Tier One – Overview of information held and shared
Information the Trust holds about patients
- identity details - name, date of birth, NHS Number
- contact details - address, telephone, email address
- 'next of kin' - the contact details of a close relative or friend
- details of any Emergency Department visits, in-patient stays or clinic appointments
- results of any scans, X-rays and pathology tests
- details of any diagnosis and treatment given
- information about any allergies and health conditions
- information about any DNAR decisions, living wills etc.
Dorset County Hospital NHS Foundation Trust works with a number of NHS organisations and independent treatment centres in order to provide the best possible care. Your information may therefore be securely shared to provide continuity of care.
Sharing your information
We know that good communication with other healthcare professionals involved in your care is beneficial to you, and so we work closely with many organisations in order to provide you with the best possible care. This means that if another healthcare professional or service is involved in your care, it might be appropriate to share information with them in order that you can receive the required care.
Your information will be shared between those involved in providing care to you. This includes doctors, nurses and allied health professionals, but may also include administrative staff who deal with booking appointments or typing clinic letters.
Access to information is strictly controlled and restricted to those who need it in order to do their jobs. All Trust staff receive annual training on confidentiality and data security and also have strict contractual clauses within their employment contracts which oblige them to respect data protection and confidentiality.
The Trust shares and obtains patient information with a range of organisations or individuals for a variety of lawful purposes, including:
- disclosure to GPs and other NHS staff for the purposes of providing direct care and treatment to the patient, including administration
- disclosure to social workers or to other non-NHS staff involved in providing health and social care
- disclosure to specialist employees or organisations for the purposes of clinical auditing
- disclosure to those with parental responsibility for patients, including guardians
- disclosure to carers without parental responsibility
- disclosure to medical researchers for research purposes (subject to explicit consent, unless the data is anonymous)
- disclosure to NHS managers and the Department of Health for the purposes of planning, commissioning, managing and auditing healthcare services
- disclosure to bodies with statutory investigative powers - e.g. the Care Quality Commission, the GMC, the Audit Commission, the Health Service Ombudsman
- disclosure to national generic registries - e.g. the UK Association of Cancer Registries
- disclosure to solicitors, to the police, to the Courts (including a Coroner's Court), and to tribunals and enquiries
Confidential patient-identifiable information is only shared with other organisations where there is a legal basis for it, such as:
- when there is a Court Order or a statutory duty to share patient data
- when there is a statutory power to share patient data
- when the patient has given his/her explicit consent to the sharing
- when the patient has implicitly consented to the sharing for direct care purposes
- when the sharing of patient data without consent has been authorised by the Confidentiality Advisory Group of the Health Research Authority (HRA CAG) under Section 251 of the NHS Act 2006.
Patient information may be shared, for the purposes of providing direct patient care, with other NHS provider organisations, such as NHS Acute Trusts (hospitals), NHS Community Health (primary care), NHS general practitioners (GPs), NHS ambulance services etc. To maintain patient safety, this data will always be identifiable. For the purposes of commissioning and managing healthcare, patient information may also be shared with other types of NHS organisations, such as the local Clinical Commissioning Group (CCG), and NHS England. In such cases, the shared data is made anonymous, wherever possible, by removing all patient-identifying details, unless the law requires the patient's identity to be included.
For the benefit of the patient, the Trust may also need to share patient health information with non-NHS organisations which are also providing care to the patient. The Trust will not disclose confidential health information to third parties without the patient's explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires disclosure. These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the police, voluntary sector providers, and private sector providers.
Where patient information is shared with other non-NHS organisations, or for reasons other than direct patient care, it is good practice for an information sharing agreement to be drawn up to ensure that information is shared in a way that complies with all relevant legislation.
Patients are not legally or contractually obliged to share information with their healthcare provider however, your care will be affected if your clinicians do not have the relevant information that they need to diagnose and treat you.
Information the Trust holds about staff
- identity details - name, date of birth, employee assignment number and copies of identity documents
- information on right to work, where applicable
- contact details - address, telephone, email address
- 'next of kin' - the contact details of a close relative or friend in case of emergencies
- information pertaining to nationality, ethnicity and disabilities, where it has been declared
- references received
- training information and certificates
- appraisal documentation
- absence records - sickness forms and medical certificates, maternity and paternity forms, accident reports
- information relating to performance and any disciplinary action taken
- resignation letters and exit documentation
Dorset County Hospital NHS Foundation Trust has an obligation to provide staff with an Occupational Health service. This service is provided by a third party who will process information and hold records about staff who have contact with the service. Please contact HR for further information, or look on the internal website if currently employed.
Sharing your information
We know that good communication with staff is beneficial to their health and wellbeing. Communication between employees, line manager and Human Resources representatives may be verbal, in email or formally in writing. Informal communications are not transferred into personnel files.
Access to information is strictly controlled and restricted to those who need access in order to do their jobs, such as HR employees and line managers. All Trust staff receive annual training on confidentiality and data security and also have strict contractual clauses within their employment contracts which oblige them to respect data protection and confidentiality, not just with regards to patient information but also for staff.
The Trust outsources some services for staff, such as Occupational Health and Payroll who will process personal data in order to provide their service. All such third parties are held to strict contracts, including Data Protection and Confidentiality clauses and must maintain adequate information security standards.
Information the Trust holds about public members
Public Members are an optional role within Dorset County Hospital as an NHS Foundation Trust. All staff are members of the Trust and will receive newsletters and communications about open days and members events through internal communications and can vote in the Staff Governor elections. Any members of the public who wish to become a public member can do so voluntarily by providing the Trust with their name and contact information. This information is placed into a secure database which is used for posting or emailing newsletters and communications about open days and public events. Public members can also stand as Governor and vote in the public Governor elections.