What is a Privacy Notice?
A Privacy Notice describes how organisations use personal information. This leaflet describes how Tees, Esk and Wear Valleys NHS Foundation Trust (TEWV) uses your personal information to deliver healthcare. This privacy notice is for patients.
Personal information is information that identifies you as an individual. This leaflet answers key questions about how the Trust uses (processes) your personal information. Data protection laws control the use of personal information of living individuals.
Read a short version of this privacy noticeKey information
Tees Esk and Wear Valleys NHS Foundation Trust is a Controller under data protection law.
Data Protection Officer:
Head of Information Governance, Information Governance Department, Tarncroft, Lanchester Road Hospital, Lanchester Road, Durham, DH1 5RD.
Purpose of processing:
We deliver a range of community and inpatient care across adult mental health, learning disabilities, children and young people’s services, mental health services for older people and secure inpatient services. Geographically we’re one of the largest NHS Foundation Trusts in the country, spanning County Durham and Darlington, Teesside, North Yorkshire and York and Selby. We work in partnership with local authorities, clinical commissioning groups, voluntary organisations and the private sector.
Lawful basis for processing:
Article 6(1)(e) The performance of a task carried out in the public interest or in the exercise of official authority.
Article 9(2)(h) Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.
Retention of information:
We hold adult service user records for 20 years after last contact.
Overseas transfer:
Data is not routinely transferred outside the UK.
Data Protection Officer contact details
Organisations that use personal information are known as Controllers. Tees, Esk and Wear Valleys NHS Foundation Trust is a Controller. Organisations that are controllers have a Data Protection Officer. The Data Protection Officer has expert knowledge and they make sure that personal information is used according to the law. The Data Protection Officer for Tees, Esk and Wear Valleys NHS Foundation Trust is:
Andrea Shotton
Head of Information Governance Information Governance Department
Tees, Esk and Wear Valleys NHS Foundation Trust
Tarncroft
Lanchester Road Hospital
Lanchester Road
Durham DH1 5RD
Telephone: 0191 333 6574
Email: [email protected]
More information about contact details
Further information about TEWV can be found at the Trust’s website.
The Data Protection Officer is the point of contact between the Controller and the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Why do you hold and record information about me?
The Health and Social Care Act 2012 and the Care Act 2014 are the laws that tell us we have to keep records about the care and treatment you receive.
Health and Social Care organisations are public authorities that use personal information to deliver appropriate treatment and care specific to individual’s needs. These organisations use personal information to make sure:
- Service users receive the best possible care and treatment;
- Those involved in your care have accurate and up-to-date information to help them provide the best care for you;
- Full information is available should you see another doctor, be referred to a specialist or another part of the NHS;
- That, should you have a problem or concern, your care record will help with any investigation.
More information about why we hold information
TEWV is a public authority and we have to use personal information to carry out our public authority duties. Our lawful basis for processing personal information is ‘for the performance of a task carried out in the public interest or in the exercise of official authority’. Refer to Article 6(1)(e) – Lawfulness of processing of the General Data Protection Regulation (GDPR).
We deliver care and treatment to improve health so we collect information about your mental and physical health. This is classed as ‘special’ information which means we also rely on Article 9(2)(h) of the GDPR for lawful processing.
We do not need your consent to use your personal information for the delivery of direct care because we are an NHS Trust. We use personal information because it is necessary for us to use this to carry out our activities as an NHS organisation.
What information do you record about me?
We record various items of information about you which will include:
- Basic details about you, such as your name, date of birth and address;
- Contacts we have had with you; scheduled and unscheduled appointments;
- Details about your care; treatment and advice given and referrals made;
- Results of investigations, e.g. blood tests;
- Relevant information from people who care for you and know you well.
- Phone calls received from third parties who are concerned about you such as your relatives and friends.
The information listed above is known as ‘primary data’ and is collected and used for healthcare and medical purposes. This will directly contribute to your treatment, diagnosis or care. It is also used by administrative staff within the organisation to ensure we maintain high standards in delivering health or care services.
