Your doctor, nurse or any other health and social care professional
needs to keep records on their interactions with you.
makes The Rotherham NHS Foundation Trust the Data Controller.
Our registered address is Moorgate Road, Rotherham,
The records may be written or held on computer systems and will include:
Your basic details, such as address
and next of kin contacts
Details about the treatment, care and
support that you need and receive
Results of investigations, such as
x-rays and laboratory tests
Relevant information from other
health and social care professionals, relatives or those who care for you and
know you well.
How your information is
Your information helps us to manage the care you receive to make sure
Everyone involved in your care has
accurate and up-to-date information to assess your needs and provide support
Full information is available should
you need to see another doctor or be referred to a specialist
There is information to help us
decide if you’re receiving the right type of care and support
Your concerns can be fully
investigated if you need to complain.
Please let us know if any of your information changes, particularly if
you move house. We can then make sure all correspondence is sent to the right
Why do we hold this
To look after the health of
individuals served by the Trust
To support the management and
financing of the care provided
To prepare statistics on performance and
review and plan services
To train and teach health and social
To audit our accounts and services
To investigate complaints, legal
claims or untoward incidents
To conduct research and development.
How do we keep your information
At Trust Board level, we have a Senior Information Risk Owner who is
accountable for the management of all information assets and any associated risks
and incidents and a Caldicott Guardian who is responsible for the management of
patient information and patient confidentiality.
We have a Data Protection Officer who ensures the Trust is accountable
and compliant with the Data Protection Act 2018 (GDPR).
The Data Protection Officer details are:
Our promise to you is that we are holding your information in strict
Everyone involved in your care has a legal duty to keep information
about you confidential and access to it is strictly controlled. We will make
sure that your right to confidentiality is upheld unless we have a legal duty
to release information or we have obtained your consent to do so.
We will pass on information about your health, diagnosis and treatment
to your GP. We may also pass on information to other individuals or
organisations involved in your care, including Social Services, to help in
arranging care for you following treatment in hospital. We only pass on
information about you if there is a genuine need to know or we have your
permission, and anyone who receives the information is also under a legal duty
to maintain confidentiality.
We will not give out your information to third parties except under
exceptional circumstances, such as when the health and safety of others is at
risk or where the law requires us to do so, for example infectious diseases
(e.g. measles or meningitis, but not HIV/AIDS).
We may be
required to share your information as part of our regular inspections by the
Care Quality Commission (CQC). To read their Privacy Notice, click here https://www.cqc.org.uk/about-us/our-policies/privacy-statement
To view the Trust's Policy For The Use And Protection of Patient Information click here.
Access to your records
The Data Protection Act 2018 (GDPR) allows you to find out what
information we hold about you. You can request informal access to your records
by speaking to the professional staff involved in your care. If you think some
of the information in your records is inaccurate you are entitled by law to ask
for it to be corrected.
In special circumstances the law allows us not to show you your
information if we consider it harmful to you, or another person’s physical
and/or mental wellbeing. For formal access to your records you must make a
request in writing to the contact below. For further information, please see
Medical Records Administration Team
The Rotherham NHS Foundation Trust
Telephone 01709 427299
Freedom of Information
As a patient you can have access to your records but you can also have
more information such as details of our performance, our spending and our
meetings. If you can’t find what you are looking for please ask the department
you have been dealing with or check our read our Freedom of
Information policy and advice. You can be assured
that other individuals will not be able to gain access to your confidential
records by making an FOI request.
Your right to withdraw
consent for us to share your personal information
You have the right to restrict how and with whom we share the personal
information in your records that identifies you. This must be noted explicitly
within your records in order that all healthcare professionals and staff
treating and involved with you are aware of your decision. By choosing this
option, it may make the provision of treatment or care more difficult or
unavailable. You can also change your mind at any time about a disclosure
the NHS and care services use your information
Whenever you use a health or care service, such as
attending Accident & Emergency or using Community Care services, important
information about you is collected in a patient record for that service.
Collecting this information helps to ensure you get the best possible care and
The information collected about you when you use
these services can also be used and provided to other organisations for
purposes beyond your individual care, for instance to help with:
improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
This may only take place when there is a clear legal
basis to use this information. All these uses help to provide better health and
care for you, your family and future generations. Confidential patient
information about your health and care is only used like this where
allowed by law.
Most of the time, anonymised data is used for
research and planning so that you cannot be identified in which case your
confidential patient information isn’t needed.
You have a choice about whether you want your
confidential patient information to be used in this way (National Data Opt Out).
If you are happy with this use of information you do not need to do anything.
If you do choose to opt out your confidential patient information will still be
used to support your individual care.
To find out more or to register your choice to opt
out, please visit www.nhs.uk/your-nhs-data-matters.
You can also find out more about how patient
information is used at:
(which covers how and why patient information is used, the safeguards and how
decisions are made).
You can change your mind about your choice at any
Data being used or shared for purposes beyond
individual care does not include your data being shared with insurance
companies or used for marketing purposes and data would only be used in this
way with your specific agreement.
Health and care organisations must now have systems and processes in place so they can be compliant with
the national data opt-out and apply your choice to any confidential patient
information they use or share for purposes beyond your individual care. Our
organisation is compliant with the National Data Opt-Out policy.
If you would like to know more about how we use your information or if
you have any concerns about how your information is used, please speak to the
professional staff involved in your care or the Caldicott Coordinator on
(01709) 427637. If you are not happy with their response, please contact our
Patient Services Team using the details on the right.
View our GDPR
Control of Patient Information (COPI) Notice
Covid-19 – Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002
The health and social care system is taking action to manage and mitigate the spread and impact of the current outbreak of Covid-19. Action to be taken will require the processing and sharing of confidential patient information amongst health organisations and other bodies engaged in disease surveillance for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure. This will remain in force until at least 30th September 2020.
NHSX National Covid-19 Chest Imaging Database (NCCID)
The National Covid-19 Chest Imaging Database (NCCID) is a joint initiative established by NHSX, the British Society of Thoracic Imaging (BSTI), Royal Surrey NHS Foundation Trust and Faculty to create a centralised UK database of chest X-ray, CT and MRI images in order to support a better understanding of the Covid-19 disease and develop technology that will enable the best care for patients who are hospitalised with a severe infection.
The Rotherham NHS Foundation Trust is taking part in this initiative as we believe this has the potential to enable faster patient assessment in A&E, save Radiologists’ time and increase the safety and consistency of Covid-19 care across the country.
The initiative is carried out in line with GDPR Article 6(1)(d) - The data processing is necessary in an emergency situation to protect the life or safety of any person. Covid Purpose supported by COPI Reg’s Notice to identify Chest X-ray or CT or MR Image for inclusion.
Attend Anywhere - Patient Video Consultation
The Rotherham NHS
Foundation Trust is committed to rolling out the web-based video consultation platform
called ‘Attend Anywhere’, for video consultations. This is in the context of
the coronavirus outbreak (Covid-19) and the Trust’s role as a category one
responder under the Civil Contingencies Act 2004. The Attend Anywhere platform has been used in Scotland since
2017 to provide patient consultations via video. The platform is being
successfully used in 18 NHS trusts in England as part of an ongoing video scale
up pilot run by the National Improvement team in NHS England and NHS