This page describes how the Trust uses and manages the information it holds about its patients, service users, staff and public members. This includes how the information may be shared with other NHS organisations and with non-NHS organisations, and how the confidentiality of information is maintained.
DCHFT has signed the Information Commissioner's Office "Your Data Matters" pledge; we support individual's personal data rights and hope that you trust and are confident in our use of data. We value the data that has been entrusted to us.
The Trusts Data Protection Registration number is Z5007118.
This Privacy Notice is tiered to help you find the level of information you require:
Tier 1 – Overview of information held and shared
Tier 2 – Specifics of processing, retention and your rights
Tier 3 – Detailed information about the Data Protection Principles and DCHFT's lawful basis for processing
As part of the Trust's Data Protection and Confidentiality Policy, Data Protection Impact Assessments (DPIA's) are completed for any new systems, processes or data sharing to ensure that your information is processed lawfully, securely and using the minimum amount of data required to achieve the desired purposes.
Data Protection Impact Assessment Screening Questionnaire.pdf
Data Protection Impact Assessment Template - Full.pdf
The Trust has exempted publication of completed assessments for reasons of commercial sensitivity and to avoid creating a potential information security vulnerability resulting from publicising our information security processes. Please contact the Data Protection Officer should you wish to see a DPIA for a specific system or data flow, requests will be considers on an individual basis.
How the NHS and care services use your information for purposes beyond your individual care
Whenever you use a health or care service, such as attending Accident and Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
•improving the quality and standards of care provided;
•research into the development of new treatments;
•preventing illness and diseases;
· monitoring safety;
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn't needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
· see what is meant by confidential patient information;
· find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care;
· find out more about the benefits of sharing data;
· understand more about who uses the data;
· find out how your data is protected;
· be able to access the system to view, set or change your opt-out setting;
· find the contact telephone number if you want to know any more or to set/change your opt-out by phone;
· see the situations where the opt-out will not apply.
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research), and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.
Sharing of electronic Prescribing Medicines Administration (EPMA) data for COVID-19 response
To support the government response to coronavirus (COVID-19), we are sharing data on the medicines prescribed and administered to patients in hospital settings with NHS Digital.
The health and social care system is facing significant pressures due to the COVID-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak of COVID-19. In the current emergency it has become even more important to share health and care information across relevant organisations.
Our legal basis for sharing data with NHS Digital
NHS Digital has been legally directed to collect and analyse patient data to support the government's response to the COVID-19 pandemic. NHS Digital will become the controller under the General Data Protection Regulation 2016 (GDPR) for the personal data collected and analysed jointly with the Secretary of State for Health and Social Care under the COVID-19 Public Health Directions 2020.
Hospital trusts are legally required to share medicines and prescribing data with NHS Digital under the Health and Social Care Act 2012. More information about this requirement can be found in the Data Provision Notice issued by NHS Digital to hospital trusts.
Under the GDPR, our legal basis for sharing this personal data with NHS Digital is Article 6(1)(c) – legal obligation and our legal basis for sharing personal data relating to health (known as special category data) is Article 9(2)(g) – substantial public interest, for the purposes of NHS Digital exercising its statutory functions under the COVID-19 Public Health Directions 2020.
The type of personal data we are sharing with NHS Digital
The data shared with NHS Digital will include what medicines have been prescribed to patients in hospital settings, how and when the medicine was taken by the patient (administration), the reasons for prescribing if this is available (known as indications) and the patient's NHS number. Where available the data will indicate what stage of the patient's journey through the hospital the data relates to (admission, inpatient, discharge, outpatient).
Where the sharing of identifiable patient data is restricted by law, such as the Human Fertilisation and Embryology Act 1990 (as amended by the HFEA 2008) and The NHS Trusts and Primary Care Trusts (Sexually Transmitted Diseases) Directions 2000, this data will not be shared with NHS Digital.
How NHS Digital will use and share your data
NHS Digital will analyse the data they collect and securely and lawfully share the data with other appropriate organisations, including health and care organisations, bodies engaged in disease surveillance and research organisations for coronavirus response purposes only. These purposes includes using medicines prescribing and administrations data to support identification of patients who might be at higher risk of harm if they contract coronavirus, supporting research into medicines and severity of disease of COVID-19 positive patients including medicines that provide greater protection, or in turn may be linked to poorer outcome. Providing data on treatments prescribed for COVID-19 patients, and data to highlight patterns of prescribing before, during and after COVID-19.
NHS Digital has various legal powers to share data for purposes relating to the coronavirus response. It is also required to share data in certain circumstances set out in the COVID-19 Direction and to share confidential patient information to support the response under a legal notice issued to it by the Secretary of State under the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations).
Data which is shared by NHS Digital will be subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of data necessary to achieve the coronavirus purpose will be shared. Organisations using your data will also need to have a clear legal basis to do so and will enter into a data sharing agreement with NHS Digital. Information about the data that NHS Digital shares, including who with and for what purpose will be published in the NHS Digital data release register.
For more information about how NHS Digital will use your data please see the NHS Digital Coronavirus (COVID-19) Response Transparency Notice
National Data Opt-Out
The application of the National Data Opt-Out to information shared by NHS Digital will be considered on a case by case basis and may or may not apply depending on the specific purposes for which the data is to be used. This is because during this period of emergency, the National Data Opt-Out will not generally apply where data is used to support the coronavirus outbreak, due to the public interest and legal requirements to share information.
Your rights over your personal data
To read more about the health and care information NHS Digital collects, its legal basis for collecting this information and what choices and rights you have in relation to the processing by NHS Digital of your personal data, see:
Dorset County Hospital NHS Foundation Trust
Switchboard: 01305 251150
Patient Advice and Liaison
Situated North Wing Level 1, Main Entrance
Open Monday to Friday: 10am-12noon and 2pm-4pm
Data Protection Officer
Dorset County Hospital NHS Foundation Trust
We appreciate any feedback regarding our Privacy Notice and how easy it is to understand.
This Privacy Notice was last reviewed and updated June 2020.