Policy Objectives :
Why we need your data
How it will be used and
Who it will be shared with
This document also explains what rights you have to control how we use your information. More detailed information about different aspects of our services can be found on our website. http://londonwelbeckhospital.co.uk/
The law determines how organisations can use personal information. The key laws are: The Data Protection Act 2018 (DPA) 1, The Human Rights Act 1998 (HRA) 2, relevant health service legislation, and the common law duty of confidentiality.
The Data Protection Act 2018 (DPA): 1 http://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf
The Human Rights Act 1998 (HRA) 2 http://www.legislation.gov.uk/ukpga/1998/42/data.pdf
This document describes instances where The London Welbeck Hospital is the “Data Controller”, for the purposes of the Data Protection Act 2018, and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.
General Data Protection [GDPR] :
LWH Compliance and Responsibilities Under Data Protection and GDPR
For Employees, Surgeons and Anaesthetists:
This document outlines what personal information we hold, why we use it and how we protect it.
The London Welbeck Hospital will collect personal information in order that we safely recruit appropriately trained staff and ensure that we provide a supportive work enjoinment for all. The information we collect, and hold will include the details
Name / Date of birth / Gender
Diversity information including racial or ethnic origin, physical or mental health and disability
Personal references and referee details
Immigration status / Copy of Passport
National Insurance Number
Health Check details
DBS check details
Renumeration and pension details
Hospital CCTV footage whilst at work
Sharing Your information:
Your personal data will be protected at all time however we may on occasion be required to share aspect of your personal data with others such as professional and regulatory bodies. All requests to share your personal data are managed by the hospital data protection office and any breach of policy will be investigated and reported by the Data Protection Officer.
Why and how we collect information?
We may ask for or hold personal confidential information about you which will be used to support delivery of high quality and safe care.
These records may include:
Name, address, date of birth, NHS numbers and next of kin
Contact we have had, such as appointments and consultations
Details and records of treatment and care, including notes and reports about your health
Results of investigations, blood tests, etc.
Information from people who care for you and know you well, such as health professionals and relatives.
It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.
Information is collected in a number of ways, via your healthcare professional, referral details from your Clinic or directly given by you.
How we use information?
To help inform decisions that we make about your care.
To ensure that your treatment is safe and effective.
To work effectively with other organisations who may be involved in your care.
To support the health of the general public.
To ensure our services can meet future needs.
To review care provided to ensure it is of the highest standard possible.
To train healthcare professionals.
For research and audit.
To prepare statistics on hospital performance.
To monitor how we spend public money.
There is huge potential to use your information to deliver care and improve health and care services. The information can be used to help:
Improve individual care.
Understand more about disease risks and causes.
Develop new treatments and prevent disease.
Improve patient safety.
Evaluate hospital Care policy.
It helps you because;
Accurate and up-to-date information assists us in providing you with the best possible care.
If you see another healthcare professional, specialist or NHS organisation, they can readily access the information they need to provide you with the best possible care.
Where possible, when using information to inform future services and provision, non-identifiable information will be used.
How information is retained and kept safe?
Information is retained in secure electronic and paper records and access is restricted to only those who need to know.
It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.
The Data Protection Act regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. London Welbeck Hospital is registered with the Information Commissioners Office (ICO)3. Details of our registration can be found on 3Data protection register: https://ico.org.uk/esdwebpages/search
Enter our registration number Z2073224 and click ‘search register’.
Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.
How do we keep information confidential?
Everyone working for The London Welbeck Hospital is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law.
Under the London Welbeck Hospital information Governance policy and procedures, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.
All hospital staff are required to undertake annual training in data protection, confidentiality, IT/cyber security, with additional training for specialist, such as healthcare records, Data Protection Officer and IT staff.
Who will the information be shared with?
Sharing with PHIN or NHS organisations:
For your benefit, we may also need to share information from your records with third parties, PHIN4 and/or NHS5 organisations, from whom you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.
We will obtain your written consent on admission to share as appropriate personal information.
Your right to withdraw consent for us to share your personal information:
You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care.
We are sharing information with following organisation
4Private Healthcare Information Network:
We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our Web Sites. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Web Sites. We may from time to time supply the owners or operators of third party sites from which it is possible to link to our Web Sites with information relating to the number of users linking to our Web Sites from their sites. You cannot be identified from this information.
Cookies are pieces of information that a Web Site transfers to your hard drive to store and sometimes track information about you. Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that. However, you may not be able to take full advantage of a Web Site if you do so. Cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web. Although they do identify a user's computer, cookies do not personally identify customers or passwords. Credit card information is not stored in cookies.
To identify who you are and to access your account information;
To estimate our audience size and patterns;
To control how often visitors, see similar ads;
To track preferences and to improve and update our Web Site; and
To track the progress and number of entries in some of our promotions and contests.
Security of your information:
We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
We have appointed a Data Protection Officer, who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality.
All staff are required to undertake annual information governance training and are provided with an information governance user handbook that they are required to read, understand and agree to adhere to. The handbook ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.
Under the Confidentiality Code of Conduct, all our staff are required to protect your information and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared. Any deliberate breach of Data Protection will be investigated in line with London Welbeck Hospital’s disciplinary procedures.
GDPR Violation / Data Breaches
All identified data breaches are reported through The London Welbeck Hospital clinical Governance and risk management procedures. Any data breach is logged in the hospital incident reporting system will be fully investigated by the Hospital Data Protection Officer and reported to Information Commission Office (ICO).
Contacting us about your information
The London Welbeck Hospital has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian. You can contact The London Welbeck Hospital, Caldicott Guardian by using the Contact Us section at the hospital website.
If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact the Data Protection Officer.
The London Welbeck Hospital.
27 Welbeck Street
1 The Data Protection Act 2018 (DPA):
2The Human Rights Act 1998 (HRA)
3Data protection register:
4Private Healthcare Information Network: