Privacy notice

Supplementary Privacy Notice on Covid-19 for Patients and Carers 8 April 2020

Covid-19 and your information – Updated on 8th April 2020

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. The notice is an addition to our main Privacy Notice which is available below.

The health and social care system is facing significant pressures due to the Covid -19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be very important in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid -19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.

Further information is available at

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.

Data protection impact assessments

Sample DPIA template

IBD Patient Mobile App

Privacy Notice (your health records).

Your personal information

This page provides you with information about how we use and manage the information we have about you, including how we share it with NHS and non-NHS organisations, and how we maintain confidentiality.

What is personal data?

Personal data is information that relates to a living individual who can be identified from that data.

Why we collect information about you

Homerton University Hospital NHS Foundation Trust keeps records about the health care and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us. It helps you because:

  • Accurate and up-to-date information assists us in providing you with the right care
  • Full information is readily available if you see another doctor or are referred to a specialist or another part of the NHS

It helps the NHS to:

  • Prepare statistics on NHS performance
  • Audit NHS Services
  • Monitor how we spend public money
  • Plan and manage the health service
  • Teach and train healthcare professionals
  • Conduct health research and development

Data Protection Act 2018 (This is the UK’s implementation of the GDPR (General Data Protection Regulations)
The Data Protection Act 2018 governs the processing of personal data held on computer systems and in other formats. It restricts how we can use an individual’s data, and consists of the Data Protection Principles that must be applied when processing personal data.

Organisations that process personal data must register as a ‘data controller’, and notify the Information Commissioner (ICO) why they need to process the data.

Homerton University Hospital NHS Foundation Trust is the data controller of personal information that is collected by the Trust to help us provide and manage healthcare to our patients.

Full details of all the purposes to which data may be put are listed at the ICO website ( The Trust is registered with the Information Commissioner. The Trust registration number is Z5917319.

What kind of information does the Trust hold about you?

  • Name, address, date of birth, NHS Number and next of kin
  • Contacts we have had with  you such as clinic visits
  • Details of diagnosis and treatment
  • Allergies and health conditions

We are currently upgrading our electronic patient record system and rolling out ePrescribing to help our clinicians with decision support and easy, fast access to the information they need to provide you with the best possible care. This will also help make our records of your care more robust; help us keep your GP informed of all we do for you here, and better secure the storage of your health record for the future.

How do we keep your records confidential?

Everyone working for the NHS is subject to the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (the UK’s implementation of the GDPR), and also the Common Law Duty of Confidence. Information provided in confidence will only be used for the patient’s direct care. If it is required for other purposes, then the patient will be asked for consent, unless there are other circumstances covered by the law.

Purpose and Lawful Basis for processing

The Lawful Basis we rely on to process your personal data is article 6(1)(e) in conjunction with Article 9(2)(h) for Special Category Data of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a National Health Service provider.

Why do you collect information about me?

Your doctor and other health professionals caring for you to keep records about your health and treatment from the National Health Service (NHS). It is in the interest of the patient for a full record to be collected. Your records are either written down (manual records) or held on a computer (electronic records).

These may include details about:

  • your address and next of kin
  • your hospital visits
  • the treatment or the care you receive, results of investigations and /or tests
  • information from other health professionals, relatives and those who care or know you well.

Why do you monitor ethnicity?

The Trust serves a multicultural population and ethnicity is monitored because it is important to understand how and why different groups suffer from different conditions. This means we can give you better care and treatment.

How do my records help me?

Your records are used to guide and administer the care you receive. They help us to make sure that:

  • we have accurate, up to date information about your health
  • you receive the best quality of care
  • information is easily accessible within the Trust because this helps us to make decisions about your future healthcare needs
  • any concerns you may have about your health are properly investigated.

Who sees my records?

Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality. Your medical records are kept in secure areas, and generally your records will only be seen by those involved in providing or administering your care. A few administration processes require information that may identify you, however, most processes will use anonymous information.

