Privacy

Data Protection

Barking, Redbridge and Havering University NHS Trust (BHRUT) is required to comply with the laws and regulations that apply to protecting your data and how it is used. They are the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018.

Looking after your personal information 

BHRUT is committed to protecting your privacy and the data we collect and use to provide our services.   We are required to comply with the laws and regulations that apply to protecting your data and how it is used. They are the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This privacy notice explains how we use information about you and how we keep it safe, and protect your privacy.

This privacy notice applies to any personal data collected by us or on our behalf, by any format – phone, letter, email, online, or face to face.

It will tell you:

  • what information we collect about you
  • where we get your information from
  • why we collect your information
  • how we keep your information safe
  • how long we keep your information
  • why we are allowed to process your information
  • your rights as a data subject
  • when we may pass your information on to other people or organisations
  • when we may transfer your information to other countries
  • where to get further advice   

What information do we collect?

Depending on your circumstances and the nature of the health care you require, we may collect the following information about you:

  • Your general details (such as name, address, date of birth, telephone number)
  • Details about your GP
  • Your medical history
  • Any medications you are taking
  • Details about your physical or mental health
  • Your family details (for example, your next of kin)
  • Your ethnicity
  • Your religious beliefs
  • Your lifestyle and social circumstances
  • Your sexual life
  • Scans, x-rays, and other diagnostic images
  • Your genetic or biometric data

The information we collect about you may be written down in a paper file (manual record), or held on a computer system (electronic record).

In some cases the information we hold about you might be provided directly by you through the use of a mobile application or wearable technology (like a diabetes pump).  We   may also record CCTV images in public areas as part of the Trust's security arrangements and for crime prevention.

You have the right to receive a copy of your medical records via a Subject Access Request.

Where do we get your information from?

A lot of the personal information provided to us comes directly from our patients. In certain circumstances, we may also receive personal data from:

  • Parents, relatives or carers
  • General Practitioners (GPs)
  • Other NHS trusts, hospitals, clinics or hospices
  • Ambulance trusts
  • Local authorities
  • Private healthcare providers

Why do we collect your information?

We may also process your data to carry out scientific or historical research. The  Health Research Authority sets standards for NHS organisations to make sure they protect your privacy and comply with the law when they do research work. When Barts Health uses your data for research purposes we will ensure that appropriate safeguards are in place, such as using the minimum amount of data needed or making sure you cannot be identified by the data. We will also make sure that the research will benefit our patients or the wider public and has the relevant ethics approval.

Sometimes a member of your care team may review your health records to see if you might be a good candidate for any research we have planned. However, except in very specific circumstances, we are required to inform you first and get your explicit consent before we are allowed to use any of your information for research. We will not use data from private or non-NHS patients for research purposes.

We use the same definition of the 'care team' that the Health and Research Authority use- this come from the Information Governance Review in 2013 by the National Data Guardian. It states: 'direct care is provided by health and social care staff working in 'care teams', which may include doctors, nurses and a wide range of staff on regulated professional registers, including social workers.... Care teams may also contain members of staff, who are not registered with a regulatory authority, but who may need access to a proportion of somones's personal data to provide care safely.'

If you do not want your personal information to be used for planning and research, you may express your preference under the  National Data Opt-Out Programme. You can use this service to request that your confidential patient information is not used for  research without your consent.

To help run our hospitals and improve our service

We may also need to use some information about you to:

  • manage the healthcare services we provide
  • help investigate any complaints, claims or incidents
  • match data under the  National Fraud Initiative
  • help us to plan new services
  • help us keep track of spending on our services
  • prepare performance statistics for the Department of Health and other regulatory bodies
  • assist in clinical audits of the quality of our services

After you attend one of our hospitals you may receive a text message asking you to rate how happy you were with your visit. This is a national service called the  Friends and Family Test, and it gives NHS users an opportunity to give feedback on their experience. When you receive a Friends and Family Test message by text, you will have the option to opt out of any future messages from this service if you wish to do so.

How do we protect your information?

Everyone working for the NHS has a legal duty to maintain the highest levels of confidentiality, and all BHRUT staff receive training in how to handle your information securely. Except in certain specific circumstances, your records will generally only be seen by those involved in providing or administering your care.

