skip to main content
Southern Health NHS Foundation Trust Southern Health Covid-19 Service Changes

Privacy Notice

Southern Health NHS Foundation Trust takes yours, and your carer's confidentiality and privacy rights very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) 2018.

Your Information during the COVID-19 Outbreak; a public health emergency

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services, and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In this current emergency it has become even more important to share health and care information across relevant organisations.  
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and NHS Improvement; Arm’s Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak as well sharing with bodies engaged in disease surveillance for the purposes of protecting public health. This processing will be limited to the period of the outbreak unless there is another legal basis to use the information.
Whilst this emergency exists, information sharing ‘Opt-outs’ will not generally apply to the information used to support the outbreak, due to the public interest in sharing information. This includes National Data Opt-outs.  However, in relation to the Summary Care Record, your existing choices will be respected.  Where information is used and shared under these laws your right to have personal information erased won’t be applied either.
To ensure you receive appropriate care and treatment throughout this emergency we may need to share your information with additional healthcare and social care providers who may become part of your wider care team, including neighbouring GP practices, field hospitals and NHS 111.  We may also use your information to send public health messages to you, either by phone, text or email.
Information already collected by NHS England, NHS Improvement, Public Health England and NHS Digital from across the health and care system is being gathered, securely stored and processed in line with data protection legislation.

We will  process your personal information fairly and lawfully by;

a) Only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights;

We do not rely on consent to use your information as a ‘legal basis for processing’.  We rely on specific provisions under Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller.’ 

This means we can use your personal information to provide you with your care without seeking your consent.  However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care.

b) Only collecting and using your information to provide you with your care and treatment and will not use it for anything else that is not considered by law to be for this purpose;

We would never share it for marketing or insurance purposes.

c) Only using enough of your personal information that will be relevant and necessary for us to carry out various tasks within the delivery of your care;

d) Keeping your information accurate and up to date when using it and if it is found to be wrong, we will make it right, where appropriate, as soon as we can;

e) Only keeping your information in a way that it will identify you for as long as we are legally required to, whilst ensuring your rights;

f) Having secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.

Health and social care professionals working with you – such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care – keep records about your health and any care and treatment you receive.  This may include:

  • Basic details such as name, address, date of birth, phone number, and email address  - where you have provided it to enable us to communicate with you by email

  • Your mobile contact number - we will use this to contact you, and to communicate with you via SMS text messaging, for your direct care only. If you do not want us to communicate with you in this way, you have the right to 'object' or to specify for which purpose we can use this.

  • Your next of kin and contact details

  • Information regarding your carer/s (which include friends and significant others) contact information

  • Notes and reports about your physical or mental health and any treatment, care or support you need and receive

  • Results of your tests and diagnosis

  • Relevant information from other professionals, relatives or those who care for you or know you well

  • Any contacts you have with us such as home visits or outpatient appointments

  • Information on medicines, side effects and allergies

  • Patient experience feedback and treatment outcome information you provide

Most of your records are electronic and are held on a computer system and secure IT network. New models of service delivery are being implemented, with closer working with GPs and other healthcare and social care providers.  To assist this, the use of other electronic patient record systems to share your information will be implemented.  You will be given the opportunity to say no and to opt-out of this sharing.  To do this, please speak to your GP or the team providing your treatment.

To support the provision of environments that are safe and secure for patients, staff and visitors we use surveillance systems such as Closed Circuit Television systems (CCTV) across Trust sites.  All recordings are held locally within our network, with restricted access. Please refer to SH NCP 57 Policy for Surveillance and the use of Closed Circuit Television for further information.

Your information is used to guide and record the care you receive and is vital in helping us to;

  • have all the information necessary for assessing your needs and for making decisions with you about your care

  • have details of  our contact with you, such as referrals and appointments and can see the services you have received

  • assess the quality of care we give you 

  • properly investigate if you and your family have  a concern or a complaint about your healthcare

Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:

  • Move to another area  
  • Need to use another service

  • See a different healthcare professional

Health and Social Care Professionals - Your information will be shared with the team who are caring for you and are providing treatment to you.

