You have the right to confidentiality under Data Protection Law, the Human Rights Act 1998 and the Common Law Duty of Confidentiality
The right to be informed – you have the right to know what information we hold about you, what we use it for and if the information is shared, who it will be shared with. We do this through this privacy notice and patient leaflets.
The right of access – to information held about you. For further information please refer to the section “How can you gain access to the information that the Trust holds about you?”
The right to rectification – this is your right to have your personal data rectified if it is inaccurate or incomplete. If you believe that the information recorded about you is incorrect, you will need to tell us (email@example.com) so that we are able to contact the person who entered the information. We will correct factual mistakes and provide you with a copy of the corrected information. If you are not happy with an opinion or comment that has been recorded, we will add your own comments to the record so they can be viewed alongside any information you believe to be incorrect.
The right to erasure – this is also known as your ‘right to be forgotten’ where there is no compelling reason to continue processing your data in relation to the purpose for which it was originally collected or processed. Your health record is retained in accordance with NHS national guidance, and because of our obligation to keep health records, it is extremely rare that we destroy or delete records earlier than the recommended retention period. However, if you believe you have compelling grounds for having all or part of your record erased you should contact our Data Protection Officer, firstname.lastname@example.org. The clinician in charge of your care and our Caldicott Guardian will decide whether we can safely accommodate your request. If you are unhappy with our decision you may wish to register a complaint to the Information Commissioner.
The right to restrict processing – this is your right to block or suppress the processing of your personal data. If you raise an issue relating to your health record that requires us to restrict processing, we will investigate your concerns. Please note it will not be possible to restrict processing while you are receiving care and treatment at the hospital.
The right to data portability – this is your right to obtain and re-use any information you have provided to us as part of an automated process. At present we do not process any personal data that meets this requirement.
The right to object – this is your right to object to the hospital processing your health data because of your particular situation. Because of our obligation to keep health records, it is extremely rare that we would stop processing your data if you wished to continue to be treated by the hospital. If you believe you have compelling grounds for the hospital to stop processing your data, you should contact our Data Protection Officer, email@example.com. The clinician in charge of your care and our Caldicott Guardian will decide whether we can safely accommodate your request. If you are unhappy with our decision you may wish to register a complaint to the Information Commissioner.
Rights in relation to automated decision making and profiling – GDPR provides safeguards for individuals against the risk that a potentially damaging decision would be taken without human intervention. While the hospital may use systems to determine how well a patient is, it does not replace clinical judgements when making decisions about your care.
If you have provided your consent, you have the right to withdraw your consent at any time. Please speak to your clinician or nurse if you would like to withdraw the consent that you have provided.
You have the right to lodge a complaint with the Information Commissioner Office (ICO) if you believe that the Trust has not complied with the requirements of the GDPR or the DPA with regards to your personal data. Please refer to the section, “How can you contact us with queries or concerns about this privacy notice?” or “How can you make a complaint?”