Privacy Notice: Your information, your rights

The Walton Centre NHS Foundation Trust (the Trust) is the only specialist hospital trust in the UK dedicated to providing comprehensive neurology, neurosurgery, spinal and pain management services.

For legal purposes, we must inform you that the Trust is the Data Controller processing your personal data, and is registered with the Information Commissioner's Office (Registration Number Z6052598).

 

Our name, address and contact details are:

The Walton Centre NHS Foundation Trust

Lower Lane

Fazakerley

Liverpool

L9 7LJ

Telephone number: 0151 525 3611

Website: www.thewaltoncentre.nhs.uk

 

When you receive care from our services you will be asked to share information about yourself. This information is used to create records about your health, any treatment and care you receive from the NHS.  These records can then be used to ensure that you receive the best possible care now and in the future. 

Everyone working within the NHS has a legal duty to keep information about you confidential. This is called information governance.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when your own or the health and safety of others is at risk or where there is a lawful reason for this information to be disclosed.

The following information explains how we process your data, and your rights under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This is broken down into:

  • Why does the Trust need my information?
  • How does the Trust collect my information?
  • How does the Trust use my information?
  • Who else has access to my information?
  • How do we protect your information?
  • Can I access my own information?
  • What are my rights?
  • How can I get more information?

 

The NHS Constitution

  • You have the right of access to your own records and to have any factual inaccuracies corrected.
  • You have the right to privacy and confidentiality and to expect the health and social care system to keep your confidential information safe and secure.
  • You have the right to be informed about how your information is used.
  • You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis.

 

The NHS and adult social services also commit:

  • To ensure those involved in your care and treatment have access to your health and social care information so they can care for you safely and effectively (pledge);
  • To anonymise the information collected during the course of your care and treatment and use it to support research and improve care for others (pledge);
  • Where identifiable information has to be used, to give you the chance to object wherever possible (pledge);
  • To inform you of research studies in which you may be eligible to participate (pledge); and
  • To share with you any correspondence sent between staff about your care (pledge). 

Why does the Trust need my information?


 We ask you to share information with us so that we can provide you with the highest standard of care we possibly can. 

This information is known as your “Health Record” and is stored securely by the Trust in both paper and electronic forms. This information provides NHS staff with the information they need in order to ensure that the delivery of your care continues to be of the highest standard. It includes: 

• Name*, address*, date of birth

We collect your name, address and date of birth which enables us to send you letters about your care e.g. appointment letters.  This information is also used to identify you and distinguish you from other patients. 

• Telephone numbers*

We collect telephone numbers for you which will be used to contact you about your care. 

Your contact numbers will not be provided to any third parties without your consent or unless we have a lawful/legal basis to do so. 

*Please inform the Trust if any of the above information changes.

• Next of kin

We will collect details of your next of kin. This person should be the person that you wish be contacted in an emergency.  Your next of kin has no legal right to any confidential information held about you or to make any decisions about your care.
 
If an individual wishes to make a decision about your care they must obtain the appropriate legal Power of Attorney.

• Ethnicity

There is a legal requirement for us to collect your ethnicity to ensure that we provide a fair, open organisation where all patients receive equal treatment.

An individual’s ethnicity can also have a bearing on the type of illnesses an individual is susceptible to. Anonymised information on patient’s illnesses/disease and their ethnicity is passed by the Trust to the Department of Health who shares this information with the World Health Organisation to identify patterns in illness or diseases.

If you require further information on the services provided please contact the Trust's Equality and Diversity Department on 0151 556 3396.

• Disability, language preferences

This information is collected to enable us to provide care which meets your needs e.g. accommodate wheelchair users, provision of an interpreter.
 
If you require further information on the services provided please contact the HR team  on 0151 529 8442. 

• Religion

We offer all patients a Chaplaincy service. Your religion is passed to our Chaplains who run this service to enable them to visit you whilst in hospital to ensure the pastoral and spiritual needs of patients, their families and staff members are adequately addressed.

