Privacy and Cookies

Introduction

This document summarises who we are, what information we hold about you, what we do with this information (including who it may be shared with) and how long we will keep the information for. We will also explain the rights you have in relation to the information held.

Who are we?

 Sandwell and West Birmingham Hospitals NHS Trust (SWBH) is a public, NHS organisation providing medical and health care services across a wide range of departments. We operate across a number of sites:

  • Sandwell General Hospital (West Bromwich)
  • City Hospital (Birmingham)
  • Rowley Regis Community Hospital
  • Leasowes Intermediate Care Centre

We are registered with the Information Commissioners Office (ICO), registration number Z6719634

Why do we collect information about you?

We need information about you in order to provide our services when you attend one of our sites. Information about you is used to help deliver care services and may include sharing with other organisations within Health and Social Care to ensure you receive the best possible treatment and support.

Information will also be used to support the management of healthcare systems, e.g. to ensure we are paid correctly for the services we provide or to be held accountable for the quality of our services.

We may also receive information about you from other individuals or organisations, for example when you are referred from your GP or another organisation. We need this information to be able to provide you with the most appropriate healthcare services.

What information do we use?

The personal information we use includes information that identifies you like your name, address, date of birth and postcode.

We also use more sensitive types of personal information, including information about racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic and biometric data, health; sex life or sexual orientation.

The information we use can relate to:

  • personal and family details
  • education
  • lifestyle and social circumstances
  • visual images
  • details held in the patient record
  • responses to surveys.

What do we use your information for?

The Trust may need to process your information in order to:

  • Provide healthcare services to you
  • Review our standards of care
  • Train healthcare professionals
  • Carry out audit and research
  • Manage complaints, legal claims and incidents

What is our legal basis for using your information?

As an NHS organisation we have a duty to protect your health and the health of the general public for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller as a healthcare provider.

Where we process sensitive (special category) information such as medical information we are doing so as it is necessary for the purposes of preventative medicine, medical diagnosis, the provision of healthcare or treatment or the management of healthcare systems.

As a healthcare provider we may, on occasion, have to share information when someone is at risk of serious harm i.e. to protect their vital interests.

We also have an obligation to protect the health of the general public, any processing that takes place will be for the performance of a task carried out in the public interest for reasons of public interest in the area of public health.

We may also have to process your information to comply with a court order or coroners instruction this is to comply with a legal obligation.

On rare occasions we may rely on your explicit consent as our legal basis for using your personal information.  When we do this we will explain what it means, and the rights that are available to you.  You should be aware that we will continue to ask for your consent for other things like taking part in a drug trial, or when you are having an operation.

Sharing information with others:

You may be receiving care or support from other people as well as the NHS so where necessary we will share appropriate, relevant and proportionate personal information in compliance with the law, with the following (only the minimum amount of information will be shared in accordance with legislation):

  • Other healthcare professionals (e.g. doctors, nurses, ambulance services)
  • Health and Social Care partner organisations (e.g. GP’s, social services, private sector providers)
  • Carers, guardians or others with parental responsibility
  • NHS organisations and the Department of Health for management of healthcare services
  • General Medical Council, Care Quality Commission, Audit Commission, Healthcare Ombudsman or others with statutory investigative powers
  • Government departments (e.g. Department of Health or the Home Office)
  • Solicitors, police, the courts and other parties for purposes of tribunals and enquiries.
  • Research organisations

SWBH will never share your information for marketing, social media or insurance purposes unless we have your consent to do so.

Transferring personal information outside of the UK and the EEA:

On occasion it may be necessary to transfer personal information overseas (e.g. for research or processing or for medical emergencies abroad). When this is required we will ensure that all relevant safeguards and legislation are complied with and only the minimum information required will be transferred.

How long do we keep your personal information for?

The NHS follows a comprehensive set of guidance which governs the length of time that we keep records for. SWBH comply with these retention schedules.

There may be occasions where the Trust is obliged to vary from the retention schedules (e.g. in reponse to a court order or other legal requirement).

The NHS Retention Schedules and further details can be found on the NHS Digital website:

https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016

 How do we protect your personal information?

SWBH takes our duty to protect your information and confidentiality seriously. All our staff follow the NHS Code of Confidentiality and undertake annual training in data security.

We have appointed a Data Protection Officer who, along with our Caldicott Guardian and Senior Information Risk Owner are responsible for the management and protection of personal information within SWBH.

Everyone working for the NHS is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised, unless it is required or permitted by the law.

We have control systems in place to allow only those with a reason to access your medical records are able to do so.

Your rights:

Unless subject to an exemption you have the following rights with respect to your personal information:

  • The right to request a copy of the information that SWBH holds about you (we must provide this information free of charge, however we can charge a reasonable fee if you request the same information more than once or your request is considered excessive or unfounded)
  • The right to request that any inaccurate information is corrected
  • The right to withdraw consent for processing of your information (if consent was previously given)
  • The right to object to the processing of personal information
  • The right to request that SWBH provide you with your personal information and, where possible, transmit the data directly to another organisation, where your information has been processed with your consent
  • The right to lodge a complaint with SWBH
  • The right to lodge a complaint with the ICO
  • There are other rights under current data protection law, however these rights only apply in certain circumstances.

More detailed information on your rights can be found on the ICO’s website:

https://ico.org.uk/for-the-public/
Where can you get further information?

If you have any queries, comments or concerns please contact SWBH’s Data Protection Officer:

Email: gdpr.swbh@nhs.net

Telephone: 0121 553 1831

Cookies
To comply with EU legislation we are required to tell you about the cookies used on this website. We use cookies because we want you to find the information you need as quickly and easily as possible.

A cookie is a small text file that is placed on your computer when you visit a website. Cookies help websites function usefully and can provide information to website owners. They do not not place viruses on your computer and cannot run programs.

Our cookies do not provide us with any private or personally identifiable information about you. Any data gathered is anonymous.

Some of the cookies we use collect information about how visitors use our site. For example, one of our cookies counts the number of visitors to the site and notes which pages they visited. This anonymous information helps us to compile statistical reports, which can help us to improve the site.

Your web browser gives you the ability to accept or decline cookies. Generally, web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, some useful features of this website will not work.

For example, there is the option to view this website as text only, with no graphics. The “useTextOnly” and “setString” cookies remember that you have chosen to view this site with no graphics. If you choose to decline cookies you will have to select the text only option every time you view a new page.