Southern Health NHS Foundation Trust takes confidentiality and privacy issues very seriously. The Trust has to ask for personal confidential information in order to provided quality care and treatment. The Trust's Privacy Notice explains how information about you will be collected, processed, transferred and stored securely and legally.
Who is responsible for your data?
If you wish to contact any of the below please email: firstname.lastname@example.org
Dr Mayura Deshpande
Clinical Director for Specialist Services
Caldicott Guardian (CG)
Telephone: 023 8087 4000
Director of Strategy & Infrastructure Transformation Senior Information Risk Owner (SIRO) and Data Protection Officer (DPO)
Telephone: 023 8087 4000
Everyone has a right to access their health or personal data, this is known as a “Subject Access Request”. Access requests are processed under the Data Protection Act 2018 or Access to the Health Records Act 1990.
Southern Health NHS Foundation Trust remains committed to meeting its obligations under Data Protection Laws and Regulations
However, the NHS is facing unprecedented challenges relating to the coronavirus (COVID-19) pandemic at the current time. Understandably, our resources have been diverted to support our front-line colleagues who are working tremendously hard to provide care for our patients, and to those in need of our services.
We strive to be transparent and to work with an open culture. But at this time, whilst care of our patients and the safety of our staff takes precedent, it is likely that responses to some requests for information will be delayed. We apologise for this position in advance, and will endeavour to provide you with as much information as we can, as soon as we are able.
Please also note that due to current working guidelines we are likely to be unable to respond to any correspondence received via post. We are making every effort to do so, but this may cease as working circumstances change. We would therefore recommend that if you are able, you contact us with your request via email: email@example.com . Any messages left on the usual landlines will be picked up and answered.
The Information Commissioners Office has recognised the current situation in the NHS.
Your clinical records are an important part of your care and treatment. In most cases, the Trust will store your medical records electronically.
Electronic records mean that information about your care can be stored safely in one place, with no need to move paper records between our sites and services.
Most of our records are stored using a system called OpenRiO. Some services use different systems, such as CaMIS, eCaMIS, eDocs, eQuest and HICSS.
Our staff may also access information that is included in the Care and Health Information Exchange (CHIE) and the NHS Summary Care Record. You will be asked for your consent to do this, and you can opt out if you choose.
Our Records Team can provide further information and advice. Please contact them on 023 8087 4189 or via firstname.lastname@example.org
You can also contact the Information Commissioner's Office (ICO).
Forms and policies
Over recent years, there has been a growing perception that Information Governance is often cited as a reason not to share information, even when this is in the best interests of the patient or service user.
But as the nature of treatment and service delivery changes and there is an increasing emphasis on community care, health and social care organisations are becoming more inter-dependent and more reliant upon the sharing of information to provide services.
Information sharing can help to improve the quality of care and treatment, but it must be governed by the legal and ethical framework that protects the interests of patients. Without assurances of confidentiality, patients may be reluctant to provide the information needed for their treatment and care. Patients have a right to expect that information about them will be held in confidence and protected at all times against improper use and disclosure.
Patients have the right to know with whom information is going to be shared, and why. They also have the right to request that information is not shared – and staff must record these decisions in the clinical record.
Policies and procedures
In order to comply with article 30 of the UK General Data Protection Regulation (GDPR)
and UK Data Protection Act 2018, the Trust is required to publish a record of its processing activities
and to complete Data Protection Impact Assessments (DPIAs).
DPIA is a process which helps assess privacy risks to individuals and identifies the legal basis
for the collection, use and disclosure of information, known as processing.
All new projects, initiatives and processes that involve using or sharing personal information will require a completed Data Protection Impact Assessment at the initial stages and prior to any procurement decision being made. All Data Protection Impact Assessments when completed will be submitted to the Data Protection Officer and/or the Information Governance Group for approval.
Policies and procedures