Your paper healthcare records are stored in physically secure areas and electronic records held on computer systems are protected by appropriate technology (such as data encryption and access controls).

If you decide to send or receive personal information by email, please be aware that BHRUT cannot be responsible for the security of the information during its transfer to or from our email system, or for any loss or compromise of the information due to technical or security issues occurring outside our computer networks. We do have a secure email option that we can use for transfer of sensitive data, upon request. To use this you will need to set up an account with Egress once we have sent you an invitation.

How long will we keep your information?

There is often a legal reason for keeping your personal information for a set period of time. Our policy for keeping information is based on Appendix 3 of the  NHS Records management Code of Practice for Health and Social Care 2016. Please see this document to find out how long we will keep different kinds of information about our patients.

Why are we allowed to process your information?

Under the General Data Protection Regulation (GDPR) most of the Trust’s processing of personal information is carried out under the lawful basis of ‘Public Task’, because the processing is necessary for the performance of a task carried out in the public interest (GDPR Article 6(1)(e)). This allows us to process your information because it is necessary for public health purposes and for the purposes of preventative or occupational medicine.

We will also process more sensitive information (such as your medical history) because it is necessary for the purposes of preventative or occupational medicine, medical diagnosis, and the provision of healthcare (GDPR Article 9(2)(h)) or for scientific research and statistical purposes (GDPR Article 9(2)(j)).

What are your rights as a data subject?

Under the General Data Protection Regulation you have a number of rights as a data subject. These are:

The right to be informed

We are required to inform you about how we collect and use your personal information (for example, by the information given in this Privacy Notice).

The right to access

By law you are entitled to request a copy of the information we hold about you. This is known as a Subject Access Request. We will aim to provide the requested information to you within 30 days, but if we are unable to do so then we will explain the reasons to you. In most cases we will provide a copy of the information to you for free but there are some circumstances where we will need to charge.

At times we may not be able to share your whole record with you, particularly if the record contains confidential information about other people, information which could cause harm to your or someone else’s physical or mental wellbeing, or which might affect a police investigation.

More information about making a request can be found here

The right to rectification

You may request that we make changes to any data we hold about you that is incorrect or incomplete. We will take action to rectify inaccuracies in the personal information we hold about you when it is drawn to our attention. Sometimes it may be necessary to add an explanatory note to your information (an addendum) rather than change the original record. We would do this to ensure that we have all necessary information available to provide your care (your complete medical history, for example).

The right to erasure

In most cases you are not able to request that we erase the medical information that we hold about you for your direct care and public health purposes, under our lawful basis for processing your data as set out in the GDPR.

The right to restrict processing

You may request that we restrict the processing of your information in certain circumstances, for example if you believe it to be inaccurate. In most cases a restriction of processing is a temporary measure while we investigate your concerns. The right to restrict processing is not an absolute right, and we may decide not to restrict the processing of your information if we consider that processing to be necessary for the purpose of the public interest or for the purpose of your legitimate interests.

The right to object to us processing your personal information

In addition to your other rights as a data subject (see below), you have the right to object to the processing of your personal information, although you must give specific reasons for your objection based upon your particular concerns. This is not an absolute right and depending on the circumstances we may decide that there are compelling and legitimate grounds for us to continue to process your information. If we do decide to continue processing your information we will let you know and explain the reasons for our decision to you. You would also have the right to challenge our decision, for example, with the Information Commissioner’s Office (ICO).

If you wish to object to the processing of your personal information by BHRUT then please get in touch with the Trust’s Data Protection Officer (their contact details are given at the end of this notice).

The right to data portability

The Trust’s basis for processing your data under the GDPR means that we are not legally required to provide your information in a machine-readable form, although we will try to provide information that you have asked us for (such as under a Subject Access Request) in the format you prefer if it is practical for us to do so.

Rights related to automated decision making (including profiling)

BHRUT does not make automated decisions about patients or carry out evaluations based on any automated processes (profiling). 

Do we pass your information on to other people or organisations?

When we are required to do so, we will ensure that we seek your consent before sharing your personal information with other people. We will not pass your personal information to your friends, relatives or carers without your explicit consent. If you are unable to consent for any reason, we will only share information where it is clearly in your best interests to do so or it is required by law.

