This page explains how we collect, use, retain, and disclose your personal information, and outlines your rights under data protection laws.
Our responsibilities
We have a legal duty to:
- Keep accurate and up-to-date records of the care we provide to you.
- Use your information in ways that protect your privacy and maintain confidentiality.
- Store your information securely and dispose of it safely when no longer required.
- Provide you with access to your information when requested.
We comply with data protection laws including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Confidential information about you
Doncaster & Bassetlaw Teaching Hospitals NHS Foundation Trust (DBTH) collects, stores, and processes large amounts of personal data every day, such as medical records, personal records, and computerised information. This makes DBTH a Data Controller. As a Data Controller, the Trust is registered with the Information Commissioner’s Office (ICO). Details of our registration can be found on the ICO website by entering our registration number: Z5372151.
We take our duty to protect your personal information and confidentiality very seriously and are committed to taking all reasonable measures to ensure the confidentiality and security of all the personal and sensitive information for which we are responsible, whether it is on a computer system or on paper.
At board level, we have a Senior Information Risk Owner (SIRO) who is accountable for the management of all our information assets and any associated risks and incidents. We also have a Caldicott Guardian who is responsible for advising on all aspects of the management of your personal information and its use. To comply with GDPR, we have appointed a Data Protection Officer (DPO) who ensures that the Trust is accountable and complies with the EU’s General Data Protection Regulation (GDPR) and the UK’s Data Protection Legislation.
Why and how we collect information
We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment. This is to support the provision of high-quality care. These records may include:
- Basic details such as name, address, date of birth, and next of kin.
- Contact we have had, such as appointments and home visits.
- Details and records of treatment and care, including notes and health reports.
- Results of medical imaging, x-rays, blood tests, etc.
- Information from people who care for you and know you well, such as health professionals and relatives.
It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies, or health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.
Information is collected in a number of ways; via your healthcare professional, referral details from your GP, or directly given by you.
How your information helps
Your information can help:
- To help inform decisions that we make about your care.
- To ensure that your treatment is safe and effective.
- To work effectively with other organisations who may be involved in your care.
- To support the health of the general public.
- To ensure our services can meet future needs.
- To review care provided to ensure it is of the highest standard possible.
- To train healthcare professionals.
- For research and audit.
- To prepare statistics on NHS performance.
- To monitor how we spend public money.
There is also potential to use your information to deliver care and improve health and care services across the NHS and social care. Where we need to have your explicit consent, we will ask you for it, and you will be properly informed.
This is particularly important where the patient is a child. We have provided Privacy Notices and information on our website to help you and your child, and children over 13, to make properly informed decisions about their treatment and their personal information.
Your rights
Under data protection law, you have the following rights:
- To be informed about how we use your data.
- To access the personal information we hold about you.
- To correct inaccurate or incomplete data.
- To request erasure of your data in certain circumstances.
- To restrict processing of your data.
- To object to processing where applicable.
- To data portability, allowing your information to be moved, copied, or transferred.
- To object to automated decision-making and profiling.
You can find more details or make a request by contacting our Information Governance team.
Accessing your health records
If you would like to see or request a copy of your health records, you can do so through a Subject Access Request. Full details and the request form are available here.
We aim to respond to requests within one calendar month.
Sharing your information
We may share relevant health and care information with:
- GPs and other NHS providers involved in your care.
- Social care and community services.
- NHS commissioning bodies and regulators.
- Trusted partners providing services on our behalf.
Information is only shared when necessary for your care or as required by law.
Integrated Care Records
In addition to the Yorkshire and Humber Care Record (YHCR) and the NHS Federated Data Platform (FDP), we contribute to several regional data-sharing initiatives to improve joined-up care:
- The Notts Care Record (NCR) – Learn more
- The Integrated Doncaster Care Record (iDCR) – View our fair processing notice
- The Yorkshire and Humber Care Record (YHCR) – Learn more
The NHS Federated Data Platform (FDP)
The NHS Federated Data Platform (FDP) is a national system that brings together data from across the NHS into a single, secure platform. It is designed to help us:
- Plan and coordinate patient care more effectively.
- Improve waiting list management and discharge planning.
- Better manage resources and patient pathways.
- Support health inequalities and population health work.
We intend to implement the FDP at DBTH in the coming months, as part of a national programme led by NHS England. This will help us deliver safer, more joined-up care. Only authorised users will be able to access this platform, and strict data protection rules will apply.
How long we keep your information
We retain personal data in accordance with the NHS Records Management Code of Practice. Retention periods depend on the type of record and the legal requirement.
Security and CCTV
We use CCTV on our sites to support safety and security. Recordings are stored securely and only accessed when necessary.
National data opt-out
You can choose whether your confidential information is used for planning and research. Please note: we will never use your information for research without your express permission. To opt out or find out more, visit the NHS Your Data Matters website.
Privacy notices
It is the Trust’s intention to provide understandable privacy notices both on our website and in all of our main patient waiting areas.
You can view or download our current notices below:
- DBTH Privacy Notice for Adults (Full)
- DBTH Privacy Notice – Poster Version
- DBTH Privacy Notice for Children
- DBTH Foundation Trust Members Privacy Notice
- DBTH Staff Privacy Notice
- DBTH Privacy Notice for Staff as Members
- COVID-19 Privacy Notice
- Notts Care Record (NCR) – Digital Notts
- Yorkshire and Humber Care Record
- Integrated Doncaster Care Record (iDCR) – Fair Processing Notice
Contact us
If you have questions about how your information is used, or if you want to exercise any of your rights, please contact our Information Governance team, details here: https://www.dbth.nhs.uk/about-us/our-publications/information-governance/
You also have the right to contact the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your data: www.ico.org.uk
Content out of date? Information wrong or not clear enough? Report this page.