We aim to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you. Health Records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection Laws.
Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold on to any third parties. Your information is not routinely processed overseas and if it is we undertake to inform you.
Sometimes your care may be provided by members of a care team, which may include people from other organisations such as health, social care, education or other care organisations.
Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.
Information collected about you to deliver your health care is also used to assist with:
The legal basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients. The NHS is guided by the Department of Health and Data Protection law which says it is appropriate to process data for health and social care treatment of patients and for the management of health or social care systems and services.
If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below.
Oxleas NHS Foundation Trust, as Data Controller, will not share your data with anyone without your explicit consent, unless the law permits us to do so.
We share data only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller under the Data Protection Act 2018. Our data processors are outlined below:
Data Processor - Microsoft Azure
Microsoft Azure is a cloud computing service created by Microsoft for managing applications and services. We use Azure to manage Oxcare and store its contents. Microsoft only stored data within the UK
Data Protection laws gives individuals rights in respect of the personal information that we hold about you. These are:
1. To be informed why, where and how we use your information.
2. To ask for access to your information (see page 4).
3. To ask for information to be corrected if inaccurate or incomplete.
4. To ask for your information to be deleted or removed where there is no need for us to continue processing it.
5. To ask us to restrict the use of your information.
6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
7. To object to how your information is used.
8. To challenge any decisions made without human intervention (automated decision making).
To request copies of your personal information, please contact the health records team at the Trust site where you are receiving treatment.
For more information please contact us at: email@example.com
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.