However, the NHS and other agencies, including social services, Safeguarding Partnership, other partnerships as required and private healthcare organisations work together so we may need to share information about you, with other professionals and services involved in your care.

We do this in order to provide the most appropriate treatment and support for you, and your carers, or when the welfare of other people is involved.  We will only share your information in this way if we have your consent and it is considered necessary.

You have the right to refuse/withdraw your consent to information sharing at any time. Please discuss this with your relevant health care professional as this could have implications in how you receive further care, including delays in you receiving care.

However, a person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record with other agencies.  In these rare circumstances we are not required to have your consent. 

Examples of this are:

  • If there is a concern that you are putting yourself at risk of serious harm

  • If there is concern that you are putting another person at risk of serious harm

  • If there is concern that you are putting a child at risk of harm

  • If we have been instructed to do so by a Court

  • If the information is essential for the investigation of a serious crime

  • If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object

  • If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases


Care and Health Information Exchange (CHIE) formerly known as the Hampshire Health Record, is a local health and social care record which brings together information from participating Health and Care organisations i.e. GP practices, community providers, acute hospitals and social care providers.

From your patient record we share your name, address, contacts i.e. your next of kin, diagnosis, allergies and alerts as well as information about your appointments, care plans, immunisations, progress notes, assessments, inpatient events and referrals, with CHIE. If you do not want your information shared with CHIE, please discuss this with your healthcare professional.

NHS Patient Survey Programme (NPSP) is part of the government’s commitment to ensure patient feedback is used to inform the improvement and development of NHS services.  We may share your contact information with an NHS approved contractor to be used for the purpose of the NPSP.

The Trust also partakes in other national audit, for example; National Audit of Care at the End of Life.      

Further information  

You can find more about what personal information we share, to whom and for what purpose by clicking here.     If you need further information, you can email our Data Protection Officer.           

To help us monitor our performance, evaluate and develop the services we provide, it is necessary to review and share minimal information, for example with the NHS Clinical Commissioning Groups. The information we share would be anonymous so you cannot be identified and all access to and use of this information is strictly controlled. 

In order to ensure that we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports that are shared internally with in our Trust. 

NHS Digital, on behalf of NHS England assess the effectiveness of the care provided by publicly-funded services - we have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.

Most of the time, NHS Digital use anonymised data for planning. So your confidential patient information isn't always needed.

However, you do have a choice about whether you want your confidential patient information to be used.

To read further details about the wider use of your confidential patient information and to register your choice to opt out of it being used for the planning and improvement of health and care services in England, please visit If you are happy with the use of your information for planning and research purposes you do not need to do anything. However, you can change your choice at any time.

The Trust will honour your national choice to opt out of your confidential patient information being used for planning and research purposes where we are legally required to do so.             

The Trust actively promotes research with a view to improving future care. Researchers can improve how physical and mental health can be treated and prevented.

As a data controller Southern Health rely upon

  • Article 6(1)(e) ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller’
  • Article 9(2)(j) ‘…scientific or historical research purposes’

as our lawful basis for processing your information under the General Data Protection Regulation and Data Protection Act 2018. This means we do not rely upon your consent for our Researchers to access information we have collected about you.

However, we do rely upon your consent for you to actively take part in a research study.

To enable you to have the opportunity to take part in local research with Southern Health you might receive a letter asking if you would like to receive further information about specific individual local research studies that might be relevant to your health.      

You have the right to ask us not to send any further communication about our local research.

Whilst actively taking part in a research study you would have the right to withdraw your consent at any point, however, you would not have the right to the information already collected as part of the research study to be erased.

We would never publish the outcome of our research studies in a way that would personally identify you.

