When you receive care from our services you will be asked to share information about yourself. This information is used to create records about your health, any treatment and care you receive from the NHS.  These records can then be used to ensure that you receive the best possible care now and in the future. 

Everyone working within the NHS has a legal duty to keep information about you confidential. This is called information governance.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when your own or the health and safety of others is at risk or where there is a lawful reason for this information to be disclosed.

Find out more about why we need your information and what we do with it

Your doctor and the team of health and social care professionals caring for you use the information you provide to create a record which may be stored in different mediums, e.g. paper format as a health record or electronic format held on the trust clinical information systems.

Your record may include:

  • Personal details such as your name, address, date of birth and
  • Your next-of-kin or legal representative
  • Any contact we have had with you, for example outpatient clinic visits or in-patient stays.
  • Details and records about your health, treatment and care
  • Results of x-rays, laboratory tests and any other tests
  • Relevant information from people who care for you and know you well, such as health professionals and relatives.

When you visit us please check that your personal details are up to date. We need this information to ensure that we can contact you when required and that we have your current GP’s address to make any necessary contact.  

The information in your records help your doctor, nurse or other health and social care professionals involved in your care to assess your health and treatment and to decide what care you need.  It also means that full information is available should you see another doctor, or be referred to a specialist or another part of the NHS

If you are unhappy with your care, having a record of what has taken place means your concerns can be properly investigated.

Your information may also be used to help us:

  • look after the health of the wider public
  • pay your GP, dentist and hospital for the care they provide
  • audit NHS accounts and services
  • investigate complaints, legal claims or untoward incidents
  • make sure our services can meet service user and carer needs in the future
  • prepare statistics on NHS performance
  • review the care we provide to ensure it is of the highest standard
  • teach and train health and social care professionals
  • conduct health research and development

Where we use your information to gather statistics we make sure that you cannot be identified from this information and individual patients cannot be identified.

We may also pass anonymous statistical information to organisations with a legitimate interest, including universities, community safety units and research institutions.

Personal identifiable information may be used for essential NHS purposes such as research and auditing services. This will only be done by obtaining your consent, unless the law requires information to be passed on to improve public health.

Everyone working within the NHS has a legal duty to keep information about you confidential. Anyone who receives information from us is also under a legal duty to keep it confidential.

You may be receiving care from other organisations as well as the NHS (like Social Services).  We may need to share some information about you so we can all work together for your benefit.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it.  We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires information to be passed on.

We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health and social care professional.  Occasions when we must pass on information include:

  • where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS)
  • where a formal court order has been issued

We may share information with:

  • Clinical Commissioning Groups
  • NHS Hospitals and clinics
  • General Practitioners (GPs)
  • Ambulance Services

Your information may also, subject to strict agreements, be shared with:

  • Social Services
  • Education Services
  • Local Authorities
  • Voluntary Sector Providers
  • Private Sector Providers
  • Police

General Data Protection and Regulation allows you to access information that is held about you, and you are able to either view or obtain copies of records held in electronic or paper format.

This is commonly known as a "right of subject access request".  It applies to all your health records held by the Trust.  If you want to review records you should make a request to your care team where you are being, or have been, treated.

You are entitled to receive a copy and in most cases, a charge will not be made.  You should also be aware that in certain circumstances your right to see some details in your health records may be limited in your own interest.

Information Governance ensures that one of the Trust's most important assets, information, in both clinical and management terms, is respected and held in secure and manageable conditions. Therefore it is of paramount importance that the Trust ensures that information is:

  • Held safely and confidentially
  • Obtained fairly and effectively
  • Recorded accurately and reliably
  • Used effectively and ethically
  • Shared appropriately and lawfully.

The Trust has put into place a range of appropriate policies, procedures and management arrangements to provide a robust framework for Information Governance to manage these aspects.

Our joint senior Information Risk Owner/ Information Governance Committee monitors the development of Policies and procedures to meet the current legislative framework.  There is a Data Security and Protection Toolkit which consists of a number of assertions relating to the management of Information which is monitored by the Trust making evidence available and making an annual submission to NHS Digital. The Trust submitted the annual return and evidence in March 2019 and was awarded “substantial assurance” by Mersey Internal Audit Agency when audited.

Membership of the Joint SIRO/ Information Governance Committee comprises of: the Medical Director as Caldicott Guardian, Senior Information Risk Owner, Chief Clinical Information Officer, Head of Information Governance, Senior Nurse Management Representative, Information Security Manager, Adverse Incident Manager and nominated representatives from Corporate and Clinical specialties. Membership is also seconded as and when specific issues arise.  The Committee meets bi-monthly and reports to the Executive Committee.

Data Security and Protection Toolkit

Data Security and Protection Toolkit Assurance 2019/20

Budget and Expenditure

For 2019/20 the annual budget has been set at £292,404, with expenditure being used for registration fees with the Information Commissioners Office declaring the categories of information held and the reason for processing. Funding is also used to fund 5 members of staff relating to Information Governance, provide bespoke training and development in respect of Information Governance, Data Protection Act, Confidentiality for staff, Freedom of Information Act, General Data Protection Regulation. 

The team also comprises of 2.8 wte Clinical Coders who are responsible for the translation of clinical diagnosis into the International Classification of Diseases statistical index.  This information is used to assist the Trust in planning new facilities and for monitoring key clinical conditions nationally and by the World Health Organisation.

Policies and Procedures

Please visit the Trust Policy and Procedure page and look at the Information Management Technology and Governance section.  

Current Policies are:

  • Information Governance Policy
  • Confidentiality & Data Sharing Policy
  • Corporate Records Policy
  • Data Protection Act Policy
  • Freedom of Information Act Policy
  • Health Records Policy
  • IM&T Security Policy
  • IT15 Clinical Coding Policy

Services

We provide the following:

  • Provision of professional advice, guidance relating to the Data Protection Act, Caldicott principles, Confidentiality and Data Sharing, Use and disclosure of personal data, Subject Access Requests, Police requests, Court directives, Safeguarding issues, general enquiries, mental health capacity, information governance general.
  • Development, implementation of Information Sharing Agreements
  • Development, implementation of Trust Information Governance policies
  • Corporate records management – professional advice & guidance on NHS Code of Practice for Records Management, Records Management standards.
  • NHS Code of Practice – Confidentiality, NHS Code of Practice Information Governance, NHS Digital – Confidentiality
  • Health Record Management – Professional advice and guidance in respect of health records management, standards, retention/destruction and transfer of records for deposit at public records office.

Our major ongoing projects during  2019/20 are: continued training relating to Information Governance, addressing the Corporate Lifecycle agenda by undertaking Corporate Records Management Audits, monitoring and review of data loss/data breach incidents, mitigation of risks associated with data loss/data breach, identification of information assets and identification and mapping of data flows. The Trust continues to ensure compliance against the Data Security and Protection Toolkit assertions, and implementation of the new Data Protection Act 2018 and General Data Protection Regulation (GDPR). 

Useful Information

Guide to confidentiality in health and social care
THE IG CODE BOOKLET
THE IG CODE INFORMATION
THE IG CODE EMAIL
Guide to Good Record Keeping