skip to main content

Privacy Notice

Privacy Notice.png

Southern Health NHS Foundation Trust takes your, and your carers confidentiality and privacy rights very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) 2018.

There is a printable version of the Privacy Notice available to download.

We will  process your personal information fairly and lawfully by;

a) Only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights;

We do not rely on consent to use your information as a ‘legal basis for processing’.  We rely on specific provisions under Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller.’ 

This means we can use your personal information to provide you with your care without seeking your consent.  However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care.

b) Only collecting and using your information to provide you with your care and treatment and will not use it for anything else that is not considered by law to be for this purpose;

We would never share it for marketing or insurance purposes.

c) Only using enough of your personal information that will be relevant and necessary for us to carry out various tasks within the delivery of your care;

d) Keeping your information accurate and up to date when using it and if it is found to be wrong, we will make it right, where appropriate, as soon as we can;

e) Only keeping your information in a way that it will identify you for as long as we are legally required to, whilst ensuring your rights;

f) Having secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.

Health and social care professionals working with you – such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care – keep records about your health and any care and treatment you receive.  This may include:

  • Basic details such as name, address, date of birth, phone number, and email address  - where you have provided it to enable us to communicate with you by email

  • Your mobile contact number - we will use this to contact you, and to communicate with you via SMS text messaging, for your direct care only. If you do not want us to communicate with you in this way, you have the right to 'object' or to specify for which purpose we can use this.

  • Your next of kin and contact details

  • Information regarding your carer/s (which include friends and significant others) contact information

  • Notes and reports about your physical or mental health and any treatment, care or support you need and receive

  • Results of your tests and diagnosis

  • Relevant information from other professionals, relatives or those who care for you or know you well

  • Any contacts you have with us such as home visits or outpatient appointments

  • Information on medicines, side effects and allergies

  • Patient experience feedback and treatment outcome information you provide

Most of your records are electronic and are held on a computer system and secure IT network. New models of service delivery are being implemented, with closer working with GPs and other healthcare and social care providers.  To assist this, the use of other electronic patient record systems to share your information will be implemented.  You will be given the opportunity to say no and to opt-out of this sharing.  To do this, please speak to your GP or the team providing your treatment.                  

Your information is used to guide and record the care you receive and is vital in helping us to;

  • have all the information necessary for assessing your needs and for making decisions with you about your care

  • have details of  our contact with you, such as referrals and appointments and can see the services you have received

  • assess the quality of care we give you 

  • properly investigate if you and your family have  a concern or a complaint about your healthcare

Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:

  • Move to another area  
  • Need to use another service

  • See a different healthcare professional

Health and Social Care Professionals - Your information will be shared with the team who are caring for you and are providing treatment to you.

However, the NHS and other agencies, including social services and private healthcare organisations work together so we may need to share information about you, with other professionals and services involved in your care.

We do this in order to provide the most appropriate treatment and support for you, and your carers, or when the welfare of other people is involved.  We will only share your information in this way if we have your consent and it is considered necessary.

You have the right to refuse/withdraw your consent to information sharing at any time. Please discuss this with your relevant health care professional as this could have implications in how you receive further care, including delays in you receiving care.

However, a person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record with other agencies.  In these rare circumstances we are not required to have your consent. 

Examples of this are:

  • If there is a concern that you are putting yourself at risk of serious harm

  • If there is concern that you are putting another person at risk of serious harm

  • If there is concern that you are putting a child at risk of harm

  • If we have been instructed to do so by a Court

  • If the information is essential for the investigation of a serious crime

  • If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object

  • If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases


Care and Health Information Exchange (CHIE) formerly known as the Hampshire Health Record, is a local health and social care record which brings together information from participating Health and Care organisations i.e. GP practices, community providers, acute hospitals and social care providers.

From your patient record we share your name, address, contacts i.e. your next of kin, diagnosis, allergies and alerts as well as information about your appointments, care plans, immunisations, progress notes, assessments, inpatient events and referrals, with CHIE. If you do not want your information shared with CHIE, please discuss this with your healthcare professional.

NHS Patient Survey Programme (NPSP) is part of the government’s commitment to ensure patient feedback is used to inform the improvement and development of NHS services.  We may share your contact information with an NHS approved contractor to be used for the purpose of the NPSP.

The Trust also partakes in other national audit, for example; National Audit of Care at the End of Life.      

Further information  

You can find more about what personal information we share, to whom and for what purpose by clicking here.     If you need further information, you can email our Data Protection Officer.           

To help us monitor our performance, evaluate and develop the services we provide, it is necessary to review and share minimal information, for example with the NHS Clinical Commissioning Groups. The information we share would be anonymous so you cannot be identified and all access to and use of this information is strictly controlled. 

In order to ensure that we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports that are shared internally with in our Trust. 

NHS Digital, on behalf of NHS England assess the effectiveness of the care provided by publicly-funded services - we have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.

Most of the time, NHS Digital use anonymised data for planning. So your confidential patient information isn't always needed.

However, you do have a choice about whether you want your confidential patient information to be used.