We also collect and use ‘secondary data’ for non- health or care purposes. This includes research, audits, service improvement, commissioning and contract monitoring. When personal information is used for secondary use this will be de- identified.
Some of the items of information that we record about individuals will be classed as ‘special’. Special categories of personal data are:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Health information (physical and mental health information)
- Sexual orientation
- Genetic data (ie, about the genes in your body, DNA) and biometric data (eg, fingerprints, iris patterns, facial geometry)
We may also hold information about your criminal convictions and offences where relevant.
Records may include information reported by or about another person which the clinician or social care professional thinks is important enough to be included. (Professionals often call this ‘third party’ information). If there is information about someone else or supplied by someone else in a record, it should be clearly marked.
Health and social care records contain facts, but also opinions, judgements and decisions made based on the information the care professional knows at the time. In healthcare, making a diagnosis often happens in steps rather than a single event, and health professionals need to be able to record their thoughts at a particular time, even if the ‘facts’ are not totally clear. It can be easy for opinions and facts to be confused. Professionals should make it clear in the record which information is there not as confirmed facts, but to help the diagnosis and treatment.
If you provide personal information to us about other individuals you should inform the individual about the contents of this notice. We will process such information in accordance with this notice.
More information about the information we have on record
If you want to find out more about de- identified data go to the Information Commissioner’s Anonymisation Code of Practice which is published on their website.
Anonymised data
This refers to data where individuals cannot be identified because all identifiers have been removed.
Pseudonymised data
Pseudonymisation is a process that removes the NHS number and any other identifiable information such as name, date of birth or postcode, and replaces it with an artificial identifier, or pseudonym. Data which is pseudonymised is effectively anonymous to the people who receive and hold it.
Who do you share my information with?
We may share your information with a variety of organisations to make sure you receive the appropriate care and treatment for your needs. We do not need to ask for your permission (consent) to do this as it is considered to be for the purposes of ‘direct care’ and that consent is ‘implied’.
We will share your information internally between our own teams and also externally with other organisations such as:
- NHS Trusts (Acute Health/Mental Health)
- General Practitioners (GPs)
- Private care providers
- Local Authorities
- Integrated Care Systems (previously Clinical Commissioning Groups)
- North of England Commissioning Support
- Other NHS organisations
In some limited circumstances we may share your personal information to ensure the safety of you or other individuals. For example, we may share some of your information with the Police if you commit a serious crime.
If English is not your first language then we may have used an interpreter in any clinical contact we have had with you. You will already be aware of this. If we have written to you in any language other than English then we will have used a translation organisation to write to you in the language that you use. If we have done this then the organisation we use will have a copy of the information. The organisation will only hold on to this information for two weeks.
We may share your information with other organisations for other purposes – this is known as ‘indirect care’. When we do this we will ask for your consent. Your consent is only valid if it is freely given, specific, informed, unambiguous and you have given a clear indication that you agree to how we will use your personal information. You may withdraw your consent at any time.
If you want to know exactly who we’ve shared your information with you will have to access your own records. Refer to the section on ‘What are my rights under the Data Protection Act – Right of Access’.
If you object to information sharing with specific individuals or organisations please discuss this with the clinician providing your care.
More information about who we share your information with
‘Direct care’ is defined as “A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. It includes supporting individuals’ ability to function and improve their participation in life and society. It includes the assurance of safe and high-quality care and treatment through local audit, the management of untoward or adverse incidents, person satisfaction including measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care.”
(NHS Digital ‘A guide to confidentiality in health and social care: references’)
Legal Aspects of Consent
General Data Protection Regulation Article 4 (11), Article 6 (1) (a), and Article 7 (1-4)
Will you share my personal information for research purposes?
