Clinical Privacy Notice

Clinical Information collected about patients, family members and others that the patient identifies as important to them

Why do we collect patient information about you?
In order to support your care, health professionals maintain records about you. We take great care to ensure your information is kept securely, that it is up to date, it is accurate and used appropriately. All of our Mountbatten staff are fully trained to understand their legal and professional obligations to protect your information and will only look at your information if they need to. They will only look at what they need to in order to do things like arrange to visit you, give palliative care advice, provide you with care and if necessary refer you on to other services. Your care will sometimes be discussed with colleagues within the service to ensure that your care is co-ordinated and/or to obtain further advice from other team members (e.g. doctors, occupational therapists, pharmacists, physiotherapists, psychologists, nurse specialists, dieticians, chaplains, social workers, patient equipment and transport services etc). 

What is our legal basis for collecting your data?
Mountbatten justifies collecting your data under three legal bases:

  • Consent: we will ask for your consent if we need to carry out certain medical procedures
  • Vital interest: we will need your data to protect your life in certain circumstances
  • Legitimate interest: our staff will require access to certain data to carry out their roles.
Why do we collect information about your family members, carers and others that you identify as important to you?
We record names and contacts details about your family members, carers and others that you identify as important to you in order to:
  • Keep them informed of changes in your situation (unless you ask us not to)
  • Involved them in planning that might affect them as well as you (e.g. if we were arranging for health or other professionals to visit you at home, or for equipment to be delivered)
  • Offer support, including emotional and psychological support, if needed
  • Offer bereavement support and attendance at remembrance events if you were to die
What information do we hold about you?
We use a combination of electronic and paper records and working practices and technology to ensure that your information is kept confidential and secure. Records which Mountbatten hold about you may include the following information;
· Your age, contact details and next of kin
· Details of your referrals, appointments, telephone calls, clinic visits etc.
· Records about your symptoms and concerns, illnesses, medications, treatment and care
· Results of investigations, like laboratory tests, x-rays, etc.
· Information from other health professionals, relatives or those who care for you

Where do we get information about you from?
In additional to the information that you, your family and any carers give to us, we often obtain information from:
  • The professional referring you to our service
  • Records of investigations (e.g. imaging, biopsy and blood results), clinic letters and discharge summaries available electronically from local and mainland hospitals via their secure electronic information systems (e.g. e-care logic; Care and Health Information Exchange system)
  • Other professionals already involved in, or who can give help and advice about, your care.
What happens if you don’t need regular contact from us for a while?
If your care with us has been completed, we will talk with you about discharging you from our care. This means that you no longer appear on our day to day list of patients, but we could still retrieve your notes if you were referred back to us in the future.
If you are not requiring regular care from us, but you are likely to need care from us again in the future, then we keep your referral to us “open” so that you can contact us directly without needing a new referral; we can then rapidly find your information if you contact us. We do this by keeping your records on our “share my care” register: this is a list of patients who are known to us, are likely to need care from us in the future, and can thus phone our helpline directly.
When is your information shared?
We will only use or pass on information about you to other health professionals to support your care. If we feel that it is in your best interests to share your information with someone else e.g. Social Care or a Voluntary Organisation that could support you we will ask your permission to do so. Everyone who has access to your information is required by Law to keep it confidential. We will not disclose your information to anyone else without your permission unless in exceptional circumstances e.g.:
  • safety was at risk (e.g. risk of suicide, concern for the safety of a child, yourself or another adult etc) or if we were required to share information by law (e.g. a notifiable infectious disease, a court order etc)
  • you were unable to give permission (e.g. in a coma or disorientated). We would then make a best interests decision based on any wishes or views you had previously given us, and the views of any family, carers or others you’d identified as important to you (unless you had previous directed us not to discuss you care with them)
  • if required by regulators (e.g. the Care Quality Commission, the Controlled Drugs Local Intelligence Network, the Medicines and Healthcare Regulatory Authority etc) 
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:

· Your GP practice
· NHS Trusts / Foundation Trusts (e.g. St Mary’s hospital, Southampton and Portsmouth hospitals, other ambulance trusts, out of hours services such as 111)
· Clinical Commissioning Groups
· Social Care Services
· NHS Commissioning Support Units
· Independent Contractors such as dentists, opticians, pharmacists
· Private Sector Providers (e.g. oxygen suppliers, wheelchair providers)
· Voluntary Sector Providers
· Health and Social Care Information Centre (HSCIC)
· Local Authorities
· Education Services
· Fire and Rescue Services
· Police & Judicial Services
· Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required.
You have the choice to share or not to share
You can ask for all or some of your information not to be shared outside of Mountbatten. If you decide not to share at all this will not affect your entitlement to care. However, it may result in the delivery of your care being less efficient, timely or safe as other health professionals will not see your full medical history. If you have any concerns about how your information is shared or held, please discuss with a member of Mountbatten staff.
How your records are stored
Like all GP Practices on the Isle of Wight, the District and Community Nurses, and a subset of services at St Mary’s Hospital, Mountbatten uses an electronic clinical records programme called TPP SystmOne which is where most of your information is stored. We also hold a small amount of information on paper (e.g. medication prescriptions, summaries of care and wishes to use in the event of an electrical failure etc). Because of this, we can share information electronically and securely about your care to support you more effectively. Other services that use SystmOne will ask your permission to see your information when they first see you.
Access to your health information
You have a right to access, view or obtain copies of information that Mountbatten holds about you, and to have it amended or removed should it be inaccurate. You can make what is called a ‘Subject Access Request’
  • Your request must be made in writing to Mountbatten
  • There may be a charge to have a printed copy of the information held about you
  • We are required to respond to you within a set time limit
  • You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located
Can my information be used for any other reason?
Mountbatten participates and contributes to efforts by the NHS to use your information in an anonymous and safe way to:
  • protect the health of the public
  • help us anticipate, plan and provide care
  • audit, review, monitor and evaluate the quality of services provided

Information used for these purposes will not identify you but if you would like further details about this, or if you do not want us to use your information in this way, please contact the Mountbatten Data Protection Officer.
Retention of records
Records of clinical care now often inform future clinical decision making: for example, responses to medication such as allergies; diagnoses that might recur in the future. Therefore your details will be held on SystmOne after you have been discharged from Mountbatten so that your patient record can be shared across various services and accessed by other professionals to ensure decisions are informed. There is a privacy alert function within SystmOne which will allow SystmOne administrators to see if someone has accessed your record inappropriately and you will be notified if this is the case.
What happens after someone dies?
Families often tell us that it can be upsetting when hospitals and others continue to try and contact their loved one after death. Therefore, if a patient dies with us, we notify others involved in their care. We also ensure, that if the deceased had previously been on our fundraising database, their details are updated accordingly.
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. Please inform us of any changes so our records are accurate and up to date for you.
The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office website

Mountbatten is registered with the Information Commissioners Office (ICO).
Who is the Data Controller?
The Data Controller, responsible for keeping your clinical information secure and confidential is the Mountbatten Caldicott Guardian.

"It's another's kept me in this world!"


Maureen, Patient