• Healthcare and treatment provided by the Trust

This includes information such as appointment letters, outpatient visits, overnight stays at the hospital, clinical notes and reports.  This will be detailed information held in both paper and electronic forms and will be shared amongst clinical staff employed by us to provide your care.

• Results of X-rays, bloods and any other tests

You may have provided samples e.g. urine, blood, etc. which will be processed by our laboratory, or, if a specialised test, with a partner laboratory.

The results of these tests are stored by the Trust and form part of your Health Record.

• GP details

When you receive any form of healthcare from us, whether this is a visit to the Emergency Department or an outpatient appointment, we will write to your GP detailing the reason for your visit and provide a summary of the care you received.  

It is therefore very important that we have the correct details for your GP as a delay in receiving this information could affect any ongoing care required.

How does the Trust collect my information

• Your information is collected from various sources, most commonly directly from you.

When you visit us, the clinicians and or administration staff will collect information from you which will form part of your health record; they will also document information relating to your care onto Trust’s systems.
 
• From other NHS sources

There will be occasions when you would have been referred or transferred from another NHS organisation, such as your GP or another hospital. In this instance information relating to your healthcare will be transferred across with you, this enables us to have a full history of your condition and allows staff to be able to provide you with the most appropriate quality of care and service.


• In what format do you collect my information?

Your health record is made up of both electronic and paper documents. The Trust uses a number of computer based systems, these systems hold information relating to the care provided. The Trust retains information in accordance with best practice guidance issued by the Department of Health.

 

• How long does the Trust keep my Information for?

The Trust retains information in accordance with national guidance and the Records Management Code of Practice for Health and Social Care

For more information please visit NHS Digital.

How does the Trust use my information?

 

We use your information in several ways which includes enabling us to provide you with the highest quality of care, allowing us to improve the care provided to both yourself and others by managing, planning and improving NHS services.

• Your information is used by clinical and administrative staff to provide you with treatment and care, including professionals based in other locations, e.g. your GP, other NHS Trusts and social services. We work in partnership with other NHS organisations and clinical staff employed by other NHS organisations that could be consulted for an expert opinion relating to your care. 
 
Your information could be shared with other organisations such as another NHS Trust, your GP and Social Services. You may need to be transferred to another hospital for further treatment.  We also work with Social Services staff whilst you are still in hospital to plan your discharge home. Information relating to your discharge arrangements will be recorded by Social Services within their manual and computerised records.
 
• To support your time in hospital, e.g. dietary requirements passed to catering staff, religion passed to the Trust Chaplains.

Any dietary requirements are passed to the catering staff with your choice of meal to ensure your dietary needs are met. Information relating to your religion is passed to Trust Chaplains running this service to enable them to visit you whilst in hospital to ensure the pastoral and spiritual needs of patients, their families and staff members are adequately addressed.

• For the Trust to undertake clinical audits.

We have an annual Clinical Audit programme which requires all clinical staff to participate. These Audits enable us to monitor and improve the quality of care and treatment provided to you. Clinical staff across the Trust will review patient medical records to review the care provided and to identify ways in which the care could be improved in the future.

• Student training

The Trust regularly has student doctors and nurses working with our clinical teams.
 
Students will have access to your medical records if they are involved in your care. If you do not wish for your medical records to be used in this way, please discuss this with your healthcare professional.

• Patient satisfaction surveys

We may send to your home address a satisfaction survey after your treatment from us. These surveys will help us to review and improve the care and treatment we provide to patients.
We may also send patients surveys via SMS if we have collected your mobile contact number. The SMS you receive will give you the option to opt out of this if you wish to do so.

• To investigate complaints, untoward incidents or legal claims

Staff within the Legal Team and Complaints Department will need to access your health records and may need to share this information with other Trust staff and external third parties if applicable e.g. Trust Solicitors, NHS Litigation Authority, in order to deal with issues raised or to process your complaint or legal claim.