To read further details about the wider use of your confidential patient information and to register your choice to opt out of it being used for the planning and improvement of health and care services in England, please visit If you are happy with the use of your information for planning and research purposes you do not need to do anything. However, you can change your choice at any time.

The Trust actively promotes research with a view to improving future care. Researchers can improve how physical and mental health can be treated and prevented.

As a data controller Southern Health rely upon

  • Article 6(1)(e) ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller’
  • Article 9(2)(j) ‘…scientific or historical research purposes’

as our lawful basis for processing your information under the General Data Protection Regulation and Data Protection Act 2018. This means we do not rely upon your consent for our Researchers to access information we have collected about you.

However, we do rely upon your consent for you to actively take part in a research study.

To enable you to have the opportunity to take part in local research with Southern Health you might receive a letter asking if you would like to receive further information about specific individual local research studies that might be relevant to your health.

We rely upon the following lawful basis for using your name and address (initially collected for your care) to do this:

  • Legitimate interests 6(1)(f) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

You have the right to ask us not to send any further communication about our local research.

Whilst actively taking part in a research study you would have the right to withdraw your consent at any point, however, you would not have the right to the information already collected as part of the research study to be erased.

We would never publish the outcome of our research studies in a way that would personally identify you.

Our Trust also uses an IT system known as UK CRIS (Clinical Record Interactive Search).  This system has a copy of your Southern Health clinical record in it and is used for research by approved researches. However, all personal identifiable information about you has been removed so you cannot be identified.

If you are happy for your personal confidential information to be used for both your individual care and treatment and research and planning, you do not need to do anything.

However, if you do not want your personal confidential information used for any research and planning you have the right to nationally object/Opt out to your information being used for research and planning by registering your choice via

If you do choose to opt out you can still consent to your data being used for specific individual research and or planning purposes.

For further details on how your information is used in research please visit the Health Research Authority - patient information, health and care research or you can contact our:  

Research and Development (R&D) Department  
Tom Rudd Unit

Moorgreen Hospital
West End
SO30 3JB

Telephone: 02380 475 373


Information about our current research studies and sponsor details can be found on our web page. 

We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.

This Trust is registered to the Information Commissioner’s Office; registration number Z8537183

All of the Information Systems used by our Trust are implemented with robust information security safeguards to protect the confidentiality, integrity and availability of your personal information. The security controls adopted by the Trust are influenced by a number of sources including the 10 National Data Guardian Standards and guidelines produced by NHS Digital and other Government standards.

This Trust is accredited to Industry Standard ISO27001 which is an internationally recognised information security framework; registration number IS 664113.

All employees and our partner organisations are legally bound to respect your confidentiality, all staff must comply with our security operating procedures. Any breach of these is treated seriously, and could result in disciplinary action, including dismissal.

If any of your personal information is to be processed overseas (i.e. outside the EU) a full risk assessment would be undertaken to ensure the security of the information.  

To find more information about how we keep your information safe  click here. If you need further information, you can email our Data Protection Officer.

All records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code).The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.

You have a right to see the information we hold about you, both on paper or electronic, except for information that: 

  • Has been provided about you by someone else if they haven’t given permission for you to see it

  • Relates to criminal offences

  • Is being used to detect or prevent crime

  • Could cause physical or mental harm to you or someone else

We may need to request proof of identity before we can formally respond to your request for your personal information. You can find out more about how to access your information by clicking here.     

If you wish to complete our Subject Access Request Form or send an email, please forward to the service where you receive your or alternatively send to:

Records Manager

Southern Health NHS Foundation Trust   
1 Sterne Road 
Tatchbury Mount  
SO40 2RZ


The team are available to assist you with your comments, concerns and complaints.  The team act independently of clinical teams to ensure your concerns are investigated and responded to in an effective and timely manner.  Contact details are:


Complaints and Patient Experience Team         
5 Sterne Road
Tatchbury Mount
SO40 2RZ

Telephone: 02380 874 065


To get further advice or report a concern directly to the UK’s independent authority you can do this by making contacting with:

Information Commissioner's Office                                                                                                                       

Wycliffe House                                                                                                                                           Water Lane                                                                                                                                                      Wilmslow                                                                                                                                                      Cheshire                                                                                                                                                    SK9 5AF 

Telephone: 0303 123 1113


The Data Controller 

Southern Health NHS Foundation Trust  

7 Sterne Road
Tatchbury Mount
SO40 2RZ

Telephone: 023 8087 4000

Caldicott Guardian

Dr Karl Marlowe                                                                                              
Southern Health NHS Foundation Trust
7 Sterne Road
Tatchbury Mount
SO40 2RZ      

Telephone:  02380 874 000 


Data Protection Officer

Heather Mitchell  
Southern Health NHS Foundation Trust 
7 Sterne Road
Tatchbury Mount
SO40 2RZ      

Telephone:  02380 874 000  


Freedom of Information Officer

Southern Health NHS Foundation Trust
6 Sterne Road
Tatchbury Mount                                                                                 
SO40 2RZ

Telephone: 02380 874 662 


Page Comments