Your information and health records
Why do we collect information about you?
LPFT asks for personal information so we can make sure you are receiving the best care, information, advice, treatment and support that is right for you. To do this effectively, efficiently and safely, we must keep records about you, your health, and the care we have provided or plan to provide to you.
These records may include information such as:
- Your address, date of birth and emergency contact details.
- Equality and diversity data (for example, ethnicity, religion). We are legally obliged to collect this information so we and our commissioners can be sure that we provide our services fairly to anyone from any background or community who may need them.
- Notes and reports about your health, information about your treatment and care.
- Information from other people who are involved with your care, such as other health and social care professionals or relatives.
- Records on other contacts we have had with you, for example if you have contacted us with an enquiry, or have attended an event and agreed for us to send you our newsletters.
It is important that we hold accurate information about you and we rely upon you to inform us of any changes. The information about you and the services you receive will be recorded on our computer system. We scan paper letters and reports into this system so everything is in the same place.
The computer systems we use are secure and comply with Data Protection requirements and NHS standards of security. Your information cannot be accessed from outside our organisation without appropriate permissions.
As partnership working strengthens between such agencies to ensure best care, information about individuals and whole communities is increasingly being shared across disciplines and organisations.
This means that some of our records are held jointly with other statutory agencies, and other Health and Care agencies that may also be involved in your care such as Lincolnshire County Council and United Lincolnshire Hospitals NHS Trust; however this will be discussed with you by your healthcare team.
The Trust has to provide a legal basis for the processing of your information. The Trust is part of the NHS which has a public duty to care for its patients. Under the Data Protection Act the Trust may process information which is appropriate to provide the health and social care treatment to patients, as well as the management of health and social care systems and services.
If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us to not use your information in this way, however there might be times when we will still have to share your information; if this is the case we will discuss this with you.
Under the terms of the General Data Protection Regulations, we are required to notify you of the legal basis for processing the data we handle. The legal basis for processing your information will vary, depending on the purpose for which we will use it. The following table sets out the different legal basis for each purpose.
|Purpose of using personal data||Legal basis of processing||Special category of data|
|Provision of direct care and related administrative purposes. For example, e-referrals to hospitals or other care providers.||GDPR Article 6(1)(e) – the performance of a task carried out in the public interest.||GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.|
|For commissioning and healthcare planning purposes. For example the collection of mental health data set via NHS Digital.||GDPR Article 6(1)(c) – compliance with a legal obligation.||
GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.Special category 9(2)(i) – public interest in the area of public health
|For planning and running the NHS (other mandatory flow). For example, CQC powers to require information and records.||
GDPR Article 6(1)(c) – compliance with a legal obligation (the GP practice).Regulation 6(1)(e) – the performance of a task carried out in the public interest (CQC).
GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.Special category 9(2)(i) – public interest in the area of public health.
|For planning & running the NHS – national clinical audits.||GDPR Article 6(1)(e) – the performance of a task carried out in the public interest.||
GDPR Article 6(1)(f) – legitimate interests…except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject.
GDPR Article 6(1)(e) – the performance of a task carried out in the public interest.GDPR Article 6(1)(a) – explicit consent.
|GDPR Article 9(2)(j) – scientific or historical research purposes or statistical purposes.|
|For safeguarding or other legal duties.||
GDPR Article 6(1)(e) – the performance of a task carried out in the public interest.6(1)(c) – compliance with a legal obligation
|GDPR Article 9(2)(b) – purposes of carrying out the obligations of social protection law.|
|When you request that we share your information. Fo example, subject access requests.||GDPR Article 6(1)(a) – explicit consent||GDPR Article 9(1)(a) – explicit consent|
Schedule 1 Part 2 of the Data Protection Act 2018, provides the basis in UK law for the processing of criminal offence data that is gathered by the Trust for healthcare management purposes.