We take patient safety very seriously so if an incident occurs that was not expected the Trust will investigate. In this instance the staff involved in your care, with the support of our Risk Management Department, would access your health records.

• To undertake health service management/planning which entails preparing statistics on our performance to ensure that we can meet patient needs in the future.

Statistical information about patient care is collated by us e.g. how long patients have waited for an outpatient appointment, etc. This is because every NHS Trust is performance managed and this information allows the Trust to improve the services it provides
 
This information will be anonymised or coded so individual patients cannot be identified.

• Where appropriate, to ask you to participate in a research project. 

The Walton Centre is a research active organisation and is committed to supporting innovation and the promotion, conduct and use of research to improve the current and future health and care of the population. 

Your participation in any research project is entirely voluntary and will only occur with your explicit consent.

We anonymise the information collected during the course of your care and treatment and use it to support research and improve care for others.

Our Research, Development and Innovation Team manages all research projects undertaken in the Trust and ensures studies have the necessary NHS permission and are in compliance with the regulatory framework for research.

Artificial Intelligence

As part of your care as a patient at the Walton Centre,  either attending  as an outpatient or as part of an inpatient stay  you may have  radiology imaging (x-ray, CT scan, MRI, ultrasound etc) or a procedure in radiology.  We sometimes use a form of technology called AI (Artificial Intelligence) to help us analyse or process these image(s).  Your images will continue to be viewed by a clinician as they are now but the use of AI helps us to speed up imaging results and/or improve their accuracy. For further information, please contact wcft.information.governance@nhs.net 

 

Who else has access to my information?

 

COVID-19 and your information – 15 April 2020

This notice describes how we may use your information to protect you and others during the COVID-19 outbreak

The health and social care system is facing significant pressures due to the COVID-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the COVID-19 outbreak. Any information used or shared during the COVID-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.  Further information is available here.

During this period of emergency, opt-outs will not generally apply to the data used to support the COVID-19 outbreak, due to the public interest in sharing information.  This includes National Data Opt-outs.  However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply.  It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.

During this period of emergency we may offer you a consultation via telephone or videoconferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the COVID-19 response is here

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the COVID-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation

In such circumstances where you tell us you’re experiencing COVID-19 symptoms we may need to collect specific health data about you.  Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards. 

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated. 

 

Who else has access to my information?

• To protect your best interests, your information may be shared in an emergency situation.

We have developed an extensive emergency contingency plan e.g. in the event of fire, flood, loss of power, etc. If an emergency occurred within the hospital, details of patients currently within the hospital or due to come into hospital might be shared with external organisations that are assisting the Trust to manage the emergency.
 
• There are occasions where we have a legal duty to pass patient information to external organisations.

These include: notification of new birth, notification of infectious diseases e.g. meningitis or where a formal court order has been issued.

• We share patient information with other external NHS organisations which operate to oversee and address issues relating to the management of the whole NHS, which contributes to providing an efficient and effective NHS.

These organisations include the NHS Business Services Authority and the NHS Counter Fraud Authority (NHSCFA).

The NHS Counter Fraud Authority is responsible for policy and operational matters relating to the prevention, detection and investigation of fraud in the NHS. In some instances information relating to patients will be shared with the NHS Counter Fraud Authority. 

  • We provide information to the National Fraud Initiative (NFI) for the prevention and detection of crime.

The National Fraud Initiative (NFI) is a data matching exercise conducted by the Cabinet Office to assist in the prevention and detection of fraud. The data matching allows potentially fraudulent claims and payments to be identified. The authority is under a duty to protect the public funds it administers, and to this end may use the information you have provided for the prevention and detection of fraud. It may also share this information with other bodies responsible for auditing or administering public funds for these purposes.

