Your information

Southern Health NHS Foundation Trust takes confidentiality and privacy issues very seriously. The Trust has to ask for personal confidential information in order to provided quality care and treatment. The Trust's Privacy Notice explains how information about you will be collected, processed, transferred and stored securely and legally. 

Who is responsible for your data?
If you wish to contact any of the below please email:

Mayura Deshpande.jpg

Dr Mayura Deshpande 
Clinical Director for Specialist Services
Caldicott Guardian (CG)
Telephone: 023 8031 0000


Heather Mitchell
Director of Strategy & Infrastructure Transformation Senior Information Risk Owner (SIRO) and Data Protection Officer (DPO)
Telephone: 023 8031 0000

Everyone has a right to access their health or personal data, this is known as a “Subject Access Request”. Access requests are processed under the Data Protection Act 2018  or Access to the Health Records Act 1990

Clinical Records

Your clinical records are an important part of your care and treatment. In most cases, the Trust will store your medical records electronically.

Electronic records mean that information about your care can be stored safely in one place, with no need to move paper records between our sites and services.

Most of our records are stored using a system called OpenRiO. Some services use different systems, such as CaMIS, eCaMIS, eDocs, eQuest and HICSS.  

Our staff may also access information that is included in the Care and Health Information Exchange (CHIE) and the NHS Summary Care Record. You will be asked for your consent to do this, and you can opt out if you choose.

Primary Care services

Southern Health NHS Foundation Trust runs two Primary Care (GP practices) services; The Willow Group in Gosport and Shakespeare Road Medical Practice in Basingstoke. If you are trying to access your records for these please contact the practice directly.

Further information

Our Records Team can provide further information and advice. Please contact them on 023 8087 4189 or via

You can also contact the Information Commissioner's Office (ICO).

Forms and policies 

Over recent years, there has been a growing perception that Information Governance is often cited as a reason not to share information, even when this is in the best interests of the patient or service user.

But as the nature of treatment and service delivery changes and there is an increasing emphasis on community care, health and social care organisations are becoming more inter-dependent and more reliant upon the sharing of information to provide services.

Information sharing can help to improve the quality of care and treatment, but it must be governed by the legal and ethical framework that protects the interests of patients. Without assurances of confidentiality, patients may be reluctant to provide the information needed for their treatment and care. Patients have a right to expect that information about them will be held in confidence and protected at all times against improper use and disclosure.

Patients have the right to know with whom information is going to be shared, and why.  They also have the right to request that information is not shared – and staff must record these decisions in the clinical record.   

Contact information 

Policies and procedures 

Further information 

In order to comply with article 30 of the UK General Data Protection Regulation (GDPR)
and UK Data Protection Act 2018, the Trust is required to publish a record of its processing activities
and to complete Data Protection Impact Assessments (DPIAs). 

DPIA is a process which helps assess privacy risks to individuals and identifies the legal basis
for the collection, use and disclosure of information, known as processing. 

All new projects, initiatives and processes that involve using or sharing personal information will require a completed Data Protection Impact Assessment  at the initial stages and prior to any procurement decision being made. All Data Protection Impact Assessments when completed will be submitted to the Data Protection Officer and/or the Information Governance Group for approval.    

Contact information 

Policies and procedures

Information Governance team 

The Information Assurance Team
Unit 3 Tidbury Farm
Bullington Cross
Sutton Scotney
Winchester SO21 3QQ

Telephone: 023 8231 1299

Records team

The Information Assurance Team
Sterne 4 - 6,
Tatchbury Mount 
Southampton SO40 2RZ

Telephone: 023 8087 4189 

Lymington Hospital (for all physical health records) telephone: 01590 663026

Accessibility tools

Return to header