Our Trust also uses an IT system known as UK CRIS (Clinical Record Interactive Search).  This system has a copy of your Southern Health clinical record in it and is used for research by approved researches. However, all personal identifiable information about you has been removed so you cannot be identified.

If you are happy for your personal confidential information to be used for both your individual care and treatment and research and planning, you do not need to do anything.

However, if you do not want your personal confidential information used for any research and planning you have the right to nationally object/Opt out to your information being used for research and planning by registering your choice via

The Trust will honour your national choice to opt out of your confidential patient information being used for planning and research purposes where we are legally required to do so.

If you do choose to opt out you can still consent to your data being used for specific individual research and or planning purposes.

For further details on how your information is used in research please visit the Health Research Authority - patient information, health and care research or you can contact our:  

Research and Development (R&D) Department  
Tom Rudd Unit

Moorgreen Hospital
West End
SO30 3JB

Telephone: 02380 475 373


Information about our current research studies and sponsor details can be found on our web page. 

We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.

This Trust is registered to the Information Commissioner’s Office; registration number Z8537183

All of the Information Systems used by our Trust are implemented with robust information security safeguards to protect the confidentiality, integrity and availability of your personal information. The security controls adopted by the Trust are influenced by a number of sources including the 10 National Data Guardian Standards and guidelines produced by NHS Digital and other Government standards.

This Trust is accredited to Industry Standard ISO27001 which is an internationally recognised information security framework; registration number IS 664113.

All employees and our partner organisations are legally bound to respect your confidentiality, all staff must comply with our security operating procedures. Any breach of these is treated seriously, and could result in disciplinary action, including dismissal.

If any of your personal information is to be processed overseas (i.e. outside the EU) a full risk assessment would be undertaken to ensure the security of the information.  

To find more information about how we keep your information safe  click here. If you need further information, you can email our Data Protection Officer.

All records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code).The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.

You have a right to see the information we hold about you, both on paper or electronic, except for information that: 

  • Has been provided about you by someone else if they haven’t given permission for you to see it

  • Relates to criminal offences

  • Is being used to detect or prevent crime

  • Could cause physical or mental harm to you or someone else

We may need to request proof of identity before we can formally respond to your request for your personal information. You can find out more about how to access your information by clicking here.     

If you wish to complete our Subject Access Request Form or send an email, please forward to the service where you receive your or alternatively send to:

Records Manager

Southern Health NHS Foundation Trust   
1 Sterne Road 
Tatchbury Mount  
SO40 2RZ


The team are available to assist you with your comments, concerns and complaints.  The team act independently of clinical teams to ensure your concerns are investigated and responded to in an effective and timely manner.  Contact details are:


Complaints and Patient Experience Team         
5 Sterne Road
Tatchbury Mount
SO40 2RZ

Telephone: 02380 874 065


To get further advice or report a concern directly to the UK’s independent authority you can do this by making contacting with:

Information Commissioner's Office                                                                                                                       

Wycliffe House                                                                                                                                           Water Lane                                                                                                                                                      Wilmslow                                                                                                                                                      Cheshire                                                                                                                                                    SK9 5AF 

Telephone: 0303 123 1113


The Data Controller 

Southern Health NHS Foundation Trust  

7 Sterne Road
Tatchbury Mount
SO40 2RZ

Telephone: 023 8087 4000

Caldicott Guardian

Dr Mayura Deshpande                                                                                              
Southern Health NHS Foundation Trust
7 Sterne Road
Tatchbury Mount
SO40 2RZ      

Telephone:  02380 874 000 


Data Protection Officer

Heather Mitchell  
Southern Health NHS Foundation Trust 
7 Sterne Road
Tatchbury Mount
SO40 2RZ      

Telephone:  02380 874 000  


Freedom of Information Officer

Southern Health NHS Foundation Trust
6 Sterne Road
Tatchbury Mount                                                                                 
SO40 2RZ

Telephone: 02380 874 662 


Privacy Notice.png
There is a printable version of the Privacy Notice available to download.
Page Comments