Privacy notice

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

Detailed information about how we use your information for specific purposes

Direct care

Unless you object, we will normally share information about you with other health and social care professionals so that you may receive the best quality care:

  • Other NHS Trusts and hospitals that are involved in your care
  • NHS Digital and other NHS bodies
  • General Practitioners (GPs)
  • Ambulance services

You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:

  • Social Care Services
  • Education Services
  • Local Authorities
  • Voluntary and private sector providers working with the NHS

We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information.

Indirect care

We also use information we hold about you to:

  • Review the care we provide to ensure it is of the highest standard and quality
  • Ensure our services can meet patient needs in the future
  • Investigate patient queries, complaints and legal claims
  • Ensure the hospital receives payment for the care you receive
  • Prepare statistics regarding NHS performance
  • Audit NHS accounts and services
  • Help train and educate healthcare professionals

Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be de-identified first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and NHS Digital websites.

Our contact details

Name: The Rotherham NHS Foundation Trust

Address: Rotherham Hospital, Moorgate Road, Rotherham, South Yorkshire, S60 2UD

General phone number: 01709 820000

Website: www.therotherhamft.nhs.uk

We are the controller for your information. A controller decides on why and how information is used and shared.

Data Protection Officer contact details

Our Data Protection Officer is Derek Stowe and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at rgh-tr.trft.dpo@nhs.net.  

How do we get information?

The personal information we collect is provided directly from you for one of the following reasons:  

  • you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care
  • you have sought funding for continuing health care or personal health budget support
  • you have applied for a job with us or work for us
  • you have signed up to our newsletter/patient participation group
  • you have made a complaint

We also receive personal information about you indirectly from others in the following scenarios:

  • from other health and care organisations involved in your care so that we can provide you with care
  • from family members or carers to support your care

Why do we collect data about you?

All clinicians and health and social care professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records on either on paper or electronic format, help to ensure that you receive the best possible care. 

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes to your contact details or GP Practice as soon as possible. This minimises the risk of you not receiving important correspondence.

By providing the Trust with their contact details, patients are agreeing to the Trust using those channels to communicate with them about their healthcare, i.e. by letter (postal address), by voice mail or voice message (telephone or mobile number), by text message (mobile number) or by email (email address).
 

How your personal information is used

In general terms, your records are used to direct, manage and deliver your care so that:

  • the doctors, nurses and other health or social care professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you
  • health and social care professionals have the information they need to assess and improve the quality and type of care you receive
  • appropriate information is available if you see another doctor, or are referred to a specialist or another part of the NHS or social care
  • your concerns can be properly investigated if a complaint is raised

The Shared Care Record

The Shared Care Record is a shared system that allows health or social care professionals within the Rotherham health and social care community to appropriately access the most up-to-date and accurate information about patients to deliver the best possible care.

NHS Care Record Guarantee

The Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing. Copies of the full document can be obtained here.

Other ways in which we use your information

Call recording

Telephone calls to The Rotherham NHS Foundation Trust are routinely recorded for the following purposes:

  • to make sure that staff act in compliance with Trust procedures
  • to ensure quality control
  • training, monitoring and service improvement
  • to prevent crime, misuse and protect staff

SMS text processing

When attending an outpatient appointment or a procedure at the Trust, you may be asked to confirm that the Trust has an accurate contact number and mobile telephone number for you. This can be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times. It can also be used to contact you to provide feedback about the care and treatment you have received.

Surveillance cameras (CCTV and body-worn video)

We employ surveillance cameras (CCTV and Body Worn Video) on and around the hospital site in order to:

  • protect staff, patients, visitors and Trust property
  • apprehend and prosecute offenders, and provide evidence to take criminal or civil action in the courts
  • provide a deterrent effect and reduce unlawful activity
  • help provide a safer environment for our staff
  • assist in traffic management and car parking schemes
  • monitor operational and safety related incidents
  • help to provide improved services, for example by enabling staff to see patients and visitors requiring assistance
  • assist with the verification of claims

What information do we collect?

