What is a Privacy Notice?
This is the Privacy Notice (also known as a 'Fair Processing Notice') for the University Hospitals of North Midlands NHS Trust (sometimes referred to as the 'Trust' or 'UHNM'), it describes what we do with the personal information we collect about you. It tells you:
- What information we collect about you
- Why we collect information about you
- How we use your information
- Who we may share your information with
- How long we store your information
UHNM is a data controller which means that the Trust decides the purposes for which any personal information is used.
We are the University Hospitals of North Midlands and we are the data controller. Our address for communications is:
Royal Stoke University Hospital
Tel: 01782 715444
We are registered to process personal and sensitive information under the Data Protection Act 2018 - our registration number is Z7476085
A Supplementary Privacy Notice has been drafted to cover the fair processing of data (including staff data in respect of COVID-19 testing) during COVID-19 and it can be found here.
- Consent – We would obtain freely given, specific and informed consent to process your personal data for some purposes
- Contract – The processing is necessary for a contract we have with an individual, for example a member of staff
- Legal Obligation – The processing is necessary for us to comply with the law
- Vital Interest – The processing is necessary to protect someone's life
- Public Task – The processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law
- If there is a safeguarding concern then data may be shared
- Article 6(1)(e) - processing is necessary for the purposes of a task carried out in the public interest or in the authority of official authority vested in the data controller
- Article 9(2)(h) – processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment
- Where the confidential patient information to be processed is required for a Covid-19 purpose and will be processed solely for that Covid-19 Purpose in accordance with Regulation 7 of COPI;
The Data Protection Act (2018) provides for a number of data subject rights in relation to the personal data we hold. As data subjects (both patients and staff) you have the right to:
- Access – You have the right to ask us for copies of the personal information we hold about you, details about how to do this are included in the section How to Access your Information.
- Rectification – You have the right to ask us to correct any information you think is inaccurate or incomplete, this is subject to certain safeguards however, for more information please click here
- Erasure – You have the right to ask us to erase your information in certain circumstances, for more information about this please click here
- Restrict processing – You have the right to limit the way the Trust uses your personal data if you are concerned about the accuracy of the data or how it is being used where appropriate, for more information please click here
- Object to processing – You have the right to object to the use of your information in some circumstances, for more information please click here
- Data portability – You have the right to ask that we transfer any electronic information you have given us to another organisation, or give it to you on certain occasions.
The Trust has appointed a Data Protection Officer who is responsible for information and advising UHNM on data protection regulations and national law. The Data Protection Officer can be contacted by:
The Trust undertakes Data Protection Impact Assessments (DPIA) on any projects which require the use of identifiable information.
These are available to view via the Freedom of Information process by contacting FOI@uhnm.nhs.uk
The Trust holds personal information on you in a variety of formats, including paper records, electronically, in video files and audio files. The personal information that the Trust may hold about you includes:
- Names, including preferred or maiden name
- Telephone number(s)
- Date of birth
- NHS number
- Email address
- Your next of kin contact details
- GP details
- Power of Attorney status
- Financial details, where we provide healthcare to private patients
- Visual images, personal appearance and behaviour, for example CCTV images, images captured from drones and body-worn cameras are used as part of building security
- Whether you are subject to any protection orders regarding your health, well-being and human rights (safeguarding status)
Further data that we may collect which is called special category data because this is more sensitive information:
- Healthcare records which includes:
- Notes and reports about treatments and care
- Details regarding any contact we have had through appointments, telephone calls and home visits
- Details regarding medical conditions (physical and mental health)
- Results of investigations, for example x-rays and laboratory tests
- Future / current care needs
- Details regarding agencies, healthcare professionals and relatives involved in your care
- Racial or Ethnic origin
- Sexual orientation
- Genetic and biometric information
- Sex life information
Information we hold and process for staff, volunteers, job applicants and others:
- Employee details, job applicants, apprentices, complainants, enquirers, survey respondents, suppliers, professional experts, consultants, people captured in closed circuit television images
- Information is also held on job applicants for the purposes of processing their application and ensuring equality and patient safety
- Information on staff, volunteers and apprentices may be shared with third parties that provide services to the trust and in order to comply with statutory requirements and to facilitate the running of the Trust.
- Staff, Volunteers and apprentices need to be aware however that their information will be processed as part of their contract / agreement with the Trust. This will be fully explained to you by The Human Resources team and / or your manager.
- Staff, volunteers and job applicants should contact the Trust Human Resources department for further information on how their information is processed.
In order for us to give you the best possible care we collect personal and confidential information, this can come from your GP, referrals, healthcare professionals involved in your care and yourself. Your information may be used to:
- Provide healthcare services and treatment
- Provide chaplaincy and pastoral care services
- Ensure that money is used properly to pay for the services it provides
- Investigate complaints, legal claims or important incidents
- Make sure services are planned to meet patients' needs in the future
- Review the care given to make sure it is of highest possible standard
- To manage specialised services
- To improve the efficiency of our healthcare services by sharing information with other organisations (sometimes non-NHS/Social care) such as Age UK, Revival and/or Vast, for example, for a specific, justified purpose which is approved by UHNM's Caldicott Guardian
- Check and report to our regulators on how well we are performing
- Patient survey's for service improvements
- Research (consent will always be sought to use your data for this purpose)
- To manage service workload by e-mailing appointment reminders for example (where we have been provided with an e-mail address)
If you apply for a job or are employed with the Trust we will collect your personal information.
Your health records may be held in both paper and / or electronic format; we will keep your health records for specified periods of time, in accordance with the Records Management Code of Practice for Health and Social Care 2016.
Although there are exceptions and certain conditions affecting the length of time we will keep a health record, in general however, this means that we will keep an adult health record for 8 years after the last entry; we will keep a child's health record until the child reaches 26 years of age.
