When you receive care from our services you will be asked to share information about yourself. This information is used to create records about your health, any treatment and care you receive from the NHS. These records can then be used to ensure that you receive the best possible care now and in the future. 

Everyone working within the NHS has a legal duty to keep information about you confidential. This is called information governance.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when your own or the health and safety of others is at risk or where there is a lawful reason for this information to be disclosed.

Find out more about why we need your information and what we do with it.

Your doctor and the team of health and social care professionals caring for you use the information you provide to create a record which may be stored in different mediums, e.g. paper format as a health record or electronic format held on the trust clinical information systems.

Your record may include:

  • Personal details such as your name, address, and date of birth 
  • Your legal representative
  • Any contact we have had with you, for example outpatient clinic visits or in-patient stays
  • Details and records about your health, treatment and care
  • Results of x-rays, laboratory tests and any other tests
  • Relevant information from people who care for you and know you well, such as health professionals and relatives.

When you visit us please check that your personal details are up to date. We need this information to ensure that we can contact you when required and that we have your current GP’s address to make any necessary contact.  

The information in your records help your doctor, nurse or other health and social care professionals involved in your care to assess your health and treatment and to decide what care you need. It also means that full information is available should you see another doctor, or be referred to a specialist or another part of the NHS.

If you are unhappy with your care, having a record of what has taken place means your concerns can be properly investigated.

Your information may also be used to help us:

  • look after the health of the wider public
  • pay your GP, dentist and hospital for the care they provide
  • audit NHS accounts and services
  • investigate complaints, legal claims or untoward incidents
  • make sure our services can meet service user and carer needs in the future
  • prepare statistics on NHS performance
  • review the care we provide to ensure it is of the highest standard
  • teach and train health and social care professionals
  • conduct health research and development

Where we use your information to gather statistics we make sure that individual patients cannot be identified.

We may also pass anonymous statistical information to organisations with a legitimate interest, including universities, community safety units and research institutions.

Personal identifiable information may be used for essential NHS purposes such as research and auditing services. This will only be done by obtaining your consent, unless the law requires information to be passed on to improve public health.

Everyone working within the NHS has a legal duty to keep information about you confidential. Anyone who receives information from us is also under a legal duty to keep it confidential.

You may be receiving care from other organisations as well as the NHS (like Social Services). We may need to share some information about you so we can all work together for your benefit.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires information to be passed on.

We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health and social care professional. Occasions when we must pass on information include:

  • where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
  • where a formal court order has been issued

We may share information with:

  • Clinical Commissioning Groups
  • NHS Hospitals and clinics
  • General Practitioners (GPs)
  • Ambulance Services

Your information may also, subject to strict agreements, be shared with:

  • Social Services
  • Education Services
  • Local Authorities
  • Voluntary Sector Providers
  • Private Sector Providers
  • Police

You have a right to access information held about you by our Trust, including both paper and electronic records.

The Data Protection legislation allows individuals to view or obtain a copy of the personal information held about them. To access your personal records, a request can be made in writing or verbally – this is known as a Subject Access Request (SAR).
The Access to Health Records Act 1990 allows restricted access to care records of people who have died.


Informal access to your records

Our patients and staff can see the information recorded about them during or at the end of their treatment or upon them leaving the Trust.
This type of request can be arranged informally with a member or staff if it is a patient seeking access to their records, or between the member of staff and their line manager if it is a staff member.


Formal access to your records

If an individual requests hard copies such as photocopies and print-outs or an electronic copy of their records, then the request should be forwarded to the relevant divisional Subject Access Request (SAR) lead, for the area you received services from, who will follow the access to records process.

Under current Data Protection legislation, the statutory timescale for responding to a Subject Access Request (SAR) is within one month. If an individual has made a number of requests or their request is complex, we may need extra time to consider their request and we can take up to an extra two months to respond.


Individuals wishing to access their records should initially contact SAR@merseycare.nhs.uk

Applicants need to provide sufficient information to identify them (e.g. name, address, date of birth, etc.), details of the services they were under and the time period their request relates to and copies of proof of their identity sufficient to confirm their name, address and date of birth (e.g. utility bill, driving licence, etc.) and to correctly identify them in our records.


People have a right to have their records kept confidential and the Trust as record holders are obliged to be satisfied that an applicant is legitimate and entitled to access a specific person’s record. This is why we ask for proof of identity as part of the application process.

Information Governance (IG) is the framework for handling information in a secure and confidential manner that allows organisations and individuals to manage patient, personal and sensitive information legally, securely, efficiently and effectively in order to deliver the best possible healthcare and services.

IG applies to, and impacts on, everyone working for, or on behalf of, the NHS. Additionally, everyone working in the NHS has a legal duty to keep information about others secure and confidential.

IG is concerned with the standards that should apply when information is processed. Information processing has five broad aspects that encompass how information is obtained, recorded, held, used and shared. Therefore it is of paramount importance that the Trust ensures that all information is:

  • Held safely and confidentially
  • Obtained fairly and effectively
  • Recorded accurately and reliably
  • Used effectively and ethically
  • Shared appropriately and lawfully

It brings together all of the legal requirements, standards and best practice (including policies and procedures, management and reporting arrangements, processes and controls, and training) that apply to the handling of patient, personal and sensitive information, including but not limited to:

  • Access to Health Records Act
  • Caldicott Principles
  • Code of Practice on confidential information
  • Common Law Duty of Confidentiality
  • Computer Misuse Act
  • Confidentiality: NHS Code of Practice
  • Data Protection legislation - UK Data Protection Act 2018 and the UK General Data Protection Regulation 2016 (GDPR)
  • Data Security and Protection Toolkit (DSPT)
  • Freedom of Information Act
  • Information Security Management: NHS Code of Practice
  • Network and Information Systems (NIS) Regulations 2018
  • Records Management Code of Practice 2021.

The Trust collects, stores and uses large amounts of personal confidential data every day, such as care records, personnel records and computerised information. This data is used by many people in the course of their work. IG allows the Trust to demonstrate to the public that it takes its responsibilities to safeguard information seriously. It also aims to protect patient information and confidentiality, and to protect the Trust and its staff.

Information Governance policies are available via the Policy and Procedure page of the website within the Information Management, Technology and Governance section under Trust Wide Policies.