High-quality research evidence underpins all our clinical services and our aim is to establish a culture of appreciative enquiry within the Trust to improve the quality and value of care for our own patients, as well as to contribute to the worldwide evidence base for better mental health care.
TEWV will only carry out legitimate research in the public interest and if you are identified as a possible candidate, we will always ask you if you would like to participate. We will not screen those service users who have chosen not to share their data on NHS Digital’s National Data Opt-Out. You don’t have to take part in our research and it will not affect your care and treatment if you choose not to. If you do take part and then change your mind, you can withdraw your consent at any time.
The CRIS system
To further support our research the Trust is now a member of the CRIS network. CRIS stands for the Clinical Record Interactive Search system.
This is an advanced system which helps us look for trends and other useful information in patient records which may help us with research and patient care.
The system is provided by a company called Akrivia Health, with whom we have a contract. Akrivia are our data processor, which means they process data on our behalf and only as instructed by us.
The CRIS network enables a group of several UK mental health trusts to collaborate on innovative new research projects by pooling data to create one of the largest sets of patient data ever assembled (containing over 3 million records). If you would like to know who is currently participating please contact the TEWV research team.
What data do we collect and use?
We use data from the electronic health records of our patients. This includes information like your NHS number, diagnosis, symptoms, and medication. It can also include information from clinical letters, test results, and assessment forms.
How do we comply with data protection law?
Data protection law requires us to have a ‘legal basis’ for using personal data. Our legal basis is that the research is a ‘task carried out in the public interest or in the exercise of official authority’. The data we process is called ‘special category data’ because it relates to health. As an extra safeguard we need a second legal basis in data protection law, which is that the use of data relates to scientific research.
CRIS is a safe and secure system. It transforms clinical information so that it is anonymous. We identify all the fields where identifiable data is recorded and ensure that it is modified so that you cannot be identified. We do this by either removing, masking or modifying any information which can identify you.
This de-identified data can then be used for research purposes using specialist software that enables research to be undertaken at a scale and pace never possible before. By looking at real life situations in large quantities it makes it easier to see patterns and trends e.g., what interventions work for some and don’t for others. This can help us to develop new understanding about mental health problems and care delivery, and establish whether research studies and clinical trials are feasible.
CRIS uses a powerful new technology called “natural language processing” which can be used to extract useful information from unstructured text-based notes (which can make up to 75% of a patient record). This makes a huge amount of information much more accessible for patient care and research purposes.
As well as research, CRIS data can be used to analyse how services are performing and to assist with clinical audit.
Access to CRIS data is strictly controlled and managed by a governance group which includes staff, patients, and carer representatives. Researchers must apply to access the data and all applications must demonstrate clear and justifiable reasons. The merits of each request will be carefully considered by the governance group and if access is granted this will be carefully monitored.
The level of de-identification depends on what we want to do with the data. For example, if your date of birth was 01/04/94 CRIS could show this as xx/xx/xx but if we wanted to analyse data by age, we could show this as 04/94. In another situation, we may want to look at some data geographically, so could show your postcode as TS5 XXX, but we would never include your full postcode or other details of your address.
Do you share my personal data?
Our contract ensures that Akrivia only act on our instruction when they process your data and all data is anonymised.
We are also part of a data sharing agreement with other healthcare organisations in the CRIS network. This means that researchers at other organisations can ask us to share data with them, and that our researchers can ask other organisations to share data with us. Any requests for data that we receive must still be authorised by the governance group
We believe that the CRIS system will make a real difference to future treatments and patient care and will improve patient experience, safety, and health outcomes.
If you object to the use of your personal data for research purposes, you can use NHS Digital’s National Data Opt Out system to set your preferences. Opting out of using your personal information for research purposes will not affect the care and treatment we will give you and you are still able to agree to participate in any local research studies which may interest you.
