Privacy Policy

This privacy notice explains what to expect when South West London and St George’s Mental Health NHS Trust (SWLSTG) collects and processes your personal information.  It describes what information we record about you, how we keep it, how long we keep it for and who we may share your information with and the legal basis for this.  It also explains your rights regarding your information and how you can apply to see it.

 

We aim to provide you with safe and effective healthcare. To do this we have a legal duty to keep records about you, your health and the care we provide you.

 

How is the confidentiality of your records maintained?

SWLSTG is committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018 (DPA 2018) which includes all aspects of the General Data Protection Regulation (GDPR)  and is regulated in the UK by the Information’s Commissioner’s Office. Additionally we abide by the Human Rights Act 1998, the Common Law of Confidentiality and the NHS Code of Confidentiality and Security.

 

What information do you keep about me?

  • We keep personal information, such as your name, address, date

of birth, NHS number and GP to ensure that your health care information is recorded correctly in your health record.

  • We keep information about your health problems and the care you have received from us in your health record.
  • When you meet a member of your care team, for example for a consultation or therapy session, a record of what you discussed and any decisions made will be added to your healthcare record.

Why do you keep this information?

Accurate and up-to-date information about you is very important so that we can look after you safely.  It means that we can assess and meet your needs without asking you the same questions every time we meet you or if you see someone different.

 

What is your legal basis for processing my information?

Under the Data Protection Act 2018 we rely on the following legal basis to process your health information for your direct care:

 

Chapter 2 (Section 8) - processing is necessary for the performance of a task carried out in the public interest

 

Chapter 2 (section 11.1) – processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or contract with a health professional.

Members of the team caring for you will have access to your information if it is necessary and on a need to know basis.

 

We have a duty of care to inform your GP/referrer concerning the assessment and care we provided to you. 

 

We may share your information for direct care purposes with other professionals in local hospitals, social care teams and GPs who you may see for your health and social care needs. 

 

Health and care staff working in south west London boroughs for which our Trust provides mental health services – Wandsworth, Kingston, Richmond, Sutton, Merton – now have better access to more accurate information, so they can provide safer, faster and more effective care and support.

 

We may also share information with one of our team of multi-faith chaplains should you require spiritual guidance.

 

In some cases, your health records belonging to different organisations have been linked together so that relevant information about you can be safely shared between the staff who need it across south west London – for example:

 

Kingston Care Record

A confidential electronic record of your health and social care maintained by NHS providers in the London Borough of Kingston. This project means that authorised staff looking after you will have the most up-to-date information when they need it.  Find out more about the Kingston Care Record:

http://www.kingstonccg.nhs.uk/local-health-services/kingston-care-record.htm

 

South West London Health & Care Partnership – Connecting Your Care

Connecting Your Care is an initiative to share patient data between healthcare professional in separate NHS organisations for the purpose of direct care. The information shared will be proportionate and on a need to know basis only. Sharing partners will be in the catchment area of our Trust and include acute hospitals and GP practices.

 

Who can you share my information with?

Where we share information to protect you and others, for example:

  • Safeguarding teams (if a child or vulnerable adult is potentially at risk)
  • Multi-Agency Public Protection Arrangements
  • Multi-Agency Risk Assessment Conference
  • The police and others in an emergency situation

 

For these purposes we rely on the following legal basis under DPA 2018:

 

Chapter 2 (Section 8) – processing is necessary to protect the vital interests of a data subject or another person.

 

Chapter 2 (Section 11) – processing is necessary to protect the vital interest of a data subject or another individual where the data subject is physically or legally incapable of giving consent.

 

 

National Fraud Initiative (NFI) 2018/2019

South West London and St Georges Mental Health NHS Trust are required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

 

In accordance with our legal obligations as an employer, the Trust is required to share personal information about you with the Cabinet Office to ensure that public money is being spent properly. Specifically, the legal requirement lies within Part 6 of the Local Audit and Accountability Act 2014.

 

Further information can be found by following the links:

 

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/723586/Final-Payroll-Data-Spec-18-19.pdf - what information is being shared

 

and  https://www.gov.uk/government/publications/fair-processing-national-fraud-initiative -

how the Cabinet Office will process the data

 

We may share your information with a number of third parties who we commission to process data for us, for example:

 

  • To send out a large mailing of letters/information/surveys to our service users and Trust members
  • For the maintenance and technical support of our information systems
  • For the purpose of translation, interpreters and sign language
  • Recording phone calls for monitoring purposes

 

We are required to have Data Processing Agreements in place with these organisations.