- Disclosure to the Police for the prevention and detection of crime
- Prevention and detection of fraud
- Disclosure under a Court Order
- Disclosure & Barring Service – for employment/recruitment purposes
- In the public interest to prevent abuse or serious harm to others
- Our obligation under a Duty of Contract with:
- Clinical Commissioning Groups
- NHS Digital
- Public Health England
- Care Quality Commission
- Third parties contracted via NHS England
- Other Commissioning Support Providers
Under the Data Protection Act 2018 and General Data Protection Regulation one of your rights is that you can make a request for a copy of all or a specific piece of information the Trust holds about you, how and why we process your information and who we share your information with.
For Data held in your health record
For data held in your health record you will need to make a formal request to the Health Records team, more information can be found on the Health Records page. For further information please see Access to Health Records Leaflet.pdf
The team can be contacted at the following email address:
For Data held in your staff record
For your staff record you need to make your request to your Line Manager or contact the HR Department
For Data not in held in your health or staff record
Quite often, patients and staff members request personal data information (such as e-mails held on the Trust servers) which do not form part of your health or staff record, for example, where this request is made as part of a Complaint or a general Subject Access request, the relevant team will liaise with the Information Security team. Alternatively, a request can be made direct through the personal data request process by emailing PDR@UHNM.nhs.uk
Cheshire, SK9 5AF
Telephone: 0303 123 1113
Changes to this Privacy Notice
We will keep this privacy notice under regular review. This notice was last updated on October 2019.
How the NHS and care services use your information
University Hospitals of North Midlands (UHNM) is one of many organisations working in the health and care system to improve care for patients and the public).
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn't needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.
UHNM is working collaboratively with other partners in the region (GP Practices, Local Authorities, other Hospital Trusts (Acute, Community and Mental Health) as well as Commissioning Groups to create an integrated care record.
This will be a central repository of information that each organisation can access (for their own patients only) so that clinicians will have a complete picture of a patients' needs, medications etc.
More information on this initiative (which will be launched shortly) can be found by accessing the One Health and Care website by clicking the link on the right hand side of this page
In some circumstances it may be necessary to transfer your personal information overseas. If this is required, information will only be shared within the European Economic Area (EEA) unless additional safeguards have been put in place to protect your information.
Any transfers that do take place will be made in full compliance with all aspects of Data Protection legislation and if this is to happen then you will be informed by the Trust beforehand.
The Trust makes use of CCTV systems, including body worn cameras and images captured from drones which are used as part of our building security for crime prevention in line with the Information Commissioners CCTV code of practice. You have a right of access if you wish to request your data captured on CCTV.
If you have any questions about our privacy notice or information we hold about you please contact our Information Governance Team :
If you would like to make a complaint about how your information is being used you can discuss your concerns with our Patient Advice and Liaison Service (PALS) (Email: email@example.com) or you can contact our complaints department (Email firstname.lastname@example.org)
The PALS offices are located at;
At Royal Stoke the PALS office is situated inside the main building entrance, which is open 9:00am to 4:00pm Monday to Friday (excluding bank holidays).
At County Hospital the PALS office is situated inside the main entrance which is open 9:00am to 5:00pm Monday to Friday (excluding bank holidays).
The contact information for both office is below;
Royal Stoke Hospital Telephone: 01782 676450 / 01782 676455 / 676435
County Hospital Telephone: 08000 407060 / 08000 721 646
If you want to contact us in writing please use the below address;
Chief Executive OR Chief Nurse
University Hospitals of North Midlands
Royal Stoke University Hospital
For further information please see the complaints leaflet.
The University Hospitals of North Midlands Trust is committed to the Freedom of Information Act 2000.
However, the NHS is facing unprecedented challenges relating to the coronavirus (COVID-19) pandemic at the current time. Understandably, our resources have been diverted to support our front-line colleagues who are working tremendously hard to provide care for our patients, and to those in need of our services.
We strive to be transparent and to work with an open culture. However, at this time whilst care of our patients and the safety of our staff takes precedent, it is likely that responses to some requests for information will be delayed. We apologise for this position in advance and will endeavour to provide you with as much information as we can, as soon as we are able.
The Information Commissioner's Office has recognised the current situation in the NHS.
The Trust will often engage with other organisations on projects which may involve sharing patient data. Such sharing is always undertaken in a lawful way, according to the Data Protection Act (2018). We include below links to the projects currently approved:
One Health & Care (an Integrated Care Record) - https://www.twbstaffsandstoke.org.uk/about-us/our-work/one-health-and-care
Team Prevent (for staff Occupational Health) - https://www.teamprevent.co.uk/storage/user/Privacy_Statement_TEAM_PREVENT.pdf
COVID-19 – Supplementary Privacy Notice - http://www.uhnm.nhs.uk/media/3369/supplementary-privacy-note-on-covid-19-for-patients.docx
Keele University - https://www.keele.ac.uk/privacynotices/privacynotice-students/
The Trust uses a number of different methods to communicate with our patients. Usually we will write to you, however there may be occasions when we use alternative methods. This could be for a variety of reasons including the need to make contact swiftly (for example if a clinic appointment needs to be re-scheduled). We may use a text message, we may telephone you, we may send an e-mail or, on occasions, we may contact you by video conferencing.
All of these different ways of making contact have been reviewed by the Data Security & Protection team and the Trust can assure our patients that we only use the most secure methods and will make patients aware of the method being used before making contact.
If you have any questions about how we contact our patients, please contact that Data Security & Protection Team (DSPUHNM@uhnm.nhs.uk)
Your duty to inform us of changes
It is important that you keep us updated of any changes to your personal information to ensure that all the information we hold is accurate and current.