The Trust sometimes needs to share the personal information we process with other organisations. When we do this we are required to comply with all aspects of the General Data Protection Regulation. Where necessary we also have data sharing agreements in place with our partner organisations which will state the specific ways in which the shared data can be used.

The organisations we share information with can include:

  • other public and private healthcare, social and welfare organisations
  • central and local government organisations
  • police forces and security organisations
  • public and private service providers, suppliers of medical equipment and support systems
  • public and private auditors and audit bodies
  • legal representatives
  • survey and research organisations
  • professional advisers and consultants

The reasons why we would share your information can include:

  • notification of births and deaths
  • an emergency (when there is risk of loss of life or limb)
  • to control infectious diseases (such as meningitis or tuberculosis)
  • child protection
  • when required by a formal court order
  • for the prevention or detection of a crime

Do we transfer your information to other countries?

The Trust may sometimes use service providers who process information in other countries, both within and outside the European Economic Area (EEA). Because of this it may sometimes be necessary for personal data to be transferred overseas. However, before any transfer is made BHRUT will make sure that appropriate safeguards are in place so that the transfer of the data, its processing, storage and retention are securely controlled and in full compliance with the requirements of the GDPR.

Data Protection Impact Assessments

Under GDPR regulations we are required to carry out a Data Protection Impact Assessment (DPIA) when undertaking new projects which involve the processing of personal data. Completing a DPIA helps us to identify any data risks at an early stage and to take steps to minimise these risks as part of the project development process.

Data Protection Impact Assessments were completed for the following projects during 2018/19:

  • Implementation of virtual consultations
  • Private patients email
  • Recruitment web forms
  • Health data management and analytical reporting system
  • Nurse shift roster survey
  • Equipment training database
  • Stroke data capture system

Please contact the data protection officer should you require any further information regarding these DPIAs.

Where can I get further advice?

We have a data protection officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the data protection officer below: 

Data Protection Officer

If you would like to discuss or report any issues about the use of your personal information by the Trust, you can send your query to our Data Protection Officer by:

Emailing bhrut.informationgovernanceig@nhs.net

Or writing to:

Data Protection Officer

Information Governance Department

Queen's Hospital Stores

4 Lyon Road

Romford

RM1 2BA

For independent advice about data protection, privacy and data sharing issues, you can contact the  Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 (if you prefer to use a national rate number)

Email

Fair processing notice

Our Data Protection Guarantee

In order to comply with data protection legislation, this notice has been designed to inform you of what you need to know about the personal information we process. This is your assurance that we are complying with our legal obligation to you and a good opportunity for you to understand or exercise your information rights.

We are legally required to tell you:

  • What personal information we use
  • Why we need your personal information
  • The lawful basis for processing your personal information i.e. legitimate reasons for collecting, keeping, using and sharing it
  • How we use, store, protect and dispose of your personal information
  • How long we keep it for and who we may share it with
  • About your information rights
  • How to report a compliant or concern

Your Personal Information

When we mean personal information, we are referring to any information that can identify a specific person, either on its own or together with other information. The obvious examples are name, address and date of birth; however this could include other forms for data, such as email address, car registration, specific physical feature, NHS number, pictures, images and so forth.

This also includes Pseudonymisation which is the use of a random set of numbers or letters to generate a unique identifier (pseudonym), which can be matched with additional information (such as a ‘key’) to identify you. This does not reveal your identity, but allows the linking of different data. This is commonly used in research, where your identify is linked with a random number for the purpose of publishing research findings, the key is never shared but used to link your research data to you.

Most of the personal information we process is confidential or sensitive because of the nature of our business activities (health and social care). This could be used in a discriminatory way and is likely to be of a private nature, so greater care is needed to ensure this is processed securely. Confidential or sensitive information includes:

  • your racial or ethnic origin of the data subject
  • political opinions
  • religious beliefs or other beliefs of a similar nature
  • Trade Union membership
  • physical or mental health or condition
  • sexual life
  • alleged commission of, or proceedings for any offence or criminal history

Anonymised data is not personal information. This is any information that cannot reasonably identify you, so it cannot be personal, confidential or sensitive. Anonymisation requires the removal of personal information that might identify you. This process allows personal information to be converted into an unidentifiable format to support processing your personal information without compromising data protection requirements or posing privacy risks. This is always the first thing we consider when we need to use your personal information, opting to use your personal information only when absolutely necessary.

