Charity

Privacy

Privacy Notice for Patients

How we use your information

This section explains how Stockport NHS Foundation Trust uses personal information, including health and care information, when you use our services or interact with us. It applies to patients, carers and members of the public.

Health and care information may be used across the NHS and wider health and care system for direct care, and (where permitted) for planning and approved research. National organisations may collect and use data from NHS providers and local authorities for these purposes, and access requests are subject to legal, governance and security controls.

Patient information is also used to:

  • plan and improve health services
  • research and develop cures for serious illnesses

Most of the time, information used for research and planning is anonymised, meaning it cannot identify you. This means we do not always need identifiable patient information.

Research bodies and organisations include:

  • university researchers
  • other hospital researchers
  • medical royal colleges
  • pharmaceutical companies researching new treatments
  • medical commercial companies

Manage your choice

You can manage your National Data Opt-Out choice using the NHS online service, or you can contact the Information Governance team at [email protected] for advice.

In some circumstances, you can also manage a choice on behalf of another person (for example, for a child or someone you have legal authority to act for). The national service explains when proxy access is available and what evidence is required.

To find out how health researchers use patient information, please visit the Health Research Authority website: Patient information and health and care research – Health Research Authority (hra.nhs.uk).

Any request to use information for research and planning is handled according to strict governance. Wherever possible, anonymised information is used. Where identifiable information is needed, we will only use or share it where the law allows and the appropriate approvals and safeguards are in place (for example ethics and research governance approvals and, where required, an appropriate confidentiality mechanism). Where we rely on your consent, we will explain what you are being asked to consent to and you can withdraw consent at any time.

Our Research, Development and Innovation Department can provide governance and regulatory advice for clinical research projects that take place in the Trust. For contact details please visit Research and Development – Stockport NHS Foundation Trust. Specific research projects requiring privacy notice sharing are also highlighted here.

What we collect

We collect and use information to provide healthcare and manage our services. Much of this information can identify a person. Some information (such as health and care information) is “special category” and is protected by stricter controls.

We may collect and use the following types of information:

  • Personal details (name, address, date of birth, NHS number, contact details)
  • Health and care information (symptoms, diagnoses, test results, treatment, medicines, allergies, care plans)
  • Appointments and referrals (attendance, clinic letters, discharge information)
  • Information from other organisations involved in your care (for example your GP or other NHS services)
  • Equality information (where provided)
  • Images/recordings where part of care, and CCTV where used for safety and security

Why we use information

We use information in two main ways: (1) to provide your individual care, and (2) (often using anonymised information) to plan and improve services and support approved research. We only use and share information where the law allows and with appropriate safeguards.

  • Providing and coordinating care (assessment, diagnosis, treatment, and sharing relevant information with professionals involved in your care)
  • Managing services (appointments, administration and communications)
  • Quality and safety (clinical audit, incident investigations, complaints, safeguarding and learning)
  • Legal and regulatory duties (where we must process or share information)
  • Planning and improving services (understanding demand, outcomes and safety)
  • Research (supporting approved studies to develop better treatments and care)

Identifiable and anonymised information

Some information we hold can identify you (for example your name, NHS number and details about your health, care or treatment). This type of information is confidential and is protected by strict controls. Where possible, information used for planning and research is anonymised, meaning it cannot identify you.

Who we may share information with

We may share relevant information where there is a lawful basis and appropriate safeguards—for example with organisations involved in your care, and (where permitted) for planning and approved research. Sharing is on a need-to-know basis and that minimum necessary information is shared.  Wherever possible, information used for planning and research is anonymised.

  • Other NHS organisations (including hospitals, GP practices and ambulance services)
  • Health and care partners (including social care and local authority partners)
  • Care homes, hospices, and voluntary sector partners where involved in care
  • Other organisations where required or permitted by law (for example police, courts, safeguarding)

We do not provide access to confidential patient information for marketing or insurance purposes or private companies unless you specifically request this. Where we use external suppliers to provide a service on our behalf (data processors), they must follow strict contractual and security requirements and can only use information for the agreed purpose.

Outpatient Clinic Reminder and Digital Letters / Friends & Family Feedback

The Trust sends reminders for outpatient appointments by SMS/text message or automated phone call to help reduce missed appointments.

We may also invite you to provide feedback on our services and your care and treatment.

The same system is used to send a digital copy of your appointment letters by SMS/text message. The message includes a unique 4-digit PIN and a secure link to your letter.

These services are provided by a third-party supplier, Healthcare Communications, under strict contractual arrangements. The processing is carried out under UK GDPR Article 6(1)(e) (public task). Where health and care information is processed, this is supported by UK GDPR Article 9(2)(h) (management of health or social care systems and services).

You will also be able to access appointment details and letters, which are currently available in our patient portal provided by Healthcare Communications, via the NHS app.

You do not have to use the NHS App to view your appointment letters. You can continue to access them through the portal. Your information will only be visible in the NHS App if you choose to connect the App to the portal (this is managed within the NHS App).

For more details on the NHS app please visit https://www.nhs.uk/nhs-app/

If you wish to opt out of either of these initiatives, please contact the appropriate department:

Outpatient Reminder services contact the Appointment Booking Centre on – 0161 419 1010

Friends & Family feedback please contact Patient Advice & Liaison Service (PALS on – 0161 419 5678

How we keep information secure

We protect personal information using appropriate technical and organisational measures. This includes access controls (so only staff with a legitimate need can access information), staff training, policies and procedures, auditing and monitoring, secure systems and secure methods for sharing information. Where we use suppliers to process information on our behalf, we ensure contracts include confidentiality, security and data protection requirements.

Anti-fraud and crime prevention

We may use information we hold to help prevent and detect fraud and crime and to protect public funds. Where lawful and necessary, we may share relevant information with organisations responsible for auditing or preventing and detecting fraud and crime.

How long we keep information

We are required to keep health records and other information for set periods in line with NHS guidance and the law. We follow the NHS Records Management Code of Practice and the Trust’s retention schedule to determine how long different record types must be kept. When retention periods end, information is securely disposed of or archived where appropriate.

Retention periods are set out in the NHS Records Management Code of Practice and cover both corporate records and patient information. The Trust uses this

guidance, alongside its retention schedule, to apply the correct retention period to different types of information.

For further information – https://www.gov.uk/government/publications/confidentiality-nhs-code-of-practice

Keeping your information up to date

If you believe that any part of the information we hold about you in your record is incorrect or inaccurate, you can apply to have this corrected. Once we have reviewed your request, if we agree that the information is inaccurate, we will correct it.  If we are not satisfied that the information is incorrect, a note will be made in your record of the information you consider to be inaccurate.  You will be given a copy of either the correction or the note.

If you wish to highlight potential inaccuracies, please email the Information Governance team at [email protected]