To manage our contractual obligations for the services we have been commissioned to deliver:
• Ensure that money is used properly to pay for the services it provides
• Investigate complaints, legal claims or important incidents
• Make sure that services offered give value for money
• Make sure services are planned to meet patients’ needs in the future
• Review the care given to make sure it is of the highest possible standard
• To improve the efficiency of healthcare services
Everyone working for the NHS has a duty to keep your information confidential and secure. Staff and contractors are required to respect their duty of confidentiality to you as part of their professional codes of conduct and by their contracts of employment. We keep paper and electronic records securely to prevent unauthorised access or misuse.
We are registered under the Data Protection Act 2018 and the General Data Protection Regulation and we are committed to protecting your privacy and to abide by statutory and good practice guidance regarding maintaining confidentiality and appropriate information security. To ensure each new regular use of information is legal, we undertake a Data Protection Impact Assessment (DPIA), which is a risk assessment recommended by the Information Commissioner’s Office (ICO), the regulator of the Data Protection Act 2018 and the General Data Protection Regulation 25th May 2018. These DPIA risk assessments are processed by the Trust’s Information Governance Team.
The NHS Care Record Guarantee sets out the rules that govern how patient information is used in the NHS and what controls patients can have over this. It covers:
- People’s access to their own records
- How access will be monitored and policed
- Access in an emergency
- What happens when someone cannot make decisions for themselves
Sharing information is strictly governed to protect your privacy rights in accordance with legislation and best practice. However from time to time there may be a need to share some, or all, of your information with other health care professionals, NHS organisations or other qualified health care providers so that we can work together to obtain the best possible care or treatment.
The Trust has an appointed Data Protection Officer who can be contacted for advice on information privacy matters. They can be contacted on:
- Telephone: 01529 222205
- Email: firstname.lastname@example.org
- By law, everyone working for or on behalf of the NHS or other qualified health care providers must respect your confidentiality and keep your information secure.
- We reassure you that the computer systems we use are subject to strict access controls and only staff who are involved in your care will have access to your records.
- We will always obtain your consent before sharing your information with other health professionals unless exempted by law.
- When we do share your information we will always endeavour to use the most secure method available where possible.
- The Trust has an appointed Caldicott Guardian who is a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. They play a key role in ensuring that the Trust has the highest practical standards for handling personal and sensitive information.
Health Records are used to assist with:
- Looking after the health of the general public – e.g. notifying central NHS groups of outbreaks of infectious diseases
- Reporting events to the appropriate authorities when we are required to do so by law – e.g. notification of births
- Paying your GP or hospital for the care you have received
- The audit of NHS accounts and clinical audit of the quality of services provided
- Reporting and investigation of complaints, claims and untoward incidents
- Service planning to ensure we meet the needs of our population in the future
- Preparing statistics on our performance for the Department of Health
- Reviewing our care to ensure that it is of the highest standard
- Teaching and training health care professionals
- Conducting health research and development
- Lincolnshire Partnership NHS Foundation Trust is a research-active Trust involved in developing future treatments and care. You might be asked to take part in a research study. If you are, the researcher will explain the study in detail to you, including why it is necessary and what it will involve. If you decide that you would like to be involved, you will be asked to sign a consent form. If you do not want to take part, this will not affect your treatment in any way.
Using your information for research
The NHS is a public authority. The NHS Constitution states that the NHS is required to conduct research. This is to improve the current and future health and care of the population. As an NHS organisation, we use personally-identifiable information to conduct research to improve health, care and services, we do this is accordance with HRA’s information and following approval by our research and development department.
As a publicly-funded organisation, we have to ensure that it is in the public interest when we use personally-identifiable information from people who have agreed to take part in a research. This means that when you agree to take part in a research study, we will use your data in the ways needed to conduct and analyse the research study. Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we already have obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.
Health and care research should serve the public interest, which means that we have to demonstrate that our research serves the interests of society as a whole. We do this by following the UK Policy Framework for Health and Social Care Research.
Commissioning for Quality and Innovation (CQUIN)
To help improve the quality of services, better outcomes for patients and ensuring the right treatment is being provided to patients, the Department of Health & Social Care has mandated Trusts to achieve certain standards – Commissioning for Quality and Innovation (CQUIN). To achieve these standards the Trust will work with other NHS organisations to share information relating to patients to provide them with the best possible care e.g. frequent A&E attenders.