If you would like more information about the CRIS system and research in general, please visit the TEWV Trust website
NHS National Data Opt Out
Whenever you use a health or care service, such as attending Accident & Emergency, using Community Care services or accessing Mental Health services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- Improving the quality and standards of care provided
- Research into the development of new treatments
- Preventing illness and diseases
- Monitoring safety
- Planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
TEWV Trust is compliant with NHS Digital’s National Data Opt-Out policy.
More information about NHS National Data Opt Out
View NHS National Data Opt Out Programme
NHS England is the national information and technology partner to the health and care system. They use digital technology to transform the NHS and social care.
National Data Opt-Out
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set or change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
- https://www.hra.nhs.uk/information-about-patients/ (for health and care research); and
- https://understandingpatientdata.org.uk/what-you-need-know (for how and why patient information is used, the safeguards and how decisions are made).
Opting out of shared care records
The Trust aims to participate and provide data into two shared care records:
- The Great North Care Record (GNCR)
- Yorkshire and Humber Care Record (YHCR)
It is your choice to be part of the GNCR and YHCR.
All healthcare records are strictly confidential and can only be accessed by clinical and care staff who are directly involved in patients’ care.
Shared care records hold certain information about patients and service users such as:
- Contact details
- Diagnosed conditions
- Medication
- Allergies
- Test results
- Referrals, clinical letters and discharge information
- Care plans
Everyone living in the North East and North Cumbria is automatically opted in to their medical record being accessible via the GNCR unless you have previously opted out of sharing GP records.
If you are happy for your records to be available, you don’t need to take any action.
To opt out of the GNCR, you can either:
- Speak to their helpline team on 0344 811 9587
- Email the team at [email protected]
- Complete this online form
Yorkshire and Humber Care Record (YHCR)
YHCR allows healthcare staff within the Humber, Cost and Vale health and social care community to share information about patients.
If you have any queries or would like to object to your Yorkshire and Humber Care Record being shared, you can:
- Contact 0113 20 64 102, or
- Write to:
Yorkshire and Humber Care Record
Leeds Teaching Hospitals NHS Trust
St James University Hospital
Lincoln Wing/Chancellor Wing Link Corridor
Beckett Street
Leeds
LS9 7TF
More information about opting out of shared care records
You can find out more about the Great North Care Record by visiting their website. On this website, you can find out more about the benefits of sharing information, what information will be shared and which NHS organisations are involved.
You can also find more information about opting out and how your information is protected.
You can find out more about the Yorkshire and Humber Care Record by visiting the website. Here you will find out what the YHCR is and who is involved, as well as information to help you understand your information rights.
Will you transfer my personal information overseas?
We do not routinely transfer personal information to countries outside of the European Union (EU). This is checked yearly through a process called information mapping. If we need to transfer your personal information to a country overseas we will make sure your information is safely protected. If we do transfer your personal information outside of the EU we will tell you about this.
How long will you keep my personal information?
Organisations must not retain (keep) personal information for longer than is necessary. All records have a minimum retention time. Different types of records have different retention times. For example:
- Mental health records are kept for eight years after death
- Adult mental health records are kept for 20 years after last contact
- Records for service users with a learning disability are kept for the lifetime of the individual
- Children’s records are kept until their 25th or 26th birthday depending on their age at conclusion of treatment
NHS records retention times are published on the NHS Digital website. Local Authorities set their own retention times although some may apply the NHS records retention times – refer to above NHS retention schedule.
What are my information rights?
The law provides you with rights that give you some control over the use of your personal information, as follows:
Right to information
You have the right to ask if your personal information is being processed by Tees, Esk and Wear Valleys NHS Foundation Trust or another organisation that works alongside us (a third party processor). Please write to the Data
Protection Officer to request this information. You may request a copy of the information and find out why your personal information is being used.
Right of access
You have the right to see or be given a copy of your personal information. To do this you will need to make a Subject Access Request (SAR). Send your request to the Data Protection Officer. We will aim to respond to your request within one month from the receipt of your request. If your health or care history is long and complex we may take longer to provide you with the information. If this is the case will let you know once we have assessed your request. There is no charge for accessing your personal information.
