Our Commitment to your Data Privacy and Confidentiality
We are committed to protecting your privacy and will only process personal confidential data lawfully and in accordance with the Data Protection Act 2018 incorporating the General Data Protection Regulations (GDPR), The Privacy and Electronic Communications Regulations (PECR) the Common Law Duty of Confidentiality and the Human Rights Act 1998.
MKUH is a Data Controller under the terms of the Data Protection Act. We are legally responsible for ensuring that all personal information that we hold and use is done so in compliance with the law. All data controllers must ensure they are compliant with the Data Protection Act 2018, further details can be found on the Information Commissioner’s website www.ico.org.uk
Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee, the NHS Constitution, the Health and Social Care Information Centre Guide to Confidentiality, and the NHS Confidentiality Code of Practice provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and well being.
If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health. This is an important part of our processing as it ensures that the NHS keeps improving its standards and treatments.
We will not share information that identifies you unless we have a fair and lawful basis on which to do so:
• For Direct Care care purposes to ensure your safe care and treatment
• To protect children and vulnerable adults;
• When a formal court order has been served on us;
• When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
• Emergency Planning reasons such as for protecting the health and safety of others;
• When permission is given by the Secretary of State for Health or the Health Research Authority (HRA) on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals.
We also anonymise information for Indirect Care so that we can:
• Review current practice to provide high quality care
• Review our planning and services so that we meet patients expectations and needs
• Prepare statistics and “performance” figures
• Safeguard the heath of the general public
• Medical Research
• Auditing and statistics
• To provide training and continuing education for our staff