Cookies: We use cookies on our website to make it clear, useful and reliable. This includes storing a small amount of data about you. By navigating to other sections of our website, you are consenting to information being stored. Find out more here.
Privacy and GDPR
Privacy and GDPR
Privacy and GDPR
Privacy and GDPR
1) Controller contact details
South London and Maudsley NHS Foundation Trust Bethlem Royal Hospital Monks Orchard Road Beckenham BR3 3BX
2) Data Protection Officer contact details
Claire Delaney-Pope
Informationgovernence@slam.nhs.uk
3) Purpose of the processing
The purpose of the envisaged data flows is to effectively deliver and document the delivery of vaccinations for COVID-19 to individuals.
4) Lawful basis for processing
Under the General Data Protection Regulation (GDPR), the lawful basis for processing this data is found at Articles:
6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
and
9(2)(h) Processing is necessary for the purposes of the provision of health or social care or treatment.
The ‘Notice’ issued by the Secretary of State for Health sets aside the requirements of Common Law Duty of Confidentially for COVID-19 purposes, Regulation 4 Health Service Control of Patient Information Regulations 2002 provides that ‘information may be processed in accordance with these Regulations, notwithstanding any common law obligation of confidence’, meaning that identifiable patient data can be shared with other organisations where it is ‘necessary’ for a COVID-19 purpose.
5) Recipient or categories of recipients of the processed data
Health and social care organisations, GPs, Arm’s Length Bodies (such as NHS Digital and Public Health England), local authorities.
6) Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. You can exercise this right by contacting the organisation’s data protection officer, whose details are listed above. There is no right to have accurate medical records deleted except when ordered by a Court of Law.
8) Retention period
The data will be retained in line with the law and national guidance. https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the Information Governance team at informationgovernance@slam.nhs.uk
9) Right to Complain
You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/ or call their helpline at 0303 123 1113 (local rate) or 01625 545 745 (national rate). There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).
South London and Maudsley NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
How to opt out or for more information
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Category |
Data type |
Identifiers |
Your name, date of birth, NHS number |
Contact details |
Your address, telephone number, email address (if provided) |
Support contact details |
Names, contact details of carers, relevant close relatives, next of kin, representatives |
Physical, social or mental health situation or condition |
Your medical history, treatments, test results, referrals, care plans, care packages, medication, medical opinions and other relevant support you are receiving |
Protected characteristics |
Your ethnicity, religion, sexual orientation, gender, which are required for equality monitoring and ensuring that the services are suitable and provided in the right way for the people being cared for |
Purpose |
System name |
Electronic health records |
ePJS |
Electronic staff records |
ESR |
Complaint and incident records |
Datix |
Clinical observations |
eOBS |
Clinical incident records |
SafeCare |
Personal health records |
Healthlocker |
Business intelligence |
Microsoft BI |
Translational research using de-identified data |
CRIS (research pipeline) |
Internal staff communication |
Intranet |
Staff rosters |
eRoster |
Workforce recruitment |
TRAC |
Workforce training and professional development |
LEAP |
Enterprise network and email |
Office365 / UK Azure Cloud |
Finance system |
eFinancials |
Procurement system |
eProcurement (eFinancials module) |
Invoicing system |
ITSOFT |
Contracts monitoring |
Soles |
IT service desk |
SDE Service Desk (new platform in Q2) |
Estates and facilities helpdesk |
PlanetFM |
VoIP |
Cloud Telephony |
The information we collect is used by people in their work for the purposes stated in this notice. We take our duty to protect your personal information and confidentiality very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
Data type |
Purpose of collecting |
Names, addresses and telephone numbers |
Employment contracting |
Spouse, partner, emergency contact, close relative, next of |
Emergency contact |
Employment records (including professional membership, |
Statutory requirement of employment, performance management, professional development |
Bank, National Insurance number and pension details |
Payment of salaries and other expenditure claims |
Nationality / domicile |
Proof of eligibility to work in the UK |
Ethnicity |
Equality monitoring, equal opportunities |
Medical information including physical health or mental |
Appropriate adjustments to work arrangements, management of disability rights and other occupational health services |
Religious beliefs |
Spiritual support, equal opportunities, equality monitoring |