Information governance and data protection

Your information

Your personal health data and how we manage it is as important to us as it is to you. The way we collect, store, use and share data about you is constantly evolving in line with technology, and the laws that govern the use of your personal data have also evolved to accommodate these changes.

At Mid and South Essex NHS Foundation Trust, we take great care to ensure your data is managed in line with current Data Protection laws.

How  your information is protected.

Data Protection laws are in place to make sure that all organisations operate in a way that protects any personal data they hold, and know how to what to do if something goes wrong.  The Trust has a robust suite of policies and processes in place to ensure that your information is managed safely and lawfully.

How you have more control over what happens to your information.

You have a right to privacy and a right to expect your data to be protected.  Current Data Protection law gives you easier access to the personal data we hold about you.  It is designed to give you confidence that this information is accurate, up to date and well managed.

You are entitled to request copies of any personal data we hold about you, and also to request for changes to be made.

 

If you have any questions, or require any further information about how we manage your data, please contact mse.informationgovernance@nhs.net

Your rights under the General Data Protection Regulation (GDPR)

The right to be informed

  • You have the right to be informed about the collection and use of your personal data
  • We must provide you with information including: our purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with. This is called ‘privacy information’

The right to request access

You have the right to obtain:

  • confirmation that your data is being processed
  • access to your personal data
  • evidence that we treat your data within the rules of the law.

The right to request rectification

  • You have the right to ask that for any information you believe is inaccurate to be corrected or completed if it is incomplete.

The right to request erasure

  • You have the right to ask that we delete any information we hold about you.

The right to restrict processing

  • This means that you can limit the way we share your information.
  • This means that we can hold your information but we cannot use it or share it with external organisations.

The right to data portability

  • This allows you to ask for and reuse your personal information for your own purposes for different services
  • It also allows you to move, copy or transfer personal information easily from one IT environment to another in a safe and secure way, without any effect on your ability to use it.

The right to object

  • to us using your information for reasons other than to provide you with care
  • to your information being used for direct marketing (including profiling)
  • to your information being used for purposes of scientific or historical research and statistics

Data Subject Access Request and Right of Access

Under current Data Protection Law, you have the right to ask an organisation whether or not they are using or storing your personal information. You can also ask them for copies of your personal information, verbally or in writing.

This is called the Right of Access and is commonly known as making a Data Subject Access Request or ‘DSAR’.

Under current Data Protection Law, organisations have one calendar month to provide you with the information you have requested subject to exemptions as outlined on the ICO exemptions information page https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/

A copy of the information requested as a DSAR must be provided free of charge. However, in line with current Data Protection Law, when a request is deemed ‘manifestly unfounded or excessive’, particularly if it is repetitive, a ‘reasonable fee’ can be charged.

To request a copy of your health records, please visit our Access to Health Records page .

To request access to any other type of information the Trust holds about you, please complete the Data Subject Access Request application form [docx] 45KB