trust participates in the NHS Patient Survey Programme.  The Programme is delivered by the Care Quality Commission (CQC) on behalf of NHS England, NHS Improvement and the Department of Health and Social Care. 

This means we will send out local surveys to ask you for your views on your recent healthcare experiences.  These surveys provide feedback to us on the standard of service and care you received, which will help us to deliver better services in the future.  Anonymised survey results are also used by the CQC to measure and monitor the Trust’s performance. 

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e))and necessary for the provision of health or social care systems and services (UK GDPR Article 9(2)(h)).  

More information on the NHS Patient survey Programme is available here