If you make a large number of requests or it is clear that it is not reasonable for us to comply then we do not have to respond.
If several health and social care organisations have contributed to your treatment and care you will have to make separate Subject Access Requests to each of these organisations.
Information may be withheld from you if the organisation believes that releasing the information could cause serious harm to you or others.
Information may also be withheld if another person (ie, third party) is identified in the record, and they do not want their information disclosed to you.
More information about right of access
The Information Commissioner’s website offers more information about Subject Access Requests.
If you want to access more general information about the organisation you may wish to submit a request for information under the Freedom of Information Act. Please submit your request to the Trust’s membership team.
Right to rectification
You have the right to have inaccurate information corrected. This also includes making sure that incomplete information is added to, to make it complete. If you wish to have incorrect or incomplete information corrected, contact the Data Protection Officer.
Right to be forgotten
The law states that you can request that information is erased if you withdraw consent for processing or if organisations are not obeying the laws. However, this right does not extend to organisations providing health and social care treatment. You may not use this right to erase health records..
More information about right to be forgotten
General Data Protection Regulation, Article 17(3)(b)
Right to restriction of processing
This allows you to stop us from carrying out specific processing of your personal data. We can store your personal data but we may not process it unless you give us permission. Contact the Data Protection Officer if you wish to restrict processing of your personal information.
Right to notification
We have a duty to let you know (if you ask us) if we correct, erase or restrict the processing of your personal information. We must also tell any recipients (third parties) with whom we have shared your personal information about any of these activities.
Right to data portability
You can request copies of your personal information in a useful electronic format. This ensures that electronic transfer to another data controller may take place without difficulty. The right to data portability only applies in specific circumstances. It applies when:
- TEWV is using consent to process personal information
- TEWV is processing personal information for the performance of a contract
- TEWV is carrying out the processing by automated means (ie, excluding paper files)
Most of the care that TEWV delivers does not rely on consent or the performance of a contract so it is unlikely you will have an opportunity to use the right of data portability.
Right to object
You have a right to object at any time to the processing of personal information. If you exercise this right we must stop processing your personal information immediately
Right to appropriate decision making
You have the right not to be subject to a decision based solely on automated processing including profiling. We do not currently use automated processing or profiling.
The term profiling is described as: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Right to withdraw consent
You have a right to withdraw any consent (permission) you have given at any time. If you do this we must stop processing your personal information or decide if there are other legal grounds on which we can continue to use your personal information. We do not rely on consent to use your personal information for the provision of direct health and social care. (Refer to ‘Why do you hold and record information about me?’)
If you want to exercise any of your rights please discuss firstly with a clinician then contact the Data Protection Officer.
If we rectify, erase or restrict the processing of your personal information we will let you know unless it is impossible or involves disproportionate effort.
More information about right to withdraw consent
General Data Protection Regulation, Article 7 covers the conditions for consent.
How can I make a complaint about the way my personal information has been used?
If you are not happy about the way Tees, Esk and Wear Valleys NHS Foundation Trust have used your information you can contact the Complaints Department. They are here to help. They will manage your complaint in the best possible way to ensure that you receive a compassionate response that identifies how we have learnt from your experience which will be used to improve our services.
The complaints team are available Monday to Friday (excluding bank holidays) between the hours of 9am and 4pm.
Complaints Manager
Tees, Esk and Wear Valleys NHS Foundation Trust
Flatts Lane Centre
Normanby Middlesbrough TS6 0SZ
Email: [email protected]
Freephone: 0800 0520219
Text message: 07733 001221
If you are not satisfied with the outcome of your complaint, you may then take this to the Information Commissioner’s Office and the Parliamentary and Health Service Ombudsman.