We may collect and use the following personal information about you:

  • contact details
  • identity
  • medical history
  • qualifications
  • financial details
  • learning needs analysis
  • employment records
  • criminal records

or any other information which may be confidential or sensitive, which you have:

  • provided to the Trust
  • through a third party,
  • other health and social care professionals
  • local authorities
  • voluntary organisations
  • relatives or those who care for you

Processing Personal Information

Barking, Havering and Redbridge Hospitals NHS Trust (BHRUT, the Trust) is responsible for:

  • planning
  • procuring
  • commissioning
  • implementing and providing NHS services for administrative, direct care, and research purposes
  • meet a legal and regulatory requirement.
  • keep you and other service users safe on our premesis. 

This may require the use of personal data of our data subjects (staff, patients, service users or any individual whom the Trust hold information on). This is why data protection legislation under the Data Protection Act 2018 and UK General Data Protection Regulation 2016 (GDPR) requires the Trust to process your personal information:

  • Fairly and lawfully with transparency
  • For explicitly specified and legitimate purpose
  • Adequately, relevant and limited to the specified purpose
  • Ensuring its accuracy and integrity
  • No longer than is necessary
  • Securely
  • In ways that comply with the law
  • With adequate safeguards in place when agreed to be transferred outside of the UK

The personal information we collect may be used for any of the following specific purposes:

  • Health care for patients – diagnosis, treatment and referral
  • Accounting, financial management and auditing
  • Commissioning and procuring services
  • Education and training
  • Consultancy and Advisory services
  • Human resources and staff administration
  • Crime prevention and prosecution
  • Health administration and services management
  • Business activity information and databank administration
  • Contractual arrangements for data processing by third parties on behalf of the Trust
  • Occupational Health referrals
  • Research, national surveys
  • Advertising, marketing and public relations or insurance
  • Security services e.g. CCTV monitoring, confidentiality audits

Without your personal information, we cannot:

  • Direct, manage and deliver the health care you may require
  • Ensure we have accurate and up to date information to assess and provide what you require
  • Provide the appropriate level of assistance or adequate guidance
  • Refer you to a specialist or another service
  • Protect the general public or promote public health
  • Manage, develop or improve our services
  • Investigate complaints or proceed with legal actions for claims
  • Employ you to join our workforce
  • Procure products and services
  • Commission business activities
  • Comply with a court order
  • Comply with regulatory requirements
  • Meet some of our legal obligations
  • Compile statistics to review our performance
  • Educate and train our workforce
  • Standardise best practice across the Trust
  • Undertake clinical trials and research studies you have or your next of kin has consented to
  • Complete occupational health checks you have consented to
  • Keep you and other service users safe on our premises

Please note: Child and Safeguarding data is managed in the same way as our other data subjects. 

Lawful Basis for Processing your Personal Information

We do not rely on consent to use your personal information as a ‘lawful basis for processing’. We rely on the following specific provisions under Article 6 (Lawful Processing) and 9 (Processing of Special Categories of Personal Data) of the GDPR:

  • Article 6 (1c) ‘processing is necessary for compliance with a legal obligation…’
  • Article 6 (1e) ‘a task carried out in the public interest or in the exercise of official authority vested in the controller.’
  • Article 9 (2b) ‘carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law’
  • Article 9 (2h) ‘processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis,
  • the provision of health or social care or treatment or the management of health or social care systems and services’
  • Article 9 (2i) ‘processing is necessary for reasons of public interest in the area of public health. This could be protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices’

This means that the Trust will:

  • Use your personal information to provide you with your care or for legitimate administrative purposes without seeking your consent. However, you do have the right to say no to our use of your personal information but this may have an impact on our ability to provide appropriate care or services. Please speak to your healthcare professional, the team providing your care or contact our Data Protection Officer.
  • collect and use your personal information to provide care and run our hospitals but will not use it for anything else that is not considered by law to be for this purpose
  • use enough of your personal information that will be relevant and necessary to carry out various tasks within the delivery of your care and running our services
  • Keep your personal information accurate and up to date when using it and if it is found to be wrong, make it right, where appropriate, as soon as possible
  • Keep your information in a way that will identify you for as long as legally required, whilst ensuring your rights
  • Have secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.

