Privacy notices
East of England Community Health and Care NHS Trust is committed to providing high quality services. To do this, we need to access, use and sometimes share your information or personal data, which includes sensitive data, known as special category data.
It is part of our commitment to ensure that we are transparent and accountable for how we process your personal information.
Your privacy matters to us.
We know you share sensitive information with us, and it is important that we are open, transparent, and accountable for how we use it.
This Privacy Notice explains what happens to any personal data you provide to us, or that we collect about you, and how we keep it safe.
It applies to all personal information processed by or on behalf of East of England Community Health and Care NHS Trust (“the Trust”) and is required under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We collect information about you so we can:
• Provide safe, effective, high-quality clinical care
• Make sure you receive the right treatment and support
• Plan and manage our services
• Support the wider NHS and health and social care system
We may collect:
• Your name, address and contact details
• Your date of birth and NHS number
• Details of your family or carers
• Notes from your appointments
• Test results, X-rays, scans and clinical observations
• Medications or treatments you receive
• Photos or videos taken as part of your care
• Information about your race, religion, gender identity or sexuality (only when relevant to your care)
• Information provided by people involved in your care (e.g. GPs, hospitals, social care providers, family members)
This information helps us understand your health needs and provide you with the best possible care.
Your information may be used for the following purposes:
A. Direct Care and Healthcare Management
- Delivering your care and treatment
- Communicating with you or your carers
- Maintaining accurate and up-to-date patient records
- Referrals to other services
- Medication reviews
- Safeguarding and safety checks
- Invoice validation and NHS commissioning requirements
B. Improving Quality and Safety
- Clinical audit
- Service evaluation and redesign
- Monitoring outcomes
- Staff training
- Public health monitoring
- Addressing health inequalities
C. Research and Planning
Your information may also be used (often anonymously) for:
- Health research
- Planning future services
- Statistical analysis
- National NHS reporting
You will never be identified personally unless:
- You give explicit consent, or
- The law allows it, or
- There is a clear public interest (e.g. safeguarding)
D. Legal and Statutory Requirements
We may use or share information when required to:
- Prevent serious crime or fraud
- Respond to court orders
- Protect vulnerable adults or children
- Support public health functions
E. Regulatory Access
Regulators such as the Care Quality Commission (CQC) may access information where necessary for their statutory duties.
You can learn more by visiting: www.cqc.org.uk
We only rely on consent in limited situations, such as:
- Patient experience surveys
- Use of photographs for training or media
- Some types of research
If we rely on consent, you can withdraw it at any time.
We are committed to protecting your confidentiality.
Your information is protected by:
- The Data Protection Act 2018
- UK GDPR
- The Human Rights Act 1998
- The Common Law Duty of Confidentiality
- NHS Codes of Confidentiality, Information Security and Records Management
Information is stored securely whether on paper or electronic systems.
Access is strictly limited to those who need it to provide or support your care.
All personal data is processed in the UK.
Some secure electronic systems may be hosted within the European Union.
We follow the NHS Records Management Code of Practice for Health and Social Care (2016).
This sets out minimum retention periods for all types of health and administrative records.
We never keep your information longer than necessary.
Under the UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate information
- Request deletion (in certain circumstances)
- Restrict how your data is used
- Object to processing
- Receive your data in a portable format
- Withdraw consent (if consent is the basis for processing)
To exercise these rights, contact: eec.accesstorecords@nhs.net
Your confidential patient information may be used for research and planning, unless you choose to opt out.
You do not need to do anything if you are happy with this.
To learn more or set your opt-out choice visit: www.nhs.uk/your-nhs-data-matters
You can change your preference at any time.
Further information visit:
Health Research Authority: https://www.hra.nhs.uk/information-about-patients/
Understanding Patient Data: https://understandingpatientdata.org.uk/what-you-need-know
Please tell us as soon as your address, phone number or other personal information changes.
We may periodically check with you to ensure our records are accurate.
The Trust’s Data Protection Officer is:
Matthew Poole
Data Protection Officer
East of England Community Health and Care NHS Trust
Units 7/8, Meadow Lane
St Ives, Cambridgeshire
PE27 4LG
The DPO:
- Monitors compliance
- Advises on data protection obligations
- Reviews Data Protection Impact Assessments (DPIAs)
- Acts as contact for data subjects and the Information Commissioner
The senior clinician responsible for protecting the confidentiality of patient information is:
Dr Caroline Kavanagh
Caldicott Guardian
East of England Community Health and Care NHS Trust
If you have concerns about how we use your information, please contact:
Information Governance Team
East of England Community Health and Care NHS Trust
Units 7/8, Meadow Lane
St Ives, Cambridgeshire
PE27 4LG
eec.accesstorecords@nhs.net
If you are not satisfied, you can contact the Information Commissioner’s Office:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
This notice does not provide a full explanation of the law.
If you would like more detail about how we use your information, please contact us at: eec.accesstorecords@nhs.net
