If we hold information about you as a patient you have the right to:
1. Be informed:
Individuals, which include patients and staff, have the right to be informed about the collection and use of their personal data.
2. Right of access
You have the right to find out what information we hold about you as a member of staff or as a patient. This is called a right of access. You exercise this right by asking us for a copy of the information we hold about you.
We are required to supply this information to you within 30 calendar days from the date the Trust received the request.
3. The right to get your data corrected
You have the right to have any inaccurate personal information about you corrected within 30 calendar days month.
You can make this request verbally and in writing.
In certain circumstances the Trust can refuse the request for rectification.
4. Your right to get your personal information deleted
You have the right to ask the Trust to delete any personal information we hold about you in certain circumstances. This is known as the ‘right to be forgotten’.
This right is not absolute and can only apply in certain circumstances.
You don’t have to ask a specific person within the hospital. We do recommend that you follow up any verbal requests in writing by contacting the Trust’s Data Protection Officer explaining your concerns, providing evidence and stating your desired solution.
5. Right to limit how we use your information
You can limit the way the hospital uses your personal data if you are concerned about the accuracy of the data or how it is being used.
In certain circumstances you can make a request for the hospital to limit the use of your personal information. This could include:
- Temporarily removing information from a system
- Making it unavailable to users, or
- Temporarily removing it from a website, if it has been published.
The Trust may refuse a request to limit the use of your information if we believe that your request is unfounded or excessive. We won’t do this without letting you know and if your request is ‘manifestly unfounded’. We may ask for a reasonable fee to cover administration costs.
6. Right to data portability
You have a right to get your personal information from the hospital in an accessible format, paper, electronic or CSV file.
You can also ask the hospital to transfer your electronic information to another healthcare provider if it is technically feasible.
How long will I need to wait for my data to be transferred?
The hospital has one month to respond to your request. We may need extra time to consider your request and this may take up to two months but we will let you know.
7. Right to object
You have the right to object to the use of your information in some circumstances.
Your request can be verbal or in writing. We recommend that you follow up any verbal requests in writing by contacting the Trust’s Data Protection Officer explaining your request./
8. Rights relating to decisions made about you by a computerised system.
This is called automated decision making and profiling for example, completing an online aptitude test using a pre-programmed algorithm and or criteria when applying for a job vacancy with the hospital.
You can ask for information to understand the reasons behind the automated decisions. The request can be made verbally or in writing. We recommend that you follow up any verbal requests in writing by contacting the Trust’s Data Protection Officer explaining your request.
Profiling means information about you is used to analyse or predict things like:
- Your performance at work
- Your personal financial status
- Your health, personal preferences and interests.
You can object to the collection of profiling information if it includes direct marketing.
It will take the hospital a month to respond to your request, but in certain circumstances, we may need more time which can take up to an extra two months. We will let you know within the 30 days if it might take longer.
Raising a concern
You have a right to be confident that the hospital handles your personal information responsibly and securely.
If you would like to speak to someone, about any concerns you may have please call the Information Governance Office 01722 336262 or the Trust’s Data Protection Officer on 01722 425119.
You can also seek advice from or make a complaint to the Information Commissioner’s Office (ICO) who is the UK data protection regulator.