You can find out more information contained within the Trust’s Complaints Policy:
You have the right to take your complaint to the Information Commissioner’s Office:
Wycliffe House Water Lane
WILMSLOW
Cheshire SK9 5AF
Telephone their helpline on 0303 123 1113 or contact them on Live Chat or email [email protected]
You may also want to refer your complaint to the PHSO:
Parliamentary and Health Service Ombudsman
Telephone helpline: 0345 0154033 or send a text to their ‘call back’ service: 07624 813 005, with your name and mobile number.
How do you collect my information and how do you store it?
When you are referred to our services and attend appointments or are seen at home, information about the care and treatment you receive is recorded in your health or care record.
Most of the information we collect about you will come directly from you. We may collect your information on paper, online, by telephone, by email, through CCTV, by a member of staff or from one of our partners. Information will be stored in paper and electronic format.
Some of our partner organisations may share your personal information with us. Information sharing between health (NHS Trusts) and Social Care (Local Authorities) is routine and Information Sharing Agreements will exist between partner organisations.
Integrated Care Systems (ICS) are new partnerships between the organisations that meet health and care needs across an area, to coordinate services and to plan in a way that improves population health and reduces inequalities between different groups. TEWV is an active partner in the development of ICSs.
Service users who use computerised therapy may wish to know that data is transferred, but not stored, to the patient administration system.
You can find out more about how we manage information by reading our Records Management Policy:
Do I have to give you my personal information?
We need your personal information so we can decide what care and treatment is appropriate for your specific needs. The law allows us to collect personal information so we can provide health and social care services to the people who live in our local community. We will only collect the information that is necessary. We have to collect information about service users to promote your recovery – this is the law.
Is my personal information used in profiling or automated decision making?
Your personal information is not used in automated decision making or profiling (refer to the Right to appropriate decision making section above). We will update you if this changes.
How do you make sure my personal information is safe and secure?
We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
We use passwords for access to computer systems and when we need to transfer personal information electronically it is encrypted (translated into a special code to protect it from being seen by anyone not authorised to do so).
When we need to transfer paper records we have a system in place called ‘tracking and tracing’ to record their movement from one location to another.
More information about how we make sure your personal information is safe and secure
NHS England’s cyber and data security and resources, Cyber and data security services and resources – NHS Digital, and Tees, Esk and Wear Valleys NHS Foundation Trust’s Information Security and Risk Policy provide more information about how your information is kept safe and secure. If you want a copy of this TEWV policy you can view this online:
The National Data Guardian: Review of consent and opt-outs can be found on the Government’s website. This lists ten new data security standards. These standards are intended to apply to every organisation handling health and social care information, although the way that they apply will vary according to the type and size of organisation.
How do you protect my privacy and confidentiality?
We employ a Privacy Officer whose role is to closely monitor access to electronic patient records to ensure that only those who have a justified reason to access your records do so.
TEWV has a Caldicott Guardian whose role it is to make the final decision on how, what, when and why personal information will be processed.
TEWV’s Caldicott Guardian is Kedar Kale, Medical Director. Information about him can be found on our website.
There are 8 Caldicott Principles that are championed by our Caldicott Guardian. The 8th principle says we must inform service users about how their confidential information is used. This will ensure there are no surprises. Receiving a copy of this privacy notice will help to ensure there are no surprises in the way we use your personal information.
More information about how we protect your privacy and confidentiality
The following document explains the various laws and rules about the use and sharing of confidential information: HSCIC Guide to Confidentiality in Health and Social Care: https://digital.nhs.uk
Tees, Esk and Wear Valleys NHS Foundation Trust’s Confidentiality and Sharing Information Policy:
http://www.tewv.nhs.uk explains how we protect your privacy and confidentiality.
View the 8 Caldicott Principles.
How will you meet my communication needs?
We will aim to provide information to meet the needs of service users and/or parents/ carers, where those needs relate to a disability, impairment or sensory loss.
The Accessible Information Standard, https://www.england.nhs.uk sets out a specific, consistent approach to identifying, recording, flagging, sharing and meeting the information and communication support needs of service users, carers and parents with a disability, impairment or sensory loss.