We will always secure your unambiguous, freely given, specifically expressed and fully informed consent to share your personal information, if we do not have a lawful basis to do so. In circumstances where it is not practical to inform you of the intended use, we are informing you through this notice.

We never use your personal information for advertising, marketing and public relations or insurance purposes without your consent.

You reserve the right to restrict, refuse or withdraw consent at any time, where there’s no lawful basis for processing your personal information without your consent. We will fully explain the possible consequences to you, which may affect the care or service you receive from the Trust.

Retention and Disposal of Personal Information

Your personal information may be written down (manual), digitised or held on computers (electronic) centrally within or outside of the Trust. These may be paper records, scans, photographs, slides, CCTV images, microform (i.e. fiche/film), audio, video, emails, computerised records on IT systems, or scanned documents etc. which we process securely in accordance with data protection legislation.

In addition, the following are bound by a legal duty of confidential in their professional code of practice and/or under contractual obligations.

  • NHS staff
  • anyone that works for or volunteers
  • third party organisations (suppliers, service providers and data processors)

We follow national guidelines in the current national retention and disposal schedulefor the Records Management Code of Practice 2021. This is referenced in our Trust Health Records Management Policy and Corporate Records ManagementPolicy. This determines how long we must store your personal information for and when, or if to dispose of it securely.

Keeping your Personal Information Safe

We are committed to keeping your information secure and have operational policies, procedures and technical measures in place to protect your information whether it is in a hardcopy, digital or electronic format.

We are registered to the Information Commissioner’s Office: registration number Z8284051

All of the Information Systems used by our Trust are implemented with robust information security safeguards to protect the confidentiality, integrity and availability of your personal information. The security controls adopted by the Trust are influenced by a number of sources including the 10 National Data Guardian Standards and guidelines produced by NHSDigital and other government standards.

Mandatory training and regular audits are in place to ensure that only authorised personnel with the absolutely necessary need to know your personal information can use it. We have also implemented best practice and information security controls to reduce the risk of unauthorised access to your personal information. If any of your personal information is to be processed overseas (i.e. outside the UK) a full risk assessment would be undertaken to ensure the security of the information.

When there are data protection breaches, for example

  • unauthorised access
  • inappropriate use
  • failure to secure and keep personal information secure or accurate

These are reported and investigated, with appropriate action (disciplinary, legal, lessons learned, re-training etc.) taken.

You can email our Data Protection Officer to find more information about how we keep your information safe or for copies of our Trust policies and procedures.

Sharing Personal Information

We may need to share your personal information with another organisations. For example:

  • NHS organisations
  • health and social care organisations
  • public bodies (Social Services, Probation Service, Police, Regulatory Authorities)
  • third party providers commissioned to process personal information on our behalf, when anonymisation or pseudonymisation is not viable.

This is because of our duty to share which is equally as important as our duty of confidentiality. We also may also share your personal information for planning services across the NHS. This is vital to delivering better healthcare and improving our services.

New models of service delivery are being implemented across the NHS. There is closer working with GPs and other health and social care providers, facilitated by the use of electronic patient record systems to share your personal information. As a university hospitals Trust, teaching may not be effective or possible without sharing your personal information.

You have the right say no and to opt-out of or restrict this sharing. Your right to opt-out for reasons other than direct care (e.g. planning and research purposes) is managed through the National Data Opt-Out Programme (search online or contact NHS Digital on 0300 303 5678 to find out more).

When we are required by law to report certain personal information to the appropriate authorities where formal permission has to be given. This is done by our:

  1. Caldicott Guardian (Associate Medical Director)
  2. Data Protection Officer (Head of Information Governance)
  3. Senior Information Risk Owner (Chief Digital Transformation Officer)

Acting as the 'conscience' of the Trust, they actively supports work to enable information sharing where it is appropriate to share, and advise on options for lawful and ethical disclosure of personal information.

Your personal information will only be shared if there is a lawful basis to do so and under contractual agreements (for third parties), with strict conditions to keep it confidential and secure in the same way that the Trust must comply with its legal obligation to you. We have a legal process in place known as a Data Protection or Privacy Impact Assessment which is required when a new or change to an existing process, product, project, system or service is proposed, which will use or access your personal information. An information sharing agreement is also drawn up to ensure information is shared in a way that complies with relevant legislation, especially with non-NHS organisations.

