This leaflet answers common questions about how we use and share information about you or your health. 

What do we mean by 'data'? 

Data is any information about you or your health. It can mean your name, your date of birth, NHS number or your address. It can also mean your blood test results or results of any other tests carried out such as a scan or your medical history. 

How do we use your data? 

When you come to hospital, we ask you for information about yourself. Clinicians, such as doctors and nurses, need to find out as much as possible about your health so they can provide the best treatment for you. This information is recorded and used in many ways. It allows us to contact you if we need to, and it allows us to make an accurate diagnosis and give you appropriate treatment. 

We record and store your data on different systems so different clinicians involved in your care can see your medical history. Some of our medical devices will also record information about you, for example x-ray machines, or devices used to monitor your vital signs. 

Who we share your data with 

We share data with other healthcare organisations such as GPs or other hospital trusts who treat you to ensure continuity of care. We also share data with expert organisations if we need a second opinion of your condition. The data is only ever shared on a ‘need to know’ basis so we can deliver appropriate treatment. 

We enter into formal data sharing agreements or contracts with organisations that provide a range of different services for the trust and enable us to provide the best quality care. This includes IT organisations, which process blood test results or provide clinical alerts which help staff make quick diagnoses. 

What rules do we follow? 

The Data Protection Act 2018 and UK General Data Protection Regulation govern how your personal information is used by us. 

Under data protection laws the Royal Free London NHS Foundation Trust is defined as a ‘data controller’ of personal information. This means we are responsible for the data. The organisations we contract with to store or use data on our behalf are known as the ‘data processors’. Processors can only ever use your data in ways that we authorise. 

The trust is registered with the Information Commissioners Office (ICO), which regulates data protection laws (our registration number Z6460180). There is more information about the ICO below. 

At the trust there is a Caldicott Guardian, a data protection officer and a senior information risk owner who all have a responsibility to ensure patient data is kept safe and only shared with those who need to see it. 

Who is the Caldicott Guardian? 

The trust’s Caldicott Guardian is Dr Jayne Lim. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information-sharing. Each NHS organisation is required to have a Caldicott Guardian. 

Caldicott Guardian address:

Dr Jayne Lim
Royal Free London NHS Foundation Trust
North Middlesex University Hospital
Sterling Way
London
N18 1QX

Email: rf-tr.caldicottguardian@nhs.net

Who is the data protection officer? 

The trust’s data protection officer is Kevin Winter. The data protection officer is a designated person within an organisation who is responsible for ensuring that the organisation complies with the Data Protection Act and General Data Protection Regulation. 

Data protection officer email: rf-tr.rfldpo@nhs.net

Who is the senior information risk owner (SIRO)? 

The trust’s SIRO is Emma Kearney. The SIRO is a member of the trust board, acting as an advocate for information risk and advises the board and Information Asset Owners on mitigating the impact of information risks on the trust’s strategic goals. 

SIRO email: rf-tr.informationgovernance@nhs.net 

How do we share data? 

Your data is always shared securely using industry standard security techniques. Occasionally there is paper based sharing such as post or by secure courier. 

What can I do if I think you have done something wrong? 

If you think the trust has done something wrong with your data, you can make a complaint to us at rf-tr.complaints@nhs.net

Information Commissioner’s Office

You can also complain to the Information Commissioner’s Office. The commissioners contact details are: 

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

ICO website
Helpline: 0303 123 1113 

How can I access information recorded about me? 

You have a right to access information that we hold about you. You can find details of how to request a copy of your information on our website or email the access team at rf-tr.accessrequests@nhs.net.