 

For other purposes the Trust will only share your information with another organisation with your consent.  The Trust will seek to ensure your personal data is always used appropriately, fairly and lawfully.

 

What if I am ill and my friends or family want to see my records?

  • If you are in hospital, we will pass on very basic information to friends or family with legitimate concerns unless you ask us not to.
  • If you give us permission to share information about your health and treatment with a friend or family member, we are happy to do so.

 

Who else can see my records?

  • Staff involved with your care and treatment, may see your records.
  • All our staff abide by a strict code of conduct on confidentiality and follow our policies and procedures regarding security and confidentiality. These are part of their terms and conditions of employment.

 

What if my information needs to be shared overseas?

If your information is required to be transferred overseas, for example if you moved abroad and requested a copy of your medical records to be sent to you, we will ensure adequate data protection is in place to safeguard and protect your information in transit and we will discuss this with you to ensure that you are satisfied with these arrangements.

 

How are my healthcare records stored?

We have computer systems that store your healthcare records. We can also scan paper letters and reports into this system, so that all your information is available to the staff who work with you to give you the best care possible. 

 

All our systems are based in the UK and your information is protected to ensure that only authorised people can access it from secure computers.

 

How long do you keep my healthcare records for?

We are required by the Department of Health to keep your records for a certain amount of time after you have finished receiving care from us. This amount of time depends upon the type of care you have received from us and helps us continue your care if you need to use our services again in the future.  The retention periods are set out in this document:

 

https://digital.nhs.uk/binaries/content/assets/legacy/pdf/n/b/records-management-cop-hsc-2016.pdf

 

Can I see the information you keep about me?

 You are entitled by law to see the information we hold about you – Chapter 3 (Section 45) of the DPA 2018 applies.  Your right to see your records is known as a ‘right of subject access’. You are allowed to see any records we hold about you. However, we may remove some information if it is not your personal information. For example:

 

  • Information provided by someone else (a third party) that we cannot disclose without their permission.
  • Information that is likely to cause serious harm to you or other people.
  • It would be against the law to disclose information, such as during legal proceedings.

To download SAR form please Click Here.

 

How can I apply to see my information?

  • If you would like to see or request a copy of your records, please contact the Information Services Team at the address below.

 

Will I have to pay to see my records?

We will not charge you to see your records.  However, we may charge a reasonable administration fee if your request is very large, complex or repeated.

 

How long will it take before I receive my records?

  • We will provide your records as quickly as possible and it should take no longer than 1 month from when we receive your written request.
  • For very large or complex requests we may extend this period by a further 2 months.
  • We will provide your information to you in an electronic format.
  • We will only release your records if we are sure that you are the applicant or that you have given permission to someone else to access your records on your behalf, such as a relative or solicitor.

 

What if I am not satisfied with my application to see my records?

We want you to be satisfied with the way we look after your healthcare records and provide access to them. If you are not satisfied, first speak to a member of your care team or the team manager to discuss your concerns. If you cannot resolve your concerns in this way or would like to take the matter further, please contact:

 

Patient Experience Manager (Complaints)

South West London and St George’s Mental Health NHS Trust

Building 15

Springfield University Hospital

61 Glenburnie Road

London  SW17 7DJ

 

Tel:  020 3513 5520

Email: 

 

If you are not satisfied with the outcome of your complaint you may contact:

The Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/

or by writing to:

 

The Information Commissioner's Office,

Wycliffe House, Water Lane, Wilmslow,

Cheshire. SK9 5AF.

 

What are my rights regarding my personal information?