However, your right to confidentiality is not absolute which means that we will not require your consent to share your personal information:

  • If there is a concern that you are putting yourself at risk of serious harm
  • If there is concern that you are putting another person at risk of serious harm
  • If there is concern that you are putting a child at risk of harm
  • If we have been instructed to do so by a Court
  • If the information is essential for the investigation of a serious crime
  • If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
  • If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases

Your Information Rights

You have the right to:

  • Be informed about the processing of your personal information by the Trust (done through this notice)
  • Access the information we hold about you (paper, digital or electronic copies)
  • Ask the Trust to correct or complete your personal information
  • Ask the Trust to erase your personal information under certain circumstances, if the Trust does not have a lawful basis to process it.
  • Ask the Trust to restrict the processing of your personal information under certain circumstances
  • Ask the Trust to move, copy and transfer your personal information which you have provided to the Trust, , in a portable, common used/machine readable format and securely, for your own purpose
  • Ask us not to process your personal information
  • Ask us not to use your personal information for public interests, direct marketing, automated decision-making, profiling, research or statistical purposes
  • Receive a response to your access or change request within a calendar month*

*The Trust may extend the time limit to respond to your request by two calendar months if your request is complex or where a number of requests have been received from you. However, the Trust will acknowledge your request within one calendar month of receiving it and explain if/why an extension is required.

Your rights are not absolute; we may refuse to comply with your request under certain circumstances permitted by law.

For example, where your personal information:

  • Was provided by someone else who hasn’t given permission for you to see it
  • Relates to criminal offences
  • Is being used to detect or prevent crime
  • Could cause physical or mental harm to you or someone else

Should you wish to make a request for access to your health records, please see the section titled “Access your health records (Subject Access Request)” further down this page.

Report a complaint or concern

We try to meet the highest standards when processing personal information. You should let us know when we get something wrong by contacting the Complaints Department or our Data Protection Officer or writing to us:

Complaints Department
1st Floor Neutral Zone,
Queen’s Hospital
Romford
RM7 0AG

Telephone: 01708 435 000

Information Governance Department
Queens Hospital Stores
4 Lyon Road
Romford
RM1 2BA

Telephone: 01708 435 000

You may prefer to contact the Information

Commissioner’s Office (ICO):
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: www.ico.gov.uk

Telephone: 0303123 1113

The ICO will not normally consider an appeal until you have exhausted your rights of redress and complaint to the Trust.

 

Cookies

We are committed to protecting your personal information. This page answers some important questions about how we use cookies and how this protects your personal details.

How does our website use cookies?

Cookies are small text files placed on a website visitor’s computer, which identify it to our server. Cookies don’t identify individual users and are widely used in order to make websites work, or work more efficiently, as well as to provide analytical information to the owners of the site which is used to improve user experience.

You may delete and block all cookies from this site. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

Please be aware that restricting cookies may impact on your experience of our website.

List of the cookies used on this website

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of our website, which we use in aggregate form to improve the performance and user experience on our site. Google Analytics uses only first party cookies and collects no personally identifiable information.

Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Because we share videos via YouTube on our website, cookies associated with YouTube may also be placed on your computer. You can read more about these types of cookies here.

How to reject or delete these cookies

Visit Google's privacy section for more information.

Our jobs feed

The BHRUT website uses the Trac recruitment site, provided by Civica UK Ltd, to advertise our current vacancies.

The Trac website, displayed through the use of a code droplet on our website, uses cookies. By accepting our privacy policy, you agree to the use of these cookies. If you choose not to accept cookies, our job roles will not display on our website.

Other third party applications

The BHRUT website uses code droplets to share content from other websites, such as Twitter, YouTube and Google maps. We do this so that our site is easier for you to use, and the content from these other websites is displayed automatically on the page.

We sometimes use code droplets to measure the effectiveness of our recruitment advertising campaigns through third party applications.

These third party applications use cookies. By accepting our privacy policy, you agree to the use of these cookies by third parties.

Cookies used by our website software

Our website software does not use any cookies by default. However, three 'session' cookies are created when a visitor to this website does the following:

  • logs in to the website;
  • clicks one of the contrast buttons.

The three cookies are used to cross-reference each other for improved security.

