Guy’s and St Thomas’ aims to ensure the highest standard of healthcare for our patients. To do this we keep records about you, your health and the care we have provided or plan to provide to you. We are committed to ensuring that your privacy is protected. If we ask you to provide information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.
The information we collect
You will be asked to provide necessary registration details when you require secondary (hospital) healthcare. We will also hold a record of your referral and clinical appointments which will be updated by your healthcare professionals. We will make your Medical Centre aware of your secondary care treatment so that your GP is kept informed. We use personal data as part of our official authority; because it is necessary for the provision of care and treatment; and for the management of healthcare systems and services. We, therefore, list Public Task as our lawful basis for doing so. We may also invite you to complete a patient survey. This is optional. Further information about the privacy of our patient surveys is available here
How we use your information
Your records are used to:
- Provide a basis for all healthcare decisions made by healthcare professionals with and for you; e.g. your record includes your medical history, your medication and any allergies, and helps staff review the care they provide to ensure it is of the highest standard;
- Make sure care provided is safe and effective; e.g. we may use your anonymized information in clinical audits or for staff training purposes;
- Work effectively with others providing you with care; i.e. we may need to share information with other individuals or providers involved in your healthcare.
We will share information with healthcare professionals involved in your car and in accordance with the General Data Protection Regulation(GDPR), the Data Protection Act (DPA) 2018 and the Common Law Duty of Confidentiality. Full details of the DPA 2018 are available at www.legislation.gov.uk.
Providing optimal care may necessitate sharing this information with your other healthcare providers, such as those below:
- NHS hospitals
- Host Nation hospitals
- MOD Contracted Primary and Community Care providers
- Host Nation GP Practices
- Dentists, opticians and pharmacies
- Host Nation Community Providers (private hospitals, care homes, hospices)
- Voluntary Sector Providers who are directly involved in your care
- HQ British Forces Germany Health Service
- Translation service.
Sharing information with consent
We may receive requests from non-healthcare parties asking for medical reports (i.e. solicitors, life assurance companies or social services). In most cases, the request will be accompanied by your signed consent for us to disclose information. If we do not receive a consent form, we will not disclose information about you. We will not normally release details about other people that are contained in your records (i.e. family members) unless we also have their consent.
You may wish to involve other parties in decisions about your care and we will ask your specific consent for us to do so. Without such consent no information will be disclosed.
Sharing your information without your consent
There are times when we may lawfully share your information without your consent, for example:
In order to fulfil our contract to provide you with optimum healthcare; e.g. accounting practises associated with your healthcare, or having your healthcare records translated,
- For legitimate purposes, e.g. helping staff to review the care they provide and undertaking audits,
- Carrying out duties in the public interest; e.g. investigating complaints or concerns relating to healthcare providers,
- Acting in your vital interests; e.g. protecting vulnerable children and adults,
- When we are legally obliged to report certain information; e.g. to prevent fraud or serious crime.
How we keep your information confidential and secure
We will only use the minimum amount of information needed about you to provide optimum care and all information will be held confidentially on a secure and accredited electronic medical records system. We use strict controls to ensure that only a limited number of authorized staff are able to see the information that identifies you -and only the information that is necessary for them to fulfil their role effectively.
All our staff and contractors receive appropriate and ongoing training to ensure they are aware of their personal responsibilities and they have contractual obligations to uphold confidentiality; enforceable through disciplinary procedures.
Anyone who receives information from us is also under a legal duty to keep it confidential and secure
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018, Article 8 of the Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
All our staff sign a confidentiality agreement that explicitly clarifies their duties in relation to personal health information and the consequences of breaching that duty.
We will only keep information for as long as is deemed necessary and when it is no longer needed for the stated purpose, the information will be destroyed. Personal confidential data held on paper are securely destroyed by Kobusch Aktenvernichtung (www.aktenschredder.de).
Your information will not be sent outside of the EU unless we are sure that your privacy will be protected in the same way as it would be in the EU. We will never sell any information about you.
Right of Access to your Health Information
The Data Protection Act 2018 allows you to find out what information about you is held on computer and in manual records. This is known as “right of subject access” and applies to personal information held about you. If you want to see the information about you which is held:
- you will need to make a written request to our Data Protection Officer’s representative in Germany (see privacy Information Contact details below);
- we are required to respond to you within 30days;
- you will need to give adequate information (for example full name, address, date of birth, NHS number etc.);
- you will be required to provide ID before any information will be released to you.
Right to change the data we use
In certain circumstances, you may have the right to request that we update or cease the processing of any or all of your information. If you wish to make a request of this nature, please contact the Data Protection Officer’s representative in Germany (see address below for Privacy Information Contact).
Changes to this privacy statement
Our privacy statement is kept under regular review and, where necessary, updated. A separate privacy statement is available for staff.
If you wish to request further specific information or clarification in respect of this privacy statement or have any concerns, or you do not wish us to share your information, we will be very pleased to help you. Please contact the Privacy Information Contact (below)in the first instance. If your request cannot be satisfactorily concluded in this way, the Data Protection Officer can be contacted on the address below.
Our Data Controller is Guy’s andSt Thomas’ NHS Foundation Trust, London.
Privacy Information Contact in British Forces Germany
Director of Medicine and Clinical Governance
Guy’s and Thomas’ Trust
HQ SSAFA GSTT Care LLP
Data Protection Officer
Data Protection Officer
Director of Information Governance and Management Data,
Technology and Information Directorate
First Floor, South Wing (near Chapel),
St Thomas' Hospital
Westminster Bridge Road,
London SE1 7EH
Right to lodge a complaint with a supervisory body
You have a right to make a complaint if you feel that the processing of your personal data infringes the Data Protection Act 2018.
We are part of Guy’s and St Thomas’ NHS Foundation Trust in London, where the local supervisory authority is the Information Commissioner’s Office (ICO). For further information on your rights and how to complain to the ICO, please refer to the ICO website (www.ico.org.uk).
You can also lodge a complaint with another supervisory authority based in the country or territory where you are living, where you work or where the alleged infringement took place.
Updated: June 2019