Your Information, Your Rights
This page has been created to provide you with further information as to why Solent NHS Trust collects information about you, how this information is used and information about your rights under Data Protection Laws, such as the General Data Protection Regulations (GDPR) 2016. See how Solent NHS Trust has ensured compliance with the new regulations and what it plans to do to ensure continued compliance.
Covid Enquiry - How does the enquiry effect your data?
Solent NHS Trust is committed to supporting the Covid enquiry and the NHS’s position of being open and transparent with the public. As a result we may be required to retain documents beyond their normal retention periods, as defined by the NHS Records Management Code of Practice. The following legal basis will be used to support the retaining of such information and the sharing of information with the enquiry;
- GDPR Article 6(1)(c) – Processing is necessary for compliance with a legal obligation. The Obligation being Section 21 notice to produce documents for the enquiry, creating a statutory obligation to disclose
- GDPR Article 9(2)(g) and paragraph 6 of Schedule 1 Data Protection Act 2018 – processing necessary for reason of substantial public interest for exercise of a function conferred on a person by an enactment
The following information is likely to be retained and / or shared with the public enquire
- Information relating to covid care
- Information relating to impact on service delivery
- Information relating to covid related incidents
Any data retained, passed its normal retention period, will be removed from its normal location within the Trust (either physical paper location or digital location) and restricted to those involved in the disclosing of information for the enquiry.
At the end of the enquiry, any data that has surpassed its normal retention period, will be securely destroyed in accordance with the Trust’s Data Protection Policy.
Should you have any enquires relating to either the covid enquiry itself or the processing of your information, inclusive of your rights to restrict processing or deletion of records, please direct these to the Trust’s Data Protection Officer via InformationGovernanceTeam@solent.nhs.uk
Ms Nicola Burnett Chief Financial Officer 03001233390 |
Dr Daniel Bayliss Chief Medical Officer CaldicottGuardian@solent.nhs.uk 03001233390 |
Mrs Sadie Bell Data Protection Officer and Head of Information Governance & Digital Security Information Governance 03001233390 |
Please see below for definitions of terminology used throughout this page;
- Personally Identifiable Data and Special Category Data
- Data Subject
- Data Controller
- Data Processor
- Third Party/ Parties
Under GDPR data subjects (individuals) have eight specific rights..
1. The right to be informed
Individuals should be informed of how their data will be used. This applies to both patient and staff data. For more information on how data is used, please refer to Solent NHS Trust's Privacy Notices
2. The right of access
Individuals have the right to access their personal data, which is referred to as a Subject Access Request (SAR).
All requests of this nature should be submited to the Information Governance Team.
Find out how to request your information.
3. The right to rectification
Personal data can be rectified if it is inaccurate or incomplete.
Find out more about your right for data held about you to be rectified and destroyed
4. The right to erasure
This is often referred to as the “right to be forgotten”.
This right only applies in certain circumstances;
- the basis for lawful processing is consent and the this has been withdrawn and there is no other legal ground for processing
- the individuals whose data is being processed objects and there are no overriding legitimate grounds
- the personal data has been collected in relation to information society services
- the personal data is no longer necessary for the purposes for which it was collected for
Find out more about your right for data held about you to be rectified and destroyed
5. The right to restrict processing
Individuals have the right to require organisations to restrict processing where:
- accuracy is contested by the individual
- processing is unlawful and the subject opposes erasure
- the organisation no longer needs the data, but the subject requires it to be kept for legal claims
- the individual has objected, pending verification of legitimate grounds.
If you feel this is the case, please contact the Information Governance Team.
6. The right to data portability
7. The right to object
Individuals have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/ exercise of official authority (including profiling)
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics
8. Rights in relation to automated decision making and profiling
Profiling analyses aspects of an individual’s personality, behaviour, interests and habits to make predictions or decisions about them.
Automated decision-making is the process of making a decision by automated means without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data.
Automated decision-making often involves profiling, but it does not have to.
