Information Governance

Our Commitment to your Data Privacy and Confidentiality

We are committed to protecting your privacy and will only process personal confidential data  lawfully and in accordance with the Data Protection Act 2018. Incorporating the General Data Protection Regulations (GDPR), the Privacy and Electronic Communications Regulations (PECR), the Common Law Duty of Confidentiality and the Human Rights Act 1998.

MKUH is a Data Controller under the terms of the Data Protection Act 2018. We are legally responsible for ensuring that all personal information we hold, and use is done so in compliance with the law. All data controllers must ensure they are compliant of the Data Protection Act 2018. More information can be found on the Information Commissioner’s website.

Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee, the NHS Constitution, the Health and Social Care Information Centre Guide to Confidentiality as well as the NHS Confidentiality Code of Practice provide a commitment that all NHS organisations, and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and well-being.

We will not share information that identifies you unless we have a fair and lawful basis on which to do so:

  • To ensure your safe care and treatment
  • To protect children and vulnerable adults
  • When a formal court order has been served on us
  • When we are lawfully required to report certain information to the appropriate authorities
  • To protect the health and safety of others e.g., Emergency Planning reasons
  • When permission is given by the Secretary of State for Health or the Health Research Authority (HRA) on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals.

If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies. This is done for the purpose of improving local services, research, audit, and public health. This is an important part of our processing as it ensures that the NHS keeps improving its standards and treatments.

We also anonymise information for Indirect Care so that we can:

  • Review our planning and services so that we meet patients’ expectations and needs
  • Prepare statistics and performance figures
  • Safeguard the health of the public
  • To provide training and continuing education for our staff.

Processing of data statement (Research & Development)