This Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and who we may share your information with.
We also publish a number of specific notices, which will also be available on our website.
We are part of Cambridge University Hospitals NHS Foundation Trust (CUH)which is one of the largest and well known hospitals in the UK. We comprise of Addenbrooke's and the Rosie hospitals and offer general and specialist care with a proven reputation for its quality of care, information technology, clinical education and training and research.
We employ more than 11,000 staff.
We are registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z7637668.
Our staff caring for you need to collect and maintain information about your health, treatment and care, so that you can be given the best possible care. This personal information can be held in a variety of formats, including electronic information in our Electronic Patient Record, in other computer systems, in video and audio files and in paper format.
Any personal information we hold about you is processed for the purposes of ‘provision of health or social care or treatment or the management of health of social care systems and services under chapter 2, section 9 of the Data Protection Act 2018.
For further information on this legislation please visit: http://www.legislation.gov.uk/
Personal information about you is collected in a number of ways. This can be from referral details from your GP or another hospital, directly from you or your authorised representative.
We will likely hold the following basic personal information about you:
Your records are also identified by a hospital number, used only when in the hospital, and an NHS number, which can be used across the NHS.
In addition to the above, we may hold sensitive personal information about you which could include:
It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans in accordance with your needs.
Your records are used to directly, manage and deliver healthcare to you to ensure that:
The personal information we collect about you may also be used to:
Where possible, we will always look to anonymise/ pseudonymise your personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use/ share the minimum information necessary.
We may need to share relevant personal information with other NHS organisations. For example, we may share your information for healthcare purposes with health authorities such as NHS England, Public Health England, other NHS trusts, general practitioners (GPs), ambulance services, primary care agencies, etc. We will also share information with other parts of the NHS and those contracted to provide services to the NHS in order to support your healthcare needs.
We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services or private care homes. However, we will not disclose any health information to third parties without your explicit consent unless there are circumstances, such as when the health or safety of others is at risk or where current legislation permits or requires it.
There are occasions where the Trust is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
There may also be situations where we are under a duty to share your information, due to a legal requirement. This includes, but is not limited to, disclosure under a court order, sharing with the Care Quality Commission for inspection purposes, the Health & Safety Executive if you are involved in a reportable accident whilst on site, the police for the prevention or detection of crime or where there is an overriding public interest to prevent abuse or serious harm to others and other public bodies (e.g. HMRC for the misuse of public funds in order to prevent and detect fraud).
For any request to transfer your data internationally outside the UK/EU, we will make sure that an adequate level of protection is satisfied before the transfer.
The Trust is required to protect your personal information, inform you of how your personal information will be used, and allow you to decide if and how your personal information can be shared.
Personal information you provide to the Trust in confidence will only be used for the purposes explained to you and to which you have consented. Unless, there are exceptional circumstances, such as when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. Where there is cause to do this, the Trust will always do its best to notify you of this sharing.
UK National Research Ethics Committees often allow health researchers to use clinical information anonymously (without any personal information) for medical research where this does not require any additional contact with patients. Cambridge University Hospitals NHS Foundation Trust participates in research to benefit patient care, and so your information could be studied anonymously but only after approval by a National Research Ethics Committee. If your identifiable personal information(the information that identifies you) is to be used in research you will be asked for your consent. However, a specially appointed national body, the Confidentiality Advisory Group (CAG), may allow personal details to be used without consent in specific circumstances when the research is seen to be in the public interest.
Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.
We hold and process your information in accordance with the Data Protection Act 2018 (subject to Parliamentary approval) as amended by the GDPR 2016, as explained above. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.
We have a duty to:
The following staff groups may have access to the information we hold about you:
Use of Email - Some services in the Trust provide the option to communicate with patients via email. Please be aware that the Trust cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.
If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 gives you certain rights, including the right to:
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
Please contact the Information Governance Lead:
Information governance lead/Data Protection Officer
Cambridge Univeristy Hospitals NHS Foundation TrustBox 153
Or email firstname.lastname@example.org
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation. https://ico.org.uk/. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO at:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510