You will always be informed when the Trust identifies a need to share your information with another organisation to provide you with the best possible care.
Questionnaires and surveys
To help ensure the Trust is meeting the needs and satisfaction of the community it serves, it will commission companies to run questionnaires or surveys on the Trust’s behalf, only the minimum information will be securely shared with these companies and these companies are bound by strict confidentiality clauses.
Seeking feedback from patients and service users
Our trust uses the Friends and Family Test (FFT) to seek feedback on our services. We will send messages to all patients that have attended an appointment, or been discharged, asking them for their overall feedback on their experience of the service. We also ask if they would recommend the trust service to their friends and family. The aim is to improve services where necessary and will be used by the trust to make information available about its services including the percentage score of those people who would recommend them. These messages are not direct marketing because we are seeking feedback on how to improve our care and services that a patient has received.
We will share your information with other organisations, to assist with giving you the best care possible. Where we share your information with these organisations, they are subject to strict information sharing protocols/agreements. Anyone who receives information from the Trust has a legal duty to keep it confidential and secure. Only information that is required and appropriate to support your care and treatment will be provided.
Strengthening the relationship between Lincolnshire Partnership NHS Foundation Trust (LPFT) and Lincolnshire County Council (LCC) for the reinforcement of the partnership arrangements in place under Section 75 of the NHS Act 2006 that enable greater integration between health and social care. This facilitates the safe delivery of services that are tailored to support the emotional wellbeing and mental health of adults in Lincolnshire. Lincolnshire Partnership NHS Trust staff for S.75 services will directly input into the Council’s patient information system.
Where we share your information with other organisations that do not form part of your care, permission from yourself will be sort before sending the information unless we have a legal obligation to provide the information or we have to because the interest of the public is thought to be of greater importance.
There are occasions where we have a legal duty to pass patient information to external organisations which operate to oversee and address issues relating to the management of the NHS as a whole. These include:
- Notification of infectious diseases including Food Poisoning are reported to Public Health England
- The Care Quality Commission which has the powers of inspection and entry into required documentation
- Investigations by regulators of professionals i.e. General Medical Council and the Nursing and Midwifery Council
- Coroners investigations into the circumstances of a death
- Reports of deaths, major injuries and accidents to the Health and Safety Executive
- The NHS Security Management Service collects information on reported security incidents (e.g. thefts of patient/staff property, assaults on NHS staff)
- NHS Counter Fraud Authority is responsible for policy and operational matters relating to the prevention, detection and investigation of fraud in the NHS
- For the management of NHS Prescription Services
- Information must be provided to the Police to help prevent an act of terrorism or prosecuting a terrorist (The Terrorism Act 2000 and Terrorism Prevention and Investigation Measure Act 2011)
- For the protection of a child or vulnerable adult for safeguarding purposes
- Report cases of Female Genital Mutilation
Lincolnshire Care Portal
In Lincolnshire NHS and social care services are working more closely together to better co-ordinate the delivery of care to people supported by local commissioners.
The Lincolnshire Care Portal is a programme which allows people to give health and care workers their consent to access their medical and care records during their treatment.
The people caring for you need to access information about your health and care record to make the best decisions about your diagnosis and treatment. By way of example this could include GPs, hospital-based clinicians, nurses, health visitors and social care workers.
To enable this to happen more quickly and to improve the care you receive, a new process has been put in place. This will allow your information to be viewed by different health and care organisations, using existing computer systems.
This new process does not share your record with third party organisations, but provides health and care workers, with your consent, access to view your information.
Information will only be accessed by health and care workers that have a legitimate relationship with you and they will only access the data required to support your care.
More information on the Lincolnshire Care Portal can be found here: https://lincolnshire.nhs.uk/together/care-portal
National Records Locator
The National Record Locator provides a service to health and care organisations which allows them to make patient records available to those that need them for the delivery of care to patients. The service works by providing a registry of pointers which shows a user that a patient record exists and where it is held. This service allows those delivering care in health settings, such as an authorised clinician or care worker, to access a patient’s record in real time and at the point of need. NHS Digital provides the service as the means to enable NHS organisations to share information.
