By issuing this privacy notice, we demonstrate our commitment to openness and accountability.
We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with the following:
Your information could be collected in a number of different ways. This might be from a referral made by your GP or another healthcare professional you have seen, or perhaps directly from you – in person, over the telephone or on a form you have completed.
There may also be times when information is collected from your relatives or next of kin – for example, if you are taken to one of our departments but you are unconscious or unable communicate.
The information that we collect about you may include details such as:
We collect personal and confidential information about you to support with the delivery of appropriate healthcare and treatment. In order to provide you with high quality care, we must keep records about you, your health and the care that we provide, or plan to provide to you. It is important for us to have a complete picture as this information enables us to provide the right care to meet your individual needs.
Under the Data Protection Act 2018, strict principles govern our use of information and our duty to ensure it is kept safe and secure. Your information may be stored within electronic or paper records, or a combination of both. All our records are restricted so that only those individuals who have a need to know the information can get access. This might be through the use of technology or other environmental safeguards.
Everyone working for the NHS is subject to the Common Law Duty of Confidentiality. This means that any information that you provide to us in confidence will only be used in connection with the purpose for which it was provided, unless we have specific consent from you or there are other special circumstances covered by law.
Under the NHS Confidentiality Code of Conduct, all of our staff are required to protect information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
Every NHS organisation has a senior person that is responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Senior Information Risk Owner (SIRO) and within our trust this role sits with our Director of Governance - Caroline White. You can find more details online:
To support you through the process, we have published policy and guidance on the Trust website, available at: Subject Access Request Policy and Procedure
You can also request further information or an application form, by one of the following means:
Post: The Subject Access Request Team, Cornwall Partnership NHS Foundation Trust, The Kernow Building, Wilson Way, Pool, Redruth, Cornwall, TR15 3EQ3
Tel: 01209 204010
We use your information to ensure that:
This is important because having accurate and up-to-date information will assist us in providing you with the best possible care. It also ensures that all information is readily available if you see another health professional or specialist within our trust or another part of the NHS.
There is also the potential for your information to help improve health care and other services across our trust and the wider NHS. Therefore, your information may also be used to help with:
When we are required to do so, we will ensure that we seek your consent before sharing your personal information with other people. We will not pass your personal information to your friends, relatives or carers without your explicit consent. If you are unable to consent for any reason, we will only share information where it is clearly in your best interests to do so or it is required by law.
The Trust sometimes needs to share the personal information we process with other organisations. When we do this we are required to comply with all aspects of the General Data Protection Regulation. Where necessary we also have data sharing agreements in place with our partner organisations which will state the specific ways in which the shared data can be used.
The organisations we share information with can include:
The reasons why we would share your information, other than for your care, can include:
We work with a number of other NHS organisations, voluntary, community, social enterprise, welfare organisations and independent treatment centres and clinics to provide you with the best possible care. To support this, your information may be securely shared.
Where the sharing involves a non-NHS organisation, a specific information sharing agreement is put in place to ensure that only relevant information is shared and this is done securely in a way which complies with the law.
Unless there are exceptional circumstances (such as a likely risk to the health and safety of others) or a valid reason permitted by law, we will not disclose any information to third parties which can be used to identify you without your consent..
Sometimes we are required by law to disclose or report certain information which may include details which identify you. However, this is only done after formal authority by the Courts or by a qualified health professional. This may include reporting a serious crime or identification of an infectious disease that may endanger the safety of others. Where this disclosure is necessary, only the minimum amount of information is released.
We are also required to send statutory information to the Department of Health, which is then held centrally and strictly controlled by the NHS Information Authority. This organisation takes advice from an independent board called the Security and Confidentiality Advisory Group, which reports to the government Chief Medical Officer.
There may also be occasions when the trust is reviewed by an independent auditor, which could involve reviewing randomly selected patient information to ensure we are legally compliant.
Cornwall partnership NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymized data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
You can also find out more about how patient information is used at:
www.hra.nhs.uk/information-about-patients (which covers health and care research); and
understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.
Some health records are needed to teach student clinicians about rare cases and diseases. Without such materials, new doctors and nurses would not be properly prepared to treat you and others. It is also possible that individuals, such as student nurses, medical students and healthcare cadets, are receiving training in the service that is caring for you. If staff would like a student to be present, they will always ask for your permission and you have the right to refuse without this effecting the care or treatment that you are receiving.
We also undertake clinical research and audits within the trust, and your permission may be required for some of this work. If you agree to be involved, a full explanation will be given and your consent will be obtained before proceeding. Your consent may not be required if the information being used has been anonymised. This means that it cannot be used to identify an individual person.
You have the right to refuse (or withdraw) consent to information sharing at any time. This is also referred to as ‘opting out’. If you choose to prevent your information from being disclosed to other authorised professionals involved in your care, it might mean the care that can be provided is limited and, in certain circumstances, it may not be possible to offer certain treatment options. The possible consequences of withholding your consent will be fully explained to you at the time should this situation occur.
You also have the right to ‘opt out’ of having your information used in any mandatory audits which the trust is subjected to. If this is the case, you should write to our Information Governance team with your name, address, date of birth and hospital number or NHS number.
Under the terms of the Data Protection Act 2018 and the General Data Protection Regulations 2018, you have the right to request access to the information that we hold about you.
To support you through the process, we have a policy on the Trust website, available at: Subject Access Request Policy and Procedure
You can also request further information or an application form, by one of the following means:
Post: The Subject Access Request Team, Cornwall Partnership NHS Foundation Trust,The Kernow Building, Wilson Way, Pool, Redruth, CornwalL, TR15 3QE
Tel: 01209 204010
If you have any queries or concerns regarding the information that we hold about you or you have a question regarding this privacy notice, please contact our Information Governance team:
Post: Information Governance Department, Cornwall Partnership NHS Foundation Trust, Suite 6, Carew House, Beacon Technology Park, Dunmere Road, Bodmin, Cornwall, PL31 2QN
Tel: 01208 834495
All our records are destroyed in accordance with the Records Management Code of Practice 2021; A guide to the management of heatlh and care records, which sets out the appropriate length of time each type of NHS record is retained. We do not keep your records for longer than necessary.
All records are appropriately reviewed once their retention period has been met, and the Trust will decide whether the record still requires retention or should be confidentially destroyed. All decisions and destructions will be documented.
You have the right to make a complaint if you feel unhappy about how we hold, use or share your information. We would recommend contacting our Information Governance team initially to talk through any concerns that you have.
It may also be possible to resolve your concerns through a discussion with our Patient Advice and Liaison Service (PALS) before (or without the need to start) a more formal process:
Address: Patient Experience Team, Room 11, Banham House, Bodmin Hospital ,PL31 2QT
Tel: 01208 834620
If you remain dissatisfied following the outcome of your complaint, you may then wish to contact the Information Commissioner’s Office:
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Please note that the Information Commissioner will not normally consider an appeal until you have exhausted your rights of complaint to us directly. Please see the website above for further advice.
Under data protection laws, providers are required to be clear with people about how and why any data they hold on them might be accessed and used. This is often done through privacy notices on websites. We would encourage providers to ensure that notices of this type include reference to CQC and a link to our privacy notice, as we may access care records and other personal data as part of our regulatory activity.
We will occasionally update this Privacy and Fair Collection webpage to reflect company and customer feedback. We therefore encourage you to periodically review this webpage in case of any changes.