For further information, see https://www.gov.uk/government/collections/national-fraud-initiative or contact your Local Anti-Fraud Specialist on 0151 2854547.

• There are a number of external NHS organisations who have a statutory duty to undertake financial and regulatory audits on NHS Trusts. Assessors from these organisations may require access to patient information.

All NHS Trusts are mandated by the Department of Health to undertake clinical audits on care delivered to patients, which can be undertaken by clinical staff employed by the Trust or by external audit companies. This could involve individuals who have not been involved with your direct care accessing your medical records. Further information on national clinical audit can be found on the Department of Health website
 

*If you wish to object to your records being made available to external assessors, please inform a member of staff or contact the Trust’s Clinical Governance Team or the Information Governance Department. 

 

Access to shared systems

The Trust is part of the Cheshire and Merseyside Radiology Network consortium that use the same radiology system. All access and sharing arrangements are closely monitored by the Trusts within the consortium.

More information about the sharing arrangements in place can be obtained from the Trusts Radiology Department.

Share2Care

Share2Care is a collaborative programme between the Cheshire and Merseyside Health and Care Partnership, and the Healthier Lancashire and South Cumbria, to deliver the sharing of local health care records electronically.

Through the Share2Care programme, your information will be accessed by healthcare professionals when you are referred for treatment or care. Your information will only be accessed by relevant healthcare professionals who care for you and the information viewed will be relevant to the treatment and/or care plans that need to be put in place for your needs. There will be some pieces of your information that will not be shared for legal and data protection purposes, which includes more sensitive and confidential information. The access levels that healthcare professionals have will be based on their clinical role.

For more information about Share2Care, visit the Share2Care website at http://www.share2care.nhs.uk/ which includes information on:

  •         What the Share2Care programme is
  •         Why information is shared
  •         Who information is shared with
  •         How to opt out of information being shared

All sharing of information is carried out in line with statutory legal requirements and in line with the General Data Protection Regulation and the Data Protection Act 2018.

Health Procurement Liverpool

Health Procurement Liverpool is a new shared procurement function for Alder Hey Children’s Hospital, Clatterbridge Cancer Centre, Liverpool Heart & Chest Hospital and The Walton Centre. In May 2021 the Trusts named above agreed to create a single shared procurement alliance in order to strengthen procurement services, support integrated ways of working and to deliver efficiencies through economies of scale and consolidated purchasing activity. The shared service is hosted by The Walton Centre.

  • Patient/Staff Data - Patient data will not be processed by HPL. If any staff contact information is passed over during the requisition phase to HPL, the information will be removed and changed to initials only.
  • Supplier Data – Data such as contracts registers, suppliers contracts and bid prices, supplier spend and usage on products/services, supplier addresses and representative contact details will be held centrally by Health Procurement Liverpool.

For further information regarding the sharing of information across the HPL collaboration please contact:

Katie Tootill, Chief Procurement Officer, Katie.tootill@nhs.net 

All sharing of information is carried out in line with the Data Protection Act 2018/UK General Data Protection Regulation.

Does The Walton Centre have access to any of my other health data?

 

In recent years the NHS has changed the way we share patient information among healthcare professionals in different settings e.g. hospitals, GP practices, Urgent Care Centres.

To prevent delay and ensure safe treatment, especially in urgent situations, doctors and other specialists may access essential parts of your record electronically, rather than writing to or phoning your GP or other healthcare professionals involved in your treatment and care.

The NHS nationally and locally currently use systems to share information electronically.

Summary Care Record

The Summary Care Record (SCR) is a secure national electronic record, enabling doctors and healthcare specialists to access information about you that could be vital in an emergency or out-of-hours situation.

Records for each individual will be created automatically. This will enable NHS staff caring for you anywhere in England to access the following information to support your care in an emergency.

  • Any medicines you are taking
  • Any allergies you have
  • Any bad reactions you had to medicines

Healthcare staff will ask your permission before they look at your record except in certain circumstances (e.g. if you are unconscious). 

Share2Care

Share2Care is a collaborative programme between the Cheshire and Merseyside Health and Care Partnership, and the Healthier Lancashire and South Cumbria, to deliver the sharing of local health care records electronically. 

Through the Share2Care programme, your information will be accessed by healthcare professionals when you are referred for treatment or care. Your information will only be accessed by relevant healthcare professionals who care for you and the information viewed will be relevant to the treatment and/or care plans that need to be put in place for your needs. There will be some pieces of your information that will not be shared for legal and data protection purposes, which includes more sensitive and confidential information. The access levels that healthcare professionals have will be based on their clinical role.

For more information about Share2Care, visit the Share2Care website at http://www.share2care.nhs.uk/ which includes information on:

  •         What the Share2Care programme is
  •         Why information is shared
  •         Who information is shared with
  •         How to opt out of information being shared 

All sharing of information is carried out in line with statutory legal requirements and in line with the General Data Protection Regulation and the Data Protection Act 2018. 

Cheshire Care Record

The Cheshire Care Record is a local electronic patient record that allows health and social care professionals directly involved in your care, to share a summary of your medical record.

Your Cheshire Care Record will help those caring for you to manage your care better, and allow information to be shared quickly and safely. Only authorised staff providing health and social care services, or services such as palliative care across Cheshire and Merseyside can access this record.

For more information about Cheshire Care Record, visit the Cheshire Care Record website at www.cheshirecarerecord.co.uk (external link, opens in a new window) which includes information on:

  • What the Cheshire Care Record is
  • Why share information
  • Who information is shared with
  • How to opt out/in of sharing 

EMIS Web

EMIS Web allows healthcare professionals to record, share and use vital information so they can provide better, more efficient care for.

  • Primary care
  • Community care
  • Mental health

Clinical staff will only be able to view the data if the patient has given consent to their GP practice to share their GP record and if the practice has signed up to share the information. Not all GP data will be shared or made available.

For more information about EMIS Web, visit the EMIS Health website at www.emishealth.com or speak to your GP.

How do we protect your information?

 

• Everyone working for the NHS has a legal duty to keep your information secure and confidential at all times.

All staff employed by the Trust or working with the Trust are bound by strict confidentiality agreements. Trust Staff also undertake training on both the Data Protection, Information Security and the Common Law of
Confidentiality to ensure they know and understand how to keep your information secure and confidential at all times.

The Trust’s Information Security Department has deployed technical security measures to keep your information secure when stored electronically.
 
• All staff working in the NHS are bound by strict confidentiality guidelines which means only staff that are providing or supporting your care/treatment are entitled to access your information.

All staff are bound by the Common Law Duty of Confidentiality which means only staff involved with your care are entitled to access information relating to you. This is detailed within the confidentiality agreements signed by staff working in the Trust and is included within mandated training provided to all staff. All clinical staff are bound by strict professional codes of conduct which incorporate confidentiality clauses. Further information can be found on the British Medical Association (BMA) General Medical Council (GMC) and Nursing and Midwifery Council (NWC) websites.

• We will not disclose any patient/personal information to a third party e.g. private organisation, solicitor, employer, police officer without obtaining your explicit consent, unless we have a legal duty to pass your information on in line with Data Protection laws. 

• We will only collect the minimum information required to provide and support your care.
Data protection law requires the Trust to only collect information which is relevant to your care and is not excessive.

• We keep your health record for a defined period of time as determined by Department of Health Guidance.

We have a legal obligation to store your health information. The length of time we will store your information is set out by the Department of Health. The longest we will keep a patient’s record is 30 years after their care has stopped.

More information about the NHS Retention Schedules may be found via the NHS Digital Website Records Management Code of Practice 2021

Can I access my own information?

 

Can I see my own health record?

Yes, under the data protection legislation, individuals have the right to access their own information held by us; however there are a few exceptions, e.g. if you are still undergoing treatment. Please talk to the healthcare professional responsible for your care about this. 