To make sure you will receive all the care and treatment you need, we might share relevant information about you with other NHS organisations and those outside the NHS. These may include:

  • your General Practitioner (GP) and Pharmacies (Chemists)
  • another hospital
  • local authority departments, including Social Services, Education and Housing
  • NHS walk-in centres
  • NHS Direct and Care Direct Out-of-hours doctors’ services voluntary organisations
  • private sector providers such as private hospitals, care homes, hospices.

We will only share information where it is clearly in your best interests to do so or it is required by law. This includes:

  • notification of new births or deaths
  • if infectious diseases will endanger the safety of others such as meningitis, tuberculosis or measles (but not HIV or AIDS)
  • for child protection reasons
  • when a formal court order is issued.

Information will not be passed to your friends, relatives or carers without your signed consent. Your consent is also needed to share information with other organisations (i.e. employers, insurance companies). This information is passed securely and kept confidential by the people who receive it.

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.*
  • Your right to rectification – You have the right to ask us to rectify the information you think is inaccurate. You also have the right to ask us to complete the information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

The National Data Opt-Out

This is a service that allows patients to opt-out of their confidential patient information being used for research and planning. By 2020 all health and care organisations are required to apply national data opt-outs where confidential patient information is used for research and planning purposes.

Patients can find out more and set their opt-out choice at

How do my records help the NHS?

Your information helps us:

  • monitor your quality of care
  •  meet the general public’s health needs make sure our services meet future needs
  • teach and train healthcare professionals conduct health research, development and audit transfer to other providers to improve care
  • investigate a complaint you have made
  • prepare statistics on NHS performance.

Access to your health information used for these purposes is controlled and monitored.

When information is used for statistical purposes, we do not identify individual patient’s details. Some information may also be passed on to other organisations with a legitimate interest (i.e. planning services with other organisations outside the NHS).

Notification to the Cancer Registry

The NHS has been contributing to the Cancer Registry for many years to help understand the causes of cancer.

At the moment this is not a legal requirement however we are committed to continuing this practice for the future benefit of cancer sufferers.

Can I see my health records?

The Data Protection Act 2018, allows you to find out information held about you by the Trust.


Children, as well as adults have the right to request a copy of their records and also have the right to request that the Trust stops processing their data.

If you require access to your health records you can make a verbal or written request through the contact details below: (We will send you a request form for completion and signature. We will also require proof of identity and sometimes other information to ensure we comply with Data Protection Law. We will usually complete your request within one calendar month in line with the DPA 2018).

Health Records Manager
Homerton University Hospital NHS Foundation Trust Homerton Row
London E9 6SR
Email: Telephone: 020 8510 7008

You are entitled to receive a copy of both paper and electronic records. In certain circumstances your right to see some details may be limited for your own interest or for another reason, such as the protection of others. If you believe that there is an error in your records you may request that it be corrected or you may ask that a statement from yourself stating the reason for your belief that there is an error is included in your Health Records.

Where can I get more information?

If you have any questions about how your information is used contact David Waters, Data Protection Officer & Information Governance Manager at the Homerton University Hospital NHS Foundation Trust on 020 7683 4102 or email

Everyone has the right to lodge a complaint with the ICO if they wish to:

The Information Commissioners Office (ICO) T: 030 3123 1113


Patient Advice and Liaison Service (PALS)

PALS can provide information and support to patients and carers and will listen to your concerns, suggestions or queries. The service is available between 9.30am and 4pm. Telephone 020 8510 7315, Textphone: 07584 445 400 or email
For information on the references used to produce this information, please ring 020 8510 5302 or email
A voicemail service is available out of office hours.

Additionally, you have a right to complain to the Information Commissioner if ever you are unsatisfied with the way the Trust has handled or shared your personal information:
Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Tel: 0303 123 1113 (or 01625 545745 if you would prefer not to call an ‘03’ number, or +44 1625 545745 if calling from overseas)
Fax: 01625 524510

Produced by: Information Governance Service Corporate
Homerton University Hospital NHS Foundation Trust
Homerton Row
E9 6SR

T:   020 8510 5555