Your personal information

What we collect and why we need it.

As an NHS provider, we must by law keep patient records. There are legally set time frames within which we much operate, for example, we must keep mental health records for 20 years after the date of last contact with this service (30 years for children).

Our records are electronic. Our record will include the following:

  • full name, date of birth, and address
  • NHS number
  • reason for referral
  • medical history
  • other information such as family history, school, work status as these may be relevant to the development of your care plan
  • any risks to your health/your child’s health

We will make a note of each contact you/your child has with the service and document our assessments and the care plan that has been discussed with you. We will make notes about the progress of treatment. We will also record any concerns we have about risks to your health or your child’s health, for example, where there is a risk of harm.

Your record will also include correspondence (letters/notes of phone calls/ notes from email and text messages to/from other professionals/agencies) to other professionals involved in your care and our correspondence to you.

We need this information in order to provide you with appropriate and safe care, so we need to keep your personal information up to date. If there are any changes to your circumstances during the time you are attending this service, for example, if you change your GP, please let us know.

If you believe that information in your or your child’s record is inaccurate or incorrect, then please discuss with the clinician involved in your care.

Sharing information

In order to provide you with good care we need to share information about you with other involved professionals, e.g. your GP, and this will be with your consent. We may also share details with other members of the clinical team involved in your/your child’s care either here or externally. Any organisation that receives information from us about you is also legally bound to keep your information confidential and to store it securely.

Disclosure without consent

Occasionally there are circumstances in which we have to disclose information and when we do not necessarily need to obtain patient consent. 

The three main justifications for this are:

  • where there are concerns about the safety of a child or vulnerable adult
  • when it is in the wider public interest to do so, for example, in the case of a serious crime
  • when disclosure is required by law, for example when we are ordered by a court to do so

Confidentiality and keeping your information safe

As NHS employees, we are bound, by a common law duty of confidence and by the Data Protection Act 1998, to protect personal information that we may come to know during the course of our work. Details on protecting patient information is set out in the NHS Care Record Guarantee. We also have contractual responsibilities and professional codes of conduct, by which we must abide.

We receive regular training to make sure we understand our legal responsibilities to keep your personal information safe and to know in what circumstances we may have to share confidential information.

We have procedures and policies in place to make sure that your personal confidential information is secure and that access to your record is strictly controlled and on a need to know basis. Your record is not accessible to anyone outside the Trust.

You have the right to receive copies of letters written by NHS professionals about your health care and treatment. Unless you tell us otherwise, we will always send a copy of correspondence about you that we send to others. You can change your mind at any time. If English is not your first language, we will endeavour to provide translated copies. However, there may be rare instances when a clinician feels it is not appropriate to provide copies of letters/reports as it may cause you harm.

The Caldicott Guardian

The Caldicott Guardian is a senior clinician appointed by the Trust to ensure the protection of confidential patient information within the organisation and enabling information sharing externally. The Caldicott Guardian can be contacted at:

We follow the Caldicott Principles for sharing confidential information:

  • we must justify why we are using the information
  • we must not use personal information unless necessary
  • we use only the minimum information necessary
  • only those who need to know your personal information have access
  • we understand our responsibilities and the legal framework within which we work and
  • we understand the principle that the duty to share personal confidential data can be as important as the duty to respect service user confidentiality

Using your personal information in anonymised form

Personal data is anonymised and used both internally and externally. For example: to inform our management and planning; to inform our commissioners (the people who pay for the services we provide) of our levels of activity; to evidence, by monitoring patient outcomes and feedback, that the treatments we provide are effective; and for clinical audit. Your treatment is not affected by decisions you make about sharing your information.

Communicating by email

Email communication is generally not secure and risks breaching your confidentiality. However, patients sometimes prefer to contact us by email and for us to reply in same way. If you wish us to correspond with you by email about your health care you must sign our consent form. Please discuss this with your clinician at the first appointment.