Unless an exemption applies under the Data Protection Act 2018, you have the following rights:-

  • To be informed about the collection and use of your personal data;
  • The right to request a copy of the personal information we hold about you;
  • The right to request that we correct your personal information if it is found to be inaccurate or out of date (speak to your health professional regarding any inaccuracies);
  • Your right to withdraw your consent to the processing of your information (but only if your consent was relied upon as the legal basis for processing your information);
  • The right to request that we provide you with your personal information and where possible, to transmit that data directly to other another organisation for you. This is known as the right to data portability, but it only applies if the legal basis for processing is based on us requiring your consent or where it is necessary for the performance of a contract with you, and we have processed the data by automated means.
  • Where there is a dispute in relation to the accuracy or processing of your personal information you have the right to request that a restriction is placed on further processing unless we have legitimate grounds to override this.
  • The right to object to the processing of personal data for the purposes of scientific/historical research and data analysis/statistics (see below - Using your information to improve our services)
  • The right to lodge a complaint with the Information Commissioners Office.
  • You right to request that your personal data is erased does not apply to health records as we have a legal obligation to hold them.
  • The right to object to any automated decision-making also known as profiling i.e. making a decision solely by automated means without any human involvement.

 

Communicating with you

If you provide us with your mobile telephone number we will send you appointment reminders unless you tell us not to.

 

If you provide us with your email address we will communicate with you by email unless you tell us not to.

 

Please ensure that you inform us if you change your mobile telephone number or email address so that you do not miss important communications from us. 

 

Do not provide an email address that you share with others as this may compromise your confidentiality.

 

Please remember to let us know if your contact details change at any time. This could be a change of name, address, or contact telephone number.

 

Using your information to improve our services

We  use information held within your records to help improve the services that we provide. We do this by collecting information from the records of groups of patients who have similar conditions or have received similar treatments, and comparing this with what we know are the best standards of care. This helps us to identify areas where we need to make improvements.

 

This process of checking care records against best practice is known as clinical audit. It is carried out by the staff who have provided you with care, or by support staff who work closely with them. They will only collect your personal identifiable information (e.g. your name, or date of birth, or postcode) to ensure they are collecting the correct information.  However, any information that can identify you as an individual is removed from the clinical audit as soon as it is possible to do so in order to anonymise the information.  Records of clinical audit are protected by NHS security measures and destroyed after five years.

 

If you would like to find out more about clinical audit, the use of information in improving healthcare, or how patients and the public can be involved in healthcare improvement, please visit the Healthcare Quality Improvement Partnership website: www.hqip.org.uk 

 

We may at times contact you to invite you to take part in surveys with a view to helping us improve our services. Your participation is entirely voluntary and unless with your specific consent, the survey will by anonymous.

 

Information on the NHS Patient Survey Programme can be found at www.nhssurveys.org/

 

Mental Health Community Survey

In order to improve the quality of service we provide to service users, the Trust commissions an annual Mental Health Community Survey from a company called Quality Health.  We provide them with contact details in order to send out survey questionnaires on our behalf.

 

Family and Friends Test (FFT)

FFT is a short survey tool used by the NHS that provides the public, patients and staff with the opportunity to provide feedback on their experience of NHS services. We may contact you and invite you to participate in FFT and to provide feedback from which we can identify what is working well, what can be improved and how. Your involvement is voluntary and feedback is anonymous, so no personal information will be stored as a result. We may employ a third party supplier to process FFT data on our behalf, and if so a contract will be put in place to ensure a legal basis exists to satisfy any requirements of the Data Protection Act 2018.

 

How the NHS and care services use your information

SWLSTG is one of many organisations working in the health and care system to improve care for patients and the public.

 

When you use a health or care service important information about you is collected to help ensure you get the best possible care and treatment. The information collected about you when you use these services can also be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatments and preventing illness.  All of these help to provided better health and care for you, your family and future generations.  Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

 

You have a choice about whether you want your confidential patient information to be used in this way.

 

To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, visit www.nhs.uk/my-data-choice .  If you do choose to opt out you can still consent to your data being used for specific purposes.

 

If you are happy with this use of information you do not need to do anything.  You can change your choice at any time.

 

 

If you have any queries relating to this privacy notice please contact the:

 

Information Governance Manager

South West London and St. George’s Mental Health NHS Trust

Springfield University Hospital

61 Glenburnie Road

London SW17 7DJ

Tel: 020 3513 6184

Email: 

Data Protection Officer

The Information Governance Manager is also the Trust’s Data Protection Officer (DPO) as defined in the GDPR and DPA 2018.

Phoning our Trust

When you phone our main switchboard (our Contact Centre) on 020 3513 5000, your call may be recorded for training and monitoring purposes. Once you have been transferred form the Contact Centre, calls will not be recorded.

 

If you would like to find out more about your rights under the Data Protection Act 2018, please visit the Information Commissioners Office website: www.ico.org.uk/for-the-public/