Data Protection – What Happens to my Information?

Data Protection – What happens to my information?

What kind of information does the NHS collect about me?

  • Name, address, date of birth, NHS number and next of kin
  • Contacts we have had with you, such as clinic visits
  • Details of diagnosis and treatment
  • Allergies and health conditions

We have no right to ask you about information which is not relevant to your care.

Why do they collect information about me?

To help me

  • Accurate up to date information helps us provide the right care.
  • Full information is available should you see another doctor, or be referred to a specialist or another part of the NHS

To help the NHS

  • Prepare statistics on NHS performance
  • Audit NHS services
  • Monitor how we spend public money
  • Plan and manage the health service
  • Teach and train healthcare professionals
  • Conduct health research and development

Who sees my information?

The information you provide will be recorded in paper file and on a computer. Access to these records is strictly controlled and logged.

We are required by law to report certain information to the appropriate authorities. This is only provided after permission has been given by a qualified health professional. Occasions when we must pass on information include:

  • A notification of new birth
  • Where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles.
  • Where a formal court order has been issued
  • Solicitors or Insurers might ask for records or a medical report and in this case, your signed consent is needed before any disclosure is made.

You may be receiving care from other people as well as the NHS:

  • Social Services
  • Education Services
  • Local Authorities

We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it.

How my medical records are kept secure?

Everyone working for the NHS has a legal duty to keep information about you confidential and secure under the Data Protection Act 2018 and the Caldicott principles. We use the minimum amount of information required to inform the people who need to know to provide you care.

Anyone who receives information from us is also under a legal duty to do the same and has a confidentiality clause in their contract. Breaking those rules can result in being dismissed.

How do I access my health record?

Any request for access to healthcare records should be sent to

Alternatively, please send requests for access to health records to:

Governance Support Unit
Ground Floor
Trinity House
Sandwell General Hospital,
West Bromwich,
B71 4HJ

Or telephone: 0121 507 5836

You have a right to see your health records and receive a copy, however an administration charge may be made.

How can I ask about other information?

For other information please visit the Freedom of Information page:

Our Data Protection Officer

The Trust’s Data Protection Officer can be contacted at:

Email address:

Trust Headquarters, Health and Wellbeing Centre, Sandwell General Hospital, Lyndon, West Bromwich B71 4HJ