We are committed to ensuring that the confidential information of the people we serve remains safe at all times.

How our data security is assessed

Our Trust completes a Data Security & Protection Toolkit every year - a self assessment toolkit which allows us to demonstate what steps we take to ensure we look after patient and staff data. 

NHS Trusts tend to average around 80% of the Toolkit completed (source: IG Toolkit 18-19). This Trust has increased its completion from 98% in 2017/18, to 100% in 2018/19 and again in 2019/20. This keeps us at the forefront of trusts of our kind for the fourth consecutive year and maintains our overall rating of ‘satisfactory’, the highest-possible rating.

When we work with your personal data, you can be assured that it will be within the legal remit of the GDPR (as enacted by the Data Protection Act 2018), the NHS common law duty of confidentiality and the Human Rights Act 1998.

This means that, when the Trust accesses your medical information, it will only do so with a valid legal reason. We may share the information but only in an appropriate way, and with a valid legal reason. In addition, sometimes the Trust may use data it holds about patients for other purposes. These include:

  • reviewing and improving the quality of care we provided
  • researching what treatments work best
  • commissioning clinical services.

In all of these cases, the confidentiality of patients is protected by removing any identifiable information. These secondary uses of data are essential if we are to run a safe, efficient, and equitable health service.

The Trust recognises the need for data protection to be at the centre of our processing activities and business practices. The GDPR, as enacted by the Data Protection Act 2018 states that the Trust must:

  • Put in place appropriate technical and organisational measures designed to implement the data protection principles
  • Integrate safeguards into processing so the Trust can meet the GDPR’s requirements and protect individual rights.

The page on sharing data details the considerations we make when deciding whether and how the data is shared, however this is only part of the data protection by design and default.

When new technologies are investigated, the protection of data is considered. When new ways of working are considered, the protection of data is considered. The default is anonymisation of data wherever possible, however the Trust also considers pseudonymisation and has a policy in place to pseudonymise the data if required.

In order for you to receive the best possible care from our Trust, we process information on all service users. In order to do so we must comply with the Data Protection Act 2018. The data held must only be used for specific purposes allowed by law.  The Your information, Your rights leaflet is a brief guide to:

  • what information we collect about you and why it is held
  • how we record your information
  • how we keep your information safe
  • how and when we share your information
  • how you can access your records
  • how to obtain further information.

Alongside the ‘Your Information, Your Rights’ information leaflet, the Trust has a Data Protection Policy which also details how we process your personal data. You can view this policy by making a Freedom of Information request.

We value the role that families and carers play as partners in care. We want to support this role, and work with them. Sharing information is a key part of how we provide better, more effective services that are co-ordinated around the needs of the person. We encourage the sharing of information wherever possible, while respecting an individual’s right to confidentiality.

Information sharing is particularly important for those we are supporting through the Care Programme Approach. Learn more about this on our Core Care Standards page – see the ‘families and carers’ section.  

Third parties

In addition, we may share your data with third parties: other health care providers, or for research and planning purposes, for example. If you would like to know more, or if you are looking to share information with us, please visit our 'sharing data' page.

The Trust follows the standard NHS approved procedure for records management. You can learn more about these on the NHS England website.

Please read our disclaimer and privacy statement on the ‘using this website’ page.

Data security and protection documents