![](https://www.westhertshospitals.nhs.uk/application/files/8817/3444/1829/Staying_in_our_hospitals.jpg)
Staying in our hospitals (inpatients)
This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.
Name - West Hertfordshire Teaching Hospitals NHS Trust
Address - Trust Offices, Watford General Hospital, Vicarage Road, Watford, Hertfordshire, WD18 0HB
General inquiries email address - westherts.
Website - https:/
Z5205111.
Watford General Hospital, Vicarage Road, Watford, Herts, WD18 0HB
Tel: 01923 244366
Hemel Hempstead Hospital, Hillfield Road, Hemel Hempstead, Herts, HP2 4AD
Tel: 01442 213141
St Albans City Hospital, Waverley Road, St Albans, Herts, AL3 5PN
Tel: 01727 866122
We are the Data Controller for your information. The Data Controller decides why and how to use and share information.
Our Data Protection Officer is Nicola Bateman. She monitors our compliance with data protection laws. You can contact Nicola at westherts.
We collect personal data from various sources for direct health care purposes. Here’s how we gather this information and the reasons for having it.
We may also receive your personal information from other sources in the following situations:
Your information is essential for providing you with direct health care services. In addition to direct care, your information is used for several other important purposes, including:
There are strict national controls in place governing how your information is used for these purposes. These regulations determine whether your data must be anonymised and with whom identifiable information may be shared.
To provide you with care and to meet our operational needs, we collect the following types of personal information:
Under the UK GDPR, certain data types receive extra protection due to their sensitive nature. We handle the following special categories of data with additional care:
We may share your information with a range of partner organisations to ensure you receive the best possible care. The main organisations we share information with include:
In certain circumstances, we are required by law to share information with the appropriate authorities without your permission. These instances include:
For more information, please visit My Care Record.
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information are:
Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):
Article 9(2)(a) In certain situations, we may ask for your explicit consent to process your personal data, especially for research or non-essential purposes. You have the right to withdraw your consent at any time, and this will not affect the care you receive.
In our use of health and care information, we comply with the common law duty of confidentiality in the following ways:
We always take a measured approach to ensure your information is handled appropriately and in line with the common law duty of confidentiality.
Everyone working for the NHS has a legal duty to keep information about you confidential. If you are receiving care from other people as well as the NHS (like Social Services), we may need to share some information about you so we can all work together for your benefit.
We will only ever use or pass on information about you if others involved in your care have a genuine need.
We will not disclose your information to third parties without your permission, unless there are exceptional circumstances, such as when the health or safety of others is at risk, or where the law requires information to be passed on. Anyone who received information from us is also under a legal duty to keep it confidential.
We retain your health records in accordance with the NHS Records Management Code of Practice.
Typically, your records are kept for a minimum of eight years after your last treatment, discharge, or death, unless longer retention is needed. Specific records are kept for longer periods:
After the appropriate retention period, we ensure your records are securely and confidentially destroyed in line with data protection and NHS guidelines. This includes shredding paper records, or wiping hard drives to legal standards of destruction once their retention period has been met, and we have made the decision that the records are no longer required.
We are committed to ensuring that your personal information is kept safe and secure. We use a range of measures to protect your data, including:
These measures are designed to safeguard your information in compliance with data protection laws, including the UK GDPR and the Data Protection Act 2018.
You have several rights regarding your personal information, which may vary depending on the reasons we are processing your data. Your rights include:
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to exercise any of these rights, please contact our data protection officer westherts.
As part of our ongoing efforts to improve efficiency and accuracy in patient care, we use automated processes for certain administrative tasks. These automations assist with repetitive tasks, such as vetting MRI requests, but do not make clinical decisions without human oversight. A healthcare professional will always review any critical decisions about your care.
We do not make decisions about your care based solely on automated processing, including profiling, which produces legal effects or similarly significant impacts on you. If in the future we use automated decision-making in a way that significantly affects you, we will ensure that you have the right to obtain human intervention, express your point of view, and challenge the decision.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
The national data opt-out was introduced on 25 May 2018, allowing patients to choose whether their confidential patient information is used for research or planning purposes.
We apply the national data opt-out because we use confidential patient information for these purposes. You have the right to decide if your information can be used in this way. If you are happy with this use, you don’t need to take any action. If you choose to opt out, your confidential information will still be used to support your individual care.
You can view or change your national data opt-out choice at any time by visiting NHS your NHS data matters website, or by using the NHS App under "Your Health" and selecting "Choose if data from your health records is shared for research and planning." You can change your decision at any time.
The information collected about you when you use health and care services may also be used for purposes beyond your individual care, such as:
Whenever possible, data used for research and planning is anonymised so you cannot be identified, and your confidential information is not accessed.
If you choose to opt out, your decision will not affect the care you receive. To learn more or to manage your national data opt-out choice, visit the NHS Your NHS data matters website. You can update your preference at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint by contacting our Information Governance team by emailing them on: westherts.
If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:
Information Commissioner’s Office,Their website is www.ico.gov.uk