For your benefit we may need to share information from your health records with non-NHS organisations from which you are also receiving direct care, such as social services or private healthcare organisations. We may also need to share your information, such as blood test results, for direct care processing purposes by a non-NHS organisation under an agreement with the Trust. We will always seek your permission to share your information with organisations for purposes other than your direct care.
However, in exceptional situations we may need to share information without your permission if:
- It is in the public interest – for example, there is a risk of death or serious harm
- There is a legal need to share it – for example, to protect a child under the Children Act 1989
- A court order tells us that we must share it
- There is a legitimate enquiry from the police under the Data Protection Act for information related to a serious crime.
We hold a list of the information sharing agreements we currently have in place with our partner organisations.
National & Local Surveys
Your personal data may be used for the purposes of the NHS Patient Survey Program, and this may include passing data to a CQC approved contractor. The anonymised reports produced by the survey programs are used to help make service improvements.
The processing basis for the Trust to use your information for the NHS Patient Survey Program is set out in Article 6(1)(e) of the General Data Protection Regulations which allows data to be processed where the “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.
We may share data for approved research projects. Your consent will always be requested before any information is shared with the approved research project. In most instances the information will be made anonymous so that you cannot be identified. We will always request approval from the NHS Health Research Authority's Confidentiality Advisory Group. The Health Research Authority has further details on patient information and health and care research.
Personal data provided by individuals for the purpose of research:
6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:
9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional
There is a duty of care to report safeguarding concerns to partner organisations to support an individual’s welfare. There is useful information on the Trust’s safeguarding page on the importance of safeguarding for adults and children and how staff are supported to act in the best interests of the individual.
Data may be shared with the police or other national security agencies where it is necessary and proportionate to support the prevention, investigation and detection of crime.
Data may be provided to the Trust by partner agencies to support the management of patients with tuberculosis or suspected tuberculosis.
Data may be provided to the Trust by partner agencies to support the management of public health.
CQC Accessing Records
CQC has powers under the Health and Social Care Act 2008 to access and use information where they consider this is necessary to carry out their functions as a regulator. Where possible inspectors should explain why they are asking to look at certain records. They will consider any concerns and objections raised to them, and whether they can achieve CQC’s purpose by accessing the records of someone else. However, CQC relies on its legal powers to access information rather than consent, therefore may use its powers to access records even in cases where objections have been raised.
More detail on how they ensure compliance with data protection law (including GDPR) are included in CQC’s Privacy Statement.
Northampton General Hospital NHS Trust is part of EMRAD, the East Midlands Radiology Consortium which aims to deliver timely and expert radiology services to patients across the East Midlands, regardless of where they are being treated. Radiology services include imaging tests like x-rays and scans. Details on how they ensure compliance with data protection law (including GDPR) are included in EMRAD’s Privacy Notice.