Information Governance

Information Governance incorporates the management of all information generated by the Trust, whether this relates to patient, staff or corporate information, and in any format

To provide assurance that the Trust complies with a wide range of legislation and national guidance, the Trust completes and annual submission of the Information Governance Toolkit. For more information please use the link opposite.

Fair Processing Notice

The purpose of this notice is to inform you of the type of information that Cornwall Partnership NHS Foundation Trust collect, how that information is used, who the information may be shared with, how it is kept secure and what your rights are in relation to this.
How we manage your personal information and your information rights

The Trust is required to complete a Data Protection Registration with the Information Commissioner’s Office (ICO) which details the types of data and processing that the Trust collects and conduct. View the Data Protection register for the Trust’s current registration

Freedom of Information

Under the Freedom of Information Act 2000 any individual is able to request information in relation to Cornwall Partnership NHS Foundation Trust, this would not include personal information. To see what information has already been published or to make a request, use the link opposite.

General Data Protection Regulations (GDPR)

An individual, or their representative, can request to receive copies of information that the Trust holds about them. For more information please use the link opposite.

National Data Op Out

The National Data Guardian, Dame Fiona Caldicott, recommended a new opt-out model for data sharing in her Review of data security, consent and opt-outs in 2016. The aim is to allow patients to make an informed decision about how their personal data will be used. It is part of a vision to improve patients’ trust and confidence in how data is looked after by the health and social care system. The National Opt-out ties in with other work on data security and making sure data is only used for the benefit of people’s health and care.

NHS Digital are introducing a new tool that people can use to opt out of their confidential patient information being used for reasons other than their individual care and treatment. It will be secure and accessible, and will be available from 25 May 2018.

Patients and the public who decide they do not want their personally identifiable data used for planning and research purposes will be able to:

  • Set their national data opt-out choice online, or
  • There will be a non-digital alternative for patients and the public who can’t or don’t want to use an online system.
  • Individuals can change their mind anytime.
  • Where patients have already registered with their GP, to prevent their identifiable data leaving NHS Digital, this will be converted to the new national data opt-out.

The national data opt-out will be introduced alongside the new data protection legislation and all health and care organisations will be required to uphold patient and public choices by March 2020.

For further details please go to: national-data-opt-out-programme

Caldicott Guardian

The Eight Caldicott Principles

Good information sharing is essential for providing safe and effective care. There are also important uses of information for purposes other than individual care, which contribute to the overall delivery of health and social care or serve wider public interests.

These principles apply to the use of the confidential information within health and social care organisations and when such information is shared with other organisations and  between individuals, both for individual care and for other purposes.

The principles are intended to apply to all data collected for the provision of health and social care services where patients and service users can be identified and would expect that it will be kept private. This may include for instance, details about symptoms, diagnosis, treatment, names and addresses. In some instances, the principles should also be applied to the processing of staff information.

They are primarily intended to guide organisations and their staff, but it should be remembered that patients, service users and / or their representatives should be included as active partners in the use of confidential information.

Where a novel and / or difficult judgment or decision is required, it is advisable to involve a Caldicott Guardian.

Principle 1: Justify the purpose(s) for using confidential information

Every proposed use or transfer of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian.

Principle 2: Use confidential information only when it is necessary

Confidential information should not be included unless it is necessary for the specified purpose(s) for which the information is used or accessed. The need to identify individuals should be considered at each stage of satisfying the purpose(s) and alternatives used where possible.

Principle 3: Use the minimum necessary confidential information

Where use of confidential information is considered to be necessary, each item of information must be justified so that only the minimum amount of confidential information is included as necessary for a given function.

Principle 4: Access to confidential information should be on a strict need-to-know basis

Only those who need access to confidential information should have access to it, and then only to the items that they need to see. This may mean introducing access controls or splitting information flows where one flow is used for several purposes.

Principle 5: Everyone with access to confidential information should be aware of their responsibilities

Action should be taken to ensure that all those handling confidential information understand their responsibilities and obligations to respect the confidentiality of patient and service users.

Principle 6: Comply with the law

Every use of confidential information must be lawful. All those handling confidential information are responsible for ensuring that their use of and access to that information complies with legal requirements set out in statute and under the common law.

Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.

Principle 8: Inform patients and service users about how their confidential information is used

A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, great engagement will be required.

Published: December 2020

Taken from: “Information To share or not to share; The Information Governance Review”

The Cornwall Partnership NHS Foundation Trust is working in partnership with other Health and Social Care providers to improve the services we provide you. Our aim is to provide the right care in the right place to better match your needs. To achieve this we need to join up our data with our partners in order to understand what opportunities we have to make best use of our resources (staff and service locations) to meet this goal.

We want to use your anonymised data (at no point will you be individually identified from the data used) to see what we have been doing over the last few years. Once the data has been anonymised we will share it with GE Finnamore and the South West Academic Health Science Network to provide the analysis we need to make these improvements.

If you wish us not to use your anonymised data for this purpose please let us know and we will ensure your data is excluded.

Please contact cpn-tr.Infogov@nhs.net or 01208 834495 to tell us of your wish to withhold your information or to discuss your concerns.

Contact the Information Governance Team

Information Governance Team
Cornwall Partnership NHS Foundation Trust
Suite 6
Carew House
Beacon Technology Park
Dunmere Road
Bodmin
PL31 2QN

Tel; 01208 834495
E-mail:  cpn-tr.infogov@nhs.net