Personal information

We currently collect and use the following personal information:

  • personal identifiers and contacts, such as name, address, email address, NHS number, date of birth, next of kin, etc.)
  • photographic identity (photo ID), such as photographs of staff for ID badges or our website)
  • confidential data, such as bank details

More sensitive information

We process the following more sensitive data (including special category data):

  • data concerning physical or mental health such as:
    • contact we have had with you such as appointments or clinic visits
    • notes and reports about your health, treatment and care – UECC visits, inpatient spells, or clinic appointments
    • details of diagnosis and treatment given
    • information about any allergies or health conditions
    • results of x-rays, scans and laboratory tests
    • relevant information from people who care for you and know you well such as health care professionals and relatives
  • data revealing racial or ethnic origin
  • data concerning a person’s sex life
  • data concerning a person’s sexual orientation
  • genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
  • biometric data (where used for identification purposes)
  • data revealing religious or philosophical beliefs
  • data revealing trade union membership (in some instances)
  • data relating to criminal or suspected criminal offences

Who do we share information with?

We may share information with the following types of organisations:

  • NHS organisations such as Acute hospitals, community care teams, care/nursing homes, GPs 
  • third party data processors (such as IT systems suppliers)
  • planners of health and care services (such as Integrated Care Boards)
  • others, such as education, charities

In some circumstances we are legally obliged to share information. This includes:

  • when required by NHS England to develop national IT and data services 
  • when registering births and deaths
  • when reporting some infectious diseases
  • when a court orders us to do so
  • where a public inquiry requires the information
  • if there is a concern that you are putting yourself at risk of serious harm
  • if there is a concern that you are putting another person at risk of serious harm
  • if there is a concern that you are putting a child at risk of harm
  • if the information is essential for the investigation of a serious crime
  • if you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
  • if your information falls within a category that needs to be notified for public health or other legal reasons, e.g. certain infectious diseases

We will also share information if the public good outweighs your right to confidentiality. This could include:

  • where a serious crime has been committed 
  • where there are serious risks to the public or staff
  • to protect children or vulnerable adults

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.

Is information transferred outside the UK?

Our data is hosted in in the UK, but some of our X-ray and AI Gleamer data are transferred to India and Australia for checking.

The Trust will ensure that personal confidential data, even it would constitute fair processing, will not, unless certain exemptions apply or protective measures taken, be disclosed or transferred outside the European Economic Area to a country or territory which does not ensure an adequate level of protection for the rights and freedoms of data subjects.

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

More sensitive data

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

  • We need it for employment, social security and social protection reasons (if authorised by law). 
  • We need for a legal claim or the courts require it.
  • There is a substantial public interest (with a basis in law). 
  • To provide and manage health or social care (with a basis in law). 
  • To manage public health (with a basis in law). 
  • For archiving, research and statistics (with a basis in law). 

Find out about the most likely laws that apply when using and sharing information in health and care.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
  • we have support from the Secretary of State for Health and Social Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
  • we have a legal requirement to collect, share and use the data
  • for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service

How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice.

This Records Management Code of Practice for Health and Social Care 2021 is a guide for the NHS to use in relation to the practice of managing records. It is relevant to organisations who work within, or under contract to NHS organisations in England. This also includes public health functions in Local Authorities and Adult Social Care where there is joint care provided within the NHS.

The Code is based on current legal requirements and professional best practice. It will help organisations to implement the recommendations of the Mid Staffordshire NHS Foundation Trust Public Inquiry relating to records management and transparency.

Visit the GOV.UK website for more information. 

We will then dispose of the information as recommended by the Records Management Code for example we will:

  • securely dispose of your information as per the Trust Waste Management Policy
  • archive your information at Rotherham Place of Deposit located in Clifton Park Museum.

What are your data protection rights?

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request).  To make a Subject Access Request.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

National data opt-out

  • we are applying the national data opt-out because we are using confidential patient information for planning or research purposes 
  • we are not applying the national data opt-out because we are not using confidential patient information for planning or research purposes
  • we are not applying the national data opt-out because although we are using confidential patient information for planning and research, an agreed exemption applies

The Rotherham NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending the Urgent and Emergency Care Centre, or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit Your NHS data matters. 

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Freedom of Information (FOI)

The Freedom of information Act 2000 provides any person with the right to obtain information held by The Rotherham NHS Foundation Trust, subject to a number of exemptions.

Please note: if your request is for information we hold about you (for example, your health record), please instead see Subject Access Request

Further information about Freedom of Information and to make a request

How do I complain?

If you have any concerns about our use of your personal information, you can make a complaint to us by emailing your.experience@nhs.net

Following this, if you are still unhappy with how we have used your data, you can then complain to the Information Commissioner's Office (ICO).

The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Information Commissioner's Office website