Why do you use CCTV and other monitoring systems?
The Trust uses CCTV for a variety of reasons:
- Support the Police to prevent or detect crime or disorder;
- Assist in the identification, apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings);
- Increase personal staff/patient/public safety and reduce fear of crime;
- Protect Trust premises and its assets;
- To improve safety, quality and the patient experience.
CCTV is used according to data protection law and its use is governed by a Trust policy and procedure.
The Trust uses a Vision Based Patient Monitoring System (VBPMS) which has been introduced across inpatient wards and seclusion rooms to improve patient care and safety. The VBPMS works as an assistive tool alongside holistic, trauma informed person centred care to support proactive identification of issues that may potentially result in harm to the patient.
The system is designed to alert staff to specific situations occurring within the room such as prolonged periods in the bathroom area, multiple persons within a room, or no activity within an occupied room.
Part of the system is also classed as a medical device which enables staff to monitor and record the physical observations of breathing and pulse rate remotely. To support this function it is required that a clear video picture is available to explicitly identify the person correctly before recording these physical observations results in the patient’s medical notes. This video data is automatically deleted after 24 hours with the potential exception where footage is required to support investigation towards an incident where it will be managed in accordance with the Data Protection Act and General Data Protection Regulation.
In some areas the Trust is piloting the use of body cameras for patient safety. This will be obvious to you if you are in an area where these are being worn by staff.
View a guide on the use of CCTV published by The Information Commissioner.
Remote Appointments
The Trust has introduced the use of remote appointments using virtual visits through Microsoft Teams. These are not recorded without your consent. The clinician facilitating your appointment will make their notes in the usual way.
National Fraud Initiative (NFI) Privacy Notice
Tees Esk and Wear Valleys NHS Foundation Trust is required to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds, or where undertaking a public function in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises. Data matching involves comparing sets of data such as the payroll records of a body against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or another explanation until an investigation is carried out.
We are a mandatory participant in the Cabinet Office’s National Fraud Initiative; a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching each exercise, as detailed here on the www.gov.uk website. For further information on how the Trust uses your information, please refer to the Trust’s Privacy Notices.
The legal basis for processing personal data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014 (LAAA). It does not require the consent of the individuals concerned under data protection legislation or the GDPR (General Data Protection Regulation). Data matching by the Cabinet Office is subject to a code of data matching practice, also available on the www.gov.uk website.
The Cabinet Office has published its Data Privacy notice, which sets out how the Cabinet Office will use your personal data and your rights. The notice is made under Article 14 of the General Data Protection Regulation (GDPR).
The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
We want you to know that we take privacy very seriously. Please be assured that we will always manage your data securely and responsibly.
For further information on data matching at this organisation, please contact your counter fraud specialist, Sarah McCloud on 07973 814 317 or email at [email protected]. Alternatively, please contact the Counter Fraud team on 0191 441 5936 or email [email protected].
Contact us
Trust Address
Tees Esk and Wear Valleys NHS Foundation Trust
Trust Headquarters
West Park Hospital
Edward Pease Way
Darlington
DL2 2TS
Feedback
We’d like to know if you think this information is useful, if there is anything missing that you wanted to know, or anything you didn’t understand. Please email [email protected] with your thoughts or phone 0191 333 6637.
Do you have any concerns or complaints?
If you have any concerns or complaints about a service, please tell a member of staff. You can also call our Complaints Team on freephone 0800 052 0219 or email [email protected]
Information in other languages and formats
We want to make sure you can read and understand the information we provide to you. If you would like this leaflet in another language, large print, audio or Braille, please ask a member of staff.
Staff and service users can find this information on the Trust’s website: http://www.tewv.nhs.uk.
Version Control
Reference: PN001
Version: v1.9
Last updated: January 2024
Download this Privacy Notice as a PDF
