Whenever you use a health or care service, such as attending Accident and Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. Your information will be held securely by the organisations that you need to see for care and treatment.
All personal data collected is processed in accordance with the requirements of the General Data Protection Regulation (GDPR) and associated data protection legislation.
Organisations you attend for your health and care will process data on behalf of patients, members of staff and any other living individual identified by manual or automated records.
All personal data collected is held and processed in accordance with the legal obligations placed on the organisations as a data controller by the GDPR. Data controllers are organisations who determine how and why personal data is processed. Under the GDPR, the data protection principles set out the main responsibilities for organisations.
Organisations included within the programme conform to the Data Protection Principles and ensures the personal data is collected fairly and processed lawfully. Processing includes obtaining, recording, holding, altering, retrieving, destroying or disclosing.
It is important that the information held about you is accurate. If you are aware of any inaccuracies in this information, please let a member of staff the organisation you are under the care of know. Data is only processed for legitimate purposes, is kept as accurate as possible and is only kept for only as long as is necessary. All reasonable steps to ensure your data is protected and not shared with anyone who does not have the right to access it.
In addition to the Data Protection Principles patient confidentiality is supported by compliance with the common law duty of confidentiality and the Caldicott Principles covering the use of personal information of patients.