Oxford Health NHS Foundation Trust is a community focused organisation that provides physical, mental health and social care for people of all ages across Oxfordshire, Buckinghamshire, Swindon, Wiltshire, Bath and North East Somerset.
Our Trust is registered with the Information Commissioner’s Office to process personal and special categories of information under the Data Protection Act 2018 (subject to parliamentary approval) and our registration number is Z1411013.
Our services are delivered at community bases, hospitals, clinics and people’s homes. We focus on delivering care as close to home as possible.
Our vision is that no matter who you are or where you are, you will tell us that you receive: “outstanding care delivered by outstanding people.” Our values are to be caring, safe and excellent.
For information on all our services please visit “Your Services” on our website.
In this Privacy Notice the term Personal Information means any information about you or other people.
In order to provide you with the appropriate and best possible health and social care and treatment, our staff need to collect and maintain information about your health, treatment and care.
Personal information that we collect about you can be held in:
There are different systems used in the Trust depending on which service you are referred to.
Some services may wish to video and/or audio record part of your treatment. This would be with your knowledge and consent.
The Trust processes personal information for the purpose of the provision of “health and Social care treatment to include the management of health and social care systems and services”.
This is a “Public Task” as set down in UK Law.
Read more about the legislation, Data Protection Bill 2018 (subject to parliamentary approval)
Creating a health and social care record we need to collect demographic information consisting of:
Further information may be collected such as your marital status, occupation, religion, email address, place of birth, overseas status and any preferred name or alias.
It is important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care plans and contact you, in accordance with your needs.
We may also hold sensitive personal information about you, which could include:
Personal information is used to manage and assist the staff involved in your care in ensuring that you are appropriately assessed and advised on the most appropriate care for you.
Personal information is used to ensure that the type of care given by the different types of service providers is communicated and shared with all relevant health professionals.
Where possible, we will always look to anonymise/pseudonymise personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use/share the minimum information necessary.
Personal information may be used to provide information to other healthcare professionals, or if you are referred to a specialist or another part of the NHS, social care or health provide.
It may also be used to:
The trust is required to protect personal information and inform you of how personal information will be used.
The trust provides health care services and personal information that can be shared as part of providing a health care service.
Personal information you provide to the trust in confidence will only be used for the purposes explained to you.
The trust does share information with consent, but importantly can also use information about you where there is another legal basis to do so.
We may need to share relevant personal information with other NHS or Non-NHS Organisations.
Sometimes special permission will be given to use information that identifies you without your consent. This may be for medical research or checking quality of care.
This permission is given by the Secretary of State for Health on advice from the National Information Governance Board for Health and Social Care under strict conditions.
The trust may be required by law to share information provided to us. The trust would not disclose any health information to third parties without your explicit consent, however there may be circumstances where the law permits or requires us to share.
Where appropriate the trust will notify you of this sharing. The trust may be required by law to share information provided to us with other bodies these may be, but not limited to:
Sharing personal information with other NHS Organisations would be for the purpose of healthcare.
These authorities would be:
This may also include those contracted to provide service to the NHS in order to support your healthcare needs.
Sharing personal information with Non-NHS Organisations from which you may be receiving care could include Social Services or private care homes
Personal information is held in both paper and electronic format. This is in line with the NHS Records Management Code of Practice for Health and Social Care 2016 and National Archives Requirements
We hold and process information in accordance with the Data Protection Act 2018 (subject to parliamentary approval) as amended by the GDPR 2016.
In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements
The Department of Health and the Information Governance Alliance have set out the current retention periods for maintaining a health and social care record.
The information is kept as long as necessary for your health needs and in line with the standards and you can find these on this link, NHS Record Management code of practice:
We have a duty to:
The Trust is required to ensure that personal information is held securely.
We take appropriate technical and organisational measures including securing computers with access control through user names and passwords for electronically held personal information.
For personal information held on paper, this information is held in locked facilities and where permanently based for archive purposes the records are held in secure external storage.
Please contact the Head of Information Governance:
Mark Underwood Mark.Underwood@oxfordhealth.nhs.uk
IM&T Directorate, The White Building, Littlemore Mental Health Centre, 33 Sandford Road, Littlemore, Oxford. OX4 4XN
The Information Commissioner’s Office (ICO) is the body that regulates the trust under Data Protection and Freedom of Information legislation.
If you are not satisfied with our response or believe we are processing personal information not in accordance with the law you can complain to the ICO at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 6
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510