If you are no longer receiving care then please contact the Subject Access Request Team for access to your Medical Records - wcft.sarlegalrequests@nhs.net

How much does it cost?

As of 25 May 2018 there is no longer a charge for this service. However, you may be charged a reasonable fee for repeated requests for further copies of the same information.

 

Can I be refused access?

For the majority of requests you will be allowed access to your records. However, in some instances access may be denied to all or part of your records for the following reasons:

- If your doctor or another senior healthcare professional thinks seeing your records before seeing one of them could cause you or another serious harm or distress.

- If the information involves an identified person, who does not consent to this information being disclosed. This does not include healthcare professionals.

- If you are applying on behalf of someone who has died or who is not cable of managing their own affairs and they originally instructed that the information should not be disclosed.

 

How do I apply to access my health record?

If you would like to apply to access your health records, we ask you to complete our application form in order for us to gather all the information needed and return it to us via post or email (details below) along with copies of two forms of ID. Once the completed application form has been received, your application will begin to be processed.

Find out more information about accessing your health record

 

Can I change my records?

We have a legal obligation to ensure your information is accurate and up to date. We are however only obliged to make corrections to your records if the record contains incorrect facts such as name, address etc. If you believe that medical information or a clinician’s opinion that is noted on your file is incorrect this cannot be changed for safety reasons however a note can be added to your file with your view.

If you wish to make changes to name, address etc. then please speak to your healthcare professional.

 

What are my rights?

 

If we need to use your personal information for any reason beyond those stated, we will discuss this with you. You have the right to ask us not to use your information in this way.

However, there are exceptions to this which are listed below.

If the public interest is thought to be of greater importance, for example:

  • If a serious crime has been committed.
  • If there are risks to the public or to our staff.
  • To protect vulnerable children or adults.

If we have a legal duty, for example registering births, reporting some infectious diseases, wounding by firearms and court orders.

If we need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority).

Data protection laws give individuals rights in respect of the personal information that we hold about you. These are:

1. To be informed why, where and how we use your information.

2. To ask for access to your information.

3. To ask for information to be corrected if inaccurate or incomplete.

4. To ask for your information to be erased or removed. (This does not apply to an individual’s health or care record or for public health or scientific research reasons).

5. To ask us to restrict the use of your information.

6. To ask us to copy or transfer your information to other providers in a safe and secure way, without impacting the quality of the information.

7. To object to how your information is used.

8. To challenge any decisions made without human Intervention (automated decision making).

N.B. The Trust does not undertake automated decision-making or profiling of your personal information. The only exception to this is sometimes during radiology imaging or radiology procedures. Please see the tab above How does the Trust use my information for further information.

Also, your information is not processed overseas.

Lawful basis for the processing of your information

 

We are committed to protecting your privacy and will only process personal confidential data in accordance with the appropriate legislation which includes the General Data Protection Regulation, Data Protection Act 2018, the Common Law Duty of Confidentiality and the Human Rights Act 1998.

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

 

The General Data Protection Regulation (GDPR) states that the processing of ‘personal data’ shall be lawful where it is:

Article 6(1)(e) - Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

And for processing special categories of personal data where it is:

Article 9(2) (h) - Necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services, carried out by or under the supervision of healthcare professionals or social work professional or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law.

The Health and Social Care Act 2012 also states the need to collect, record, store and use your personal data in order to provide healthcare services to you. 

Data Controller - The Walton Centre NHS Foundation Trust is a Data Controller as defined in the General Data Protection Regulation and Data Protection Act 2018. This means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is Z6052598 and our entry can be found in the Data Protection Register on ICO 

Data Processors - The Trust will use the services of additional data processors, which will provide additional expertise to assist in the delivery of services. We share the minimum information necessary to allow the data processors to act on our behalf. Each contract will have a specific list of information to be shared and the legal basis allowing us to legitimately share the information. We have entered into contracts with other companies/organisations to provide some services for us or on our behalf. These organisations are known as “data processors". These organisations are subject to the same legal rules and conditions for keeping personal confidential data safe and secure and are underpinned by a contract with us. Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.