Links to other websites

The BHRUT NHS Trust website contains links to other websites of interest. However, once you have used these links to leave this website, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. We recommend that you review the websites privacy policy as a precautionary measure. The trust does not endorse any external sites and is not responsible for their content.

 

Google analytics

Google Analytics

The BHRUT website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Links to other websites

The BHRUT website contains links to other websites of interest. However, once you have used these links to leave this website, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. We recommend that you review the websites privacy policy as a precautionary measure. The trust does not endorse any external sites and is not responsible for their content

Social media participation policy

Being part of our online community

We welcome and encourage open discussion and comments on our social media sites. We look forward to hearing from you in all circumstances, including when you want to share a criticism of the hospital or trust. However, we work hard to ensure our forums are a supportive environment for our patients, families, staff and the general community and we expect that your comments and posts will always be respectful of others.

Please note that comments and posts that we consider offensive, abusive, bullying or which unreasonably upset our community will be deleted immediately. Participants who repeatedly post inappropriate material will be blocked from the site.

Visitors who perpetuate views that are contradicted by evidence-based research and global health expertise, and which pose a threat to public and individual health, will be immediately blocked. This includes participants who harass other visitors to the page with incorrect medical information.

If we are made aware of any comments made on social media sites, outside of our social media pages, that are threatening, unlawful or abusive, and relate to or involve our organisation; we will investigate these comments and take any necessary action to protect the hospital, our staff, patients and families.

When participating in conversations or posting comments on social media sites, please keep these important factors in mind. Always remember that when you post a comment to a blog or social media site, it is published for the world to see. For your own privacy and that of your family, you should consider carefully how much detailed personal medical information linked to your name you want published on the Internet. We recommend you also exercise caution and avoid posting detailed personal information like your location, financial information, etc.

Thank you for supporting and contributing to the BHRUT social community.

Monitoring our social media channels

We make a significant effort to monitor and respond to posts and questions on our social media platforms, however we may not always be able to respond to all posts or answer online requests for information in a timely manner, particularly outside business hours.

By submitting content to any of the BHRUT social media sites (wall posts, comments, photos, links, etc.), you understand and acknowledge that this information is available to the public, and that we may use this information for internal and external communications, promotional and fundraising purposes.

Please note that other participants may use your posted information beyond the control of Barts Health. If you do not wish to have the information you have made available via the above mentioned sites used, published, copied and/or reprinted, please do not post it on any of these sites.

Using a camera, video or audio recorder in our hospitals

We understand that speaking with your treating team may feel overwhelming, especially when there is a lot of information to take in. This is why you may record your consultation or treatment for your private use.

However, please speak to your clinician before you start recording so they can provide consent and ensure that the recording does not interfere with your treatment. Your clinician may make a note in your health record stating that you have recorded the consultation or care being provided.

You may not take photos in clinical areas or disclose or publicise a photo, video, or audio recording if it has been modified and is not in connection to your consultation.

We kindly request that you do not share any photos or recordings with other parties, including social media sites, if you have not received consent from the staff or people in the photo or recording. This would be in breach of the Data Protection Act and would be a criminal offence. It is your responsibility to keep the recording safe and secure.

If you wish to undertake photos, filming or recordings in our hospitals for media purposes then please

National Data Opt Out

BHRUT is one of many organisations working in the health and care system to improve care for patients and the public.   

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. 

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with: 

• improving the quality and standards of care provided 

• research into the development of new treatments  

• preventing illness and diseases 

• monitoring safety 

• planning services 

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.  

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed. 

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care. 

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  On this web page you will: 

• See what is meant by confidential patient information 

• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care 

• Find out more about the benefits of sharing data 

• Understand more about who uses the data 

• Find out how your data is protected 

• Be able to access the system to view, set or change your opt-out setting 

• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone  

• See the situations where the opt-out will not apply 

You can also find out more about how patient information is used at: 

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and 

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made) 

You can change your mind about your choice at any time. 

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement. 

Health and care organisations have until 31st July 2022 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.  

Our organisation is compliant with the national data opt-out policy. 

To ensure that we comply with this the Trust will make requests to NHS Spine to review the list patients we propose to include. We will then be notified of the patients we can include in a proposed project with those patients who have opted out removed.  This request will be made for every new project, planning or research project that the national data opt-out applies to.  

Was this page useful?

Was this page useful?
Rating