Your health records
When you receive treatment or a service from our hospitals, we collect information about you.
We take your confidentiality and privacy rights seriously. Our duty is to keep your information safe and accurate.
This information explains:
- what information we collect and hold about you
- why we collect your information and how it helps you and other patients
- why we might need to share it with other organisations involved in your care
- ways you can manage your data
- how we collect and use your information
Information we collect
We collect and hold personal information about you when you use or come into contact with our services.
This normally includes your name, date of birth, NHS Number, contact details (such as address and telephone number), your religion, ethnic origin, and information about your health and the care that you have received.
This information may be held electronically (in our computer systems) or in paper form, depending on the services you have accessed.
To support the provision of your healthcare, we collect:
- basic details about you, such as your name, address, date of birth, next of kin and GP
- contact information such as telephone number (home or mobile) and email address, where you’ve provided for us to communicate with you by email and text
- a record of dates when we've had contact with you. For example, attendances at an outpatient clinic, a visit to the emergency department (A&E), or a stay in hospital
- clinical notes made by our doctors and other healthcare professionals during these contacts detailing presenting symptoms, allergies, medication, diagnosis and treatment, along with any chronic (long-lasting) health conditions, such as diabetes or asthma, and results of the clinical examination undertaken by doctors and other healthcare professionals
- results of investigations, like blood tests, X-rays and scans, and results of observations such as your heart rate and blood pressure
- photographs, images and videos
- information from other health professionals that have been involved in your care or that have asked us to be involved in your care, such as your GP
- lifestyle information that may be clinically relevant, such as whether or not you smoke or use illicit drugs. Information on your occupation and your home setting as this may be relevant to your medical condition
- your ethnicity, as this can be linked to certain medical conditions
- your religious beliefs, as this may affect how you wish to be treated in certain circumstances
- information from other people involved in your care, such as a relative or someone who helps to care for you
- personal data about other people who are involved in, or may have an impact on your health and social care, for example relatives, friends, people you live with, people who attend hospital with you and people who visit you in hospital
We always keep your information securely, and have strict rules about how it can be used.
Under the Data Protection Act 2018 we are required to keep your health records secure.
Every member of staff working for, or with the NHS, has an individual duty to keep your information confidential. We will only share it with other organisations in strict accordance with the law and where this will help us in providing high quality care.
We also do our best to keep it accurate and up to date, so we will often check it with you when you come to our hospitals or clinics. We try to keep information for your lifetime (or the longest time allowed by law) in order to give you continuity of care.
We expect all our partner organisations to apply the same strict security to your records as we do, and we make sure that those restrictions are in place before sharing any information. We only share your information in strict accordance with the law.
How long we keep your information
The length of time we keep your information depends on what sort of information it is.
We use the guidance provided in the Records Management Code of Practice for Health and Social Care 2016 to support our actions in relation to records management, including retention periods. The Code is based on current legal requirements and professional best practice. We keep our records for at least the minimum stated required retention period.
Giving us your information
We need information about you to support the provision of your healthcare. The information you provide to us helps us to understand any conditions that you may have.
If you do not want to provide us with information, or do not want us to share it, then that is your choice, but please be aware that this could seriously affect the care we are able to provide. In some cases we may not be able to treat you at all.
If you have concerns about telling us something or us sharing something about you (for example, if we want to refer you to another service), please talk to the healthcare professional in charge of your care, and hopefully we will be able to reassure you if you have any concerns.
How your information is used for your care
We aim to provide you with high-quality, safe care. We use your personal information to:
- arrange and provide you with the best possible care
- inform decisions that we make about your care
- make sure your treatment is safe and effective
- work effectively with others who may be involved in your care, such as your GP
Sometimes we use other organisations to help us do this, some of which are international, and we have strict contracts in place to protect your information.
Doctors and other healthcare professionals create and keep a detailed record of your clinical care to provide a continuous record about your past and current health, because this helps to guide and manage the care you receive. It lets us:
Your information may be used for clinical audit, where the team involved in your care will check the quality and results of the treatment provided. Your information may also be used to investigate incidents and complaints.
Using your data to improve our care
We may use information about you, and your healthcare, to improve the care that we provide to all patients.
For example, to help us to:
- review the care we have given to our patients, helping us to ensure that it is of the highest possible standard
- report on how effective our services are or have been
- investigate complaints, legal claims, and untoward incidents
- look after the health of the general public
- plan services to meet patient needs in the future
- improve patient care and outcomes by reviewing and monitoring using certain criteria, and identifying areas where improvements could be made
- ensure that funds allocated to our Trust are used properly and provide value for money
- educate and train healthcare professionals
- undertake research (the local research and development and if necessary the Human Research Authority will be asked to review research requests)
- prepare statistics on our performance
We also take part in national schemes which collect data from NHS organisations all over the country. The department where you are being treated will give you information about any local or national schemes for the type of care that you are receiving.
When information is shared outside the team that cared for you, we take out any details that would identify you, unless we have your permission or specific authority from the Secretary of State for Health or the Health Research Authority.
Legal ways we can use your data
Guy's and St Thomas' NHS Foundation Trust uses personal data as part of our official authority, and because it is necessary for providing care and treatment, and for managing our healthcare systems and services.
Sometimes, Guy’s and St Thomas’ may ask for your consent to use your data for other purposes. This will be made clear to you at the time, and is separate from any consent that may be required for certain types of treatment or other NHS services.
As providers of health or social care, treatment or the management of health or social care systems and services, we are allowed to process your information on the legal basis of GDPR articles 6 and article 9.
The Trust meets the legal requirements because it’s our job to provide healthcare and, depending on the activity, other legal bases may apply, for example:
- to support safeguarding children and vulnerable adults
- to carry out obligation as an employer
- to protect an individual's vital interests (protect someone's life)
- to support research
- to comply with a legal obligation
- image recording (not for direct healthcare), eg CCTV, BWV, ANPR
There may be instances where we ask for your consent to process your information if another legal basis does not apply. If this is the case you can expect that your consent will be sought.
You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection in the UK.