Patient and Public Involvement - If you have asked us to keep you regularly informed and up to date about the work of the Trust, or if you are actively involved in our engagement and consultation activities, or patient participation groups, we will collect and process personal confidential data which you share with us. We will obtain your consent for this purpose, when you initially contact us to get involved in our engagement and consultation activities. Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.

GDPR states that the processing of ‘personal data’ shall be lawful where:

Article 6(1) (a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

And for processing special categories of personal data where:

Article 9(2) (a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes. 

You can withdraw your consent to the further processing of your data at any time, if you have previously given consent forsuchprocessing, and there is no other legal basis for the Trust to continue processing it. 

CCTV - We have installed CCTV cameras on our Trust sites in areas that are used by members of the public and staff. This is for the purposes of public safety and crime prevention/detection. In all locations, signs are displayed notifying of the fact the CCTV is in operation and providing details of whom to contact for further information about the scheme.

GDPR states that the processing of ‘personal data’ shall be lawful where it is:

Article 6(1)(e) - Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Contact details and further guidance

 

Should you have any further queries on the uses of your information, please speak to one of the following:

Your healthcare professional 

Data Protection Officer wcft.dpo@nhs.net 

Information Governance Team on 0151 556 3038/3039 or wcft.information.governance@nhs.net

The Patient Experience Team, for practical advice our Patient Experience Team provide a (PALS) service.  Contact Patient Experience Team on 0151 556 3090, or email wcft.patientexperience@nhs.net 

Should you wish to lodge a complaint about the use of your information, please contact our complaints team or the DPO using the information above.

After that, if you remain unhappy with the outcome of your enquiry you can write to the Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or telephone them on 01625 545700.

Useful websites for more information 

Information Commissioners Office - ICO

NHS Digital - General Data Protection Regulation

European Commission - GDPR

National Data opt out programme

The Trust is one of many originations working in the health and care system to improve care for patients and the public.  The Information collected about you when you are using NHS services can be provided to other approved orgainsations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatments and preventing illness. 

All of these help to provide better health care for you, your family and future generations.  Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

You have a choice about whether you want your confidential patient information to be used in this way. 

You can find out more about the wider use of confidential personal information and to register your choice to opt out by visiting www.nhs.uk/your-nhs-data-matters

Privacy Notice - SPINE TANGO

If you have had a spinal operation and participated in the SPINE TANGO study at The Walton Centre – the following information applies to you.

In addition to what we currently do with your information, we are also going to be using the information you have provided differently.
We pride ourselves on delivering the best patient care and, as part of this, we have been collecting information regarding spinal surgery outcomes using a questionnaire known as SPINE TANGO since 2011.

In order to continue to deliver outstanding care to patients, we will now be working in partnership with NEC Software Solutions UK Limited. This collaboration will produce reports using pseudonymised* information from the SPINE TANGO and other related questionnaires, which enables us and the manufacturers of medical devices to see how well specific devices are performing and to identify if there are any issues. In some cases pre and post-operative radiological findings from X-rays, MRI’s and CT’s will be gathered for assessments also.

Under no circumstances will information that identifies you be shared for use in these new reports.

If you have previously agreed to participate in SPINE TANGO, but would not like us to use the information that you provided for these new reports, please get in touch with our Clinical Effectiveness Team on 0151 556 3446 or 0151 556 4127, or alternatively you can email neurosurgeryclinicaleffectiveness@thewaltoncentre.nhs.uk 

* Pseudonymised information is where we remove your name and address and replace other identifiable data with different codes/numbers, so that when we share the data, you cannot be identified.

Page last updated: 28 March 2023