Information about your health and care helps Solent NHS Trust and our healthcare partners to improve your individual care, speed up diagnosis, plan your local services and research new treatments.
As a result of these changes, you can choose whether your confidential patient identifiable information is used for clinical research and planning.
- An easy guide to how your data is used*
- Care and Health Information Exchange (CHIE)
- Patient Information Sharing Poster
- SystmOne Patient Leaflet (Patient Records)
*Under development
How is your data used?
The below identifies a number of ways in which your data maybe used
* Please be advised this section of our website is currently under construction
* Please be advised this section of our website is currently under construction
* Please be advised this section of our website is currently under construction
* Please be advised this section of our website is currently under construction
Trust Privacy Notices
A Privacy Notice is a statement made to an individual (data subject) that describes how the organisation collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy policy.
Below provides a list of System and Service specific Privacy Notices; This will allow you to have greater insight and knowledge into how Solent NHS Trust maybe processing your data.
If you wish to obtain a verbal privacy notice, please contact the Trust's Information Governance Team on 0300 123 3919, who will work with you to provide this. Please note the Information Governance Team are available 9am - 5pm, Monday to Friday (excluding Bank Holiday's.
* Please be advised this section of our website is currently under construction
* Please be advised this section of our website is currently under construction
Healthy.io Privacy Statement: ACR project for patients with diabetes
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and confirm that you wish them to send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care. Further information about this is available at: http://bit.ly/uACRtest.
Data Provision Notice (DPN) for GP Data for Planning and Research: Legal Direction (England)
NHS Digital has issued a Data Provision Notice (DPN) on 12 May 2021 to all practices in England notifying them of their intention to begin extracting data as part of the GP Data for Planning and Research (GPDPR) programme. GPDPR is the successor to the GP Extract Service (GPES) and it is a legal requirement for practices to comply with the DPN.
Below are some key documents / links:
- Data Provision Notice (DPN) Privacy statement https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/gp-privacy-notice
- Patient information on GPDPR Transparency notice https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-research/transparency-notice
- Prison Healthcare Privacy Notice
- Prison In-Reach Sexual Health Clinics Privacy Notice
- Confidentiality
- Online shop
- PHR
There may be times when we share anonymised patient information as case studies, to provide quality oversight and learning both within the Trust and with our commissioning colleagues.
- Staff Information
- Employee Disability and Neurodivergent Advice (EDNA) Service
- National Fraud Initiative (staff information)
- Occupational Health Information
- Oleeo (Solent NHS Trust Recruitment System)
- Volunteer's Information
Flu / COVID Booking System - Solent NHS Trust Staff and Working Partners Only
The Flu / Covid Booking System is a Microsoft booking system, with high level security, access controls and encryption. The system is used by Solent NHS Trust Staff and Working Partners, when booking appointments for either vaccinations. You will be asked to provide your name and work contact details; this is so that we know who will attend the booked clinic slot and we have a way of contacting you should your appointment need to be changed. You will also in addition be asked for your NHS Number, so that we can identify you on NHS England's NIVS system and any known allergies / pregnancy, to ensure that you are safe to receive the flu vaccine. This booking system is not linked to your flu / Covid form which is held within the Occupational Health records storage system.
Solent NHS Trust is responsible for (Data Controller) the processing of your information, in reference to your appointment booking only. Solent NHS Trust will ensure that only relevant Health Care Professionals, overseeing the administrating of your vaccine, are in possession of your information.
Please also be advised that Solent NHS Trust is administrating this vaccine on behalf of NHS England, who are acting as Data Controller, for information recorded in providing your vaccine. NHS England requires all organisations administrating this vaccine, to record the outcomes and information about yourself, on the National Immunisation, Vaccination System (NIVS). Information on how your data is processed can be found here: https://www.england.nhs.uk/contact-us/privacy-notice/national-flu-vaccination-programme/
Information Governance Team
Solent NHS Trust Headquarters
Highpoint Venue
Bursledon Road
Southampton
SO19 8BR
03001233919