You have the right to be confident that the Trust handles your personal information responsibly and in line with good practice. If you have a concern about the way we have handled your information, please tell us immediately using the contact details below so that we may deal with your concern and work with you to resolve it.
For example, contact us if you have concerns that we:
- have not kept your information secure.
- hold inaccurate information about you.
- disclosed information about you.
- kept information about you for longer than is necessary.
- collected information for one reason and used it for something else.
In the first instance, please contact us. However you also have the right to lodge a complaint with the Information Commissioners Office if you believe the Trust has breached your rights or we have not investigated your concerns fully.. Contact details can be found by visiting: https://ico.org.uk/make-a-complaint
Call the helpline on 0303 123 1113 – (local rate – calls to this number cost the same as calls to 01 or 02 numbers).
Live chat – https://ico.org.uk/global/contact-us/live-chat/
Or in writing to:
Information Commissioner’s Office
The National Data Guardian, Dame Fiona Caldicott, recommended a new opt-out model for data sharing in her Review of data security, consent and opt-outs in 2016. The aim is to allow patients to make an informed decision about how their personal data will be used. It is part of a vision to improve patients’ trust and confidence in how data is looked after by the health and social care system. The National Opt-out ties in with other work on data security and making sure data is only used for the benefit of people’s health and care.
NHS Digital introduced a new tool on 25 May 2018 that people can use to opt out of their confidential patient information being used for reasons other than their individual care and treatment.
Patients and the public who decide they do not want their personally identifiable data used for planning and research purposes will be able to:
- Set their national data opt-out choice online, or
- There will be a non-digital alternative for patients and the public who can’t or don’t want to use an online system.
- Individuals can change their mind anytime.
- Where patients have already registered with their GP, to prevent their identifiable data leaving NHS Digital, this will be converted to the new national data opt-out.
Patients can view or change their national data opt out choice at any time by using the online service at www.nhs.uk/your-nhs-data-mattersor by clicking on "Your Health" in the NHS App, and selecting "Choose if data from your health records is shared for research and planning".
The national data opt-out was introduced and all health and care organisations will be required to uphold patient and public choices by 30 September 2021.
For further details please go to: https://digital.nhs.uk/services/national-data-opt-out-programme
The Data Protection Act 2018 entitles you to access your health records. If you would like copies of your records they will be provided free of charge.
We have 30 days from when we receive your completed request and confirmation of identification to process and respond.
There are a number of ways you can request access to your records, these include:
- Send us a letter or email - please include your personal details i.e. name, date of birth and address, alongside what specific information you would like us to provide.
- Alternatively, you can complete an application form (available below):
We will also need proof of your identity, such as a photocopy of your passport, driving licence, birth certificate and a utility bill to confirm your address.
If you require any help completing a request or the application form, please call the access to records department:
- Telephone: 01529 222327 (office hours 9am and 5pm, Monday – Friday)
- Email: email@example.com
Completed forms or letters should be returned to:Records Management Team
Lincolnshire Partnership NHS Foundation Trust
Unit 9, The Point
For further documentation on how we look after your information and health records, follow the links below:
- How we use and share your information to help you leaflet (Trustwide leaflets folder)
- Records retention schedule
Accessible Information Standard
Please tell us if you have any communication needs relating to a disability or sensory loss. You may require information in large print, audio, Braille, easy read, or in an alternative language. If you prefer to have your correspondence in an alternative format or emailed, our teams can arrange this for you. Please let a member of the team know at your next appointment. Your healthcare worker will note this on your record so everyone in your care team is aware of your requirements.
Updated August 2021
Useful contactsRecords Management
Lincolnshire Partnership NHS Foundation Trust
Telephone: 01529 222327
Data Protection Officer: firstname.lastname@example.org
Caldicott Guardian: email@example.com
- Information Commisioner's Office
- HRA's information
- NHS national data opt out programme
- Records Management Code of Practice - NHSX (which details retention schedules for health and social care records)