Protecting your personal information

Last updated: Tuesday 17 September 2024

Warrington and Halton Hospitals NHS Foundation Trust is registered with the Information Commissioner's Office to process personal and sensitive personal data under the UK Data Protection Act. The current Act sets new standards for protecting data in accordance with the General Data Protection Act (GDPR).

All our staff have a duty to ensure that personal information, given in confidence, remains confidential. The duty of confidence is reinforced in common law, statute, disciplinary codes and our contract of employment.

General Data Protection Regulation (GDPR) and your records

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. GDPR is designed to strengthen data protection law across the EU and will be effective in the UK regardless of the UK’s exit from the EU.

The General Data Protection Regulation provides a legal basis for the processing of general personal data and special category data under articles 6 and 9 respectively for healthcare provision.

Read an overview of GDPR

What are my rights under GDPR?

Visit the Information Commissioner's Office website for an overview of individual rights under GDPR.

How we use your personal information 

We aim to provide you with the highest quality care. To do this we must keep records about you and the care we provide for you. The General Data Protection Regulation provides a legal basis to process both personal and sensitive data for the provision of health care.

Health records are held on paper and electronically and we have a legal duty to keep these confidential.

Information collected about you to deliver your health care is also used to assist with:

  • making sure your care is of a high standard
  • assessing your condition against a set of risk criteria to ensure you are receiving the best possible care
  • preparing statistics on our performance for the Department of Health and Social Care and other regulatory bodies
  • helping train our staff and support research
  • supporting the funding of your care
  • reporting and investigation of complaints, claims and untoward incidents
  • reporting events to the relevant authorities when we are required to do so by law
  • using statistical information to look after the health and wellbeing of the general public and for planning services to meet the needs of the population
  • completion of the NHS patient survey programme

The Trust's Privacy Notice explains how we use your data.

Read the Data Security and Protection Toolkit assurance report.

The national data opt-out programme

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

You can view or change your national data opt-out choice any time, by visiting: www.nhs.uk/your-nhs-data-matters.

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).

Requesting copies of your personal information

If you wish to access your medical records please visit the Accessing your medical records page.

Employees and former employees requiring access to their personal information should email whh.dataprotection@nhs.net.

If you have any queries on the use of your information please speak to one of the following:

Should you wish to complain about the use of your information please contact our Complaints Team.

If you remain unsatisfied with the outcome of your enquiry you can write to:

The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephone them on 01625 545700.