Cookies and privacy 

UCLH patient privacy and personal information policy

How your personal information is used by UCLH.

Please read this privacy notice to understand how we use and protect the information that you provide to us.

UCLH Data Privacy Notice

Your information will be held by UCLH.

The General Data Protection Regulation (GDPR) requires us to manage all personal information in accordance with the Data Protection Principles. We are required to process your personal information fairly and lawfully. This means that you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide the patient care that you require.

All our employees are responsible for maintaining patient confidentiality. We provide training and education to all employees to remind them of their obligations. In addition, our policies and procedures are regularly audited and reviewed.

What's covered in this Data Privacy Notice?

Your information

UCLH is committed to providing top-quality care, excellent education and world-class research.

The UK is a world leader in data protection and privacy. To comply with both EU and UK laws, we have to manage your personal information fairly, lawfully and transparently. This means you’ll know how we use your information and we’ll tell you about your rights. You can then decide whether you want to give us your information so that we can provide the correct patient care that you need.

All our employees are responsible for maintaining patient confidentiality. We provide training and education to all employees and we regularly review our policies and procedures. Our aim is to make sure that you have confidence in UCLH and feel comfortable about giving us your information. We believe that safely looking after your information is a key part of our relationship with you.

We have a dedicated team that looks after data privacy rights. We also have a Data Protection Officer (DPO) to guide UCLH and oversee your personal information

Information Governance Team
ICT Directorate
2nd floor A, Maple House
149 Tottenham Court Road
London
W1T 7NF

Data Protection Notice

Under the terms of the Data Protection Act and the General Data Protection Regulation, UCLH must protect any information collected from you. We use leading technologies and encryption software to protect your data, and maintain strict security standards to prevent any unauthorised access to it.

Changes to this privacy policy

We may make changes to this privacy policy at any time. Changes will be posted here and are effective immediately. You should visit this page regularly so you know:

  • What personal information UCLH collects
  • How UCLH uses your personal information
  • When (if ever) UCLH shares your personal information with someone else

What information do we collect?

  • We collect personal information from people who have directly registered with UCLH, referred to our hospitals by other trusts, hospitals and GP practices, through A&E and other ways.
  • We collect the following kind of information from people visiting the UCLH website
    • Feedback (through visitors emailing UCLH or completing online forms
    • Site usage information, using and page tagging techniques

After we reply to your feedback or calls, a record of your message will be kept for the minimum of time required before it's deleted. The length of time we keep the information is in accordance with the Department of Health's retention schedule.

How we use your information

Information collected by UCLH is used for:

  • Contacting patients (with their permission)
  • Contacting visitors (with their permission)
  • Making appointments, referrals, follow-ups,
  • Training
  • Research purposes
  • Service improvements
  • Improving the content and design of our website

UCLH will never share your information with other organisations for marketing, market research or commercial purposes. UCLH does not pass on your personal information without your consent.

How long we will keep your information

We’ll keep your information in line with the Department of Health records retention schedule. We’ll also keep your personal information for a certain period after your health care has ended or you’ve completed your treatment.

When determining how long this period will last, we take into account our legal obligations, the expectations of data protection regulators, and the amount of time we may strictly need to hold your personal information to carry on our work. For example, if you have a patient record with UCLH, we’ll keep your information and patient details for a specific length of time. To meet our legal and regulatory requirements, we must keep much of this information for many years.

We’ll also need to keep your information in archived form in order to protect our legal rights. This may be for the period during which legal claims can be made under applicable law. In the UK this is six years for contractual claims. We have policies and procedures in place to make sure that we safely delete information no longer needed for any of these purposes.

How you can access your information

For a copy of any information collected about you through the above, please email: UCLH.IGqueries@nhs.net.

If you are an employee of UCLH please our human resources department directly.

Passing your information to others

We treat your personal information as private and confidential. In some instances, we may disclose it outside UCLH for the purposes set out above (including sharing information with partners who help us provide healthcare). This may include sharing it with third parties. They’ll act solely on our instructions or behalf and will only use your information for the purposes set out above.

We’ll disclose information to others to where:

  • It’s needed by other parties connected with your patient record
  • We need to share information with other healthcare bodies who have an interest in your care.

We’ll also disclose information where strictly necessary to comply with our legal obligations, including where:

  • NHS or other authorities require it
  • the law, a regulatory body or the public interest requires it
  • it’s required as part of our duty to protect your patient record
  • it’s required by us or others to detect, investigate or prevent crime or fraud.

Information can also be made available where you consent or ask us to. If you give your consent, you can withdraw it at any time and we’ll stop disclosing the information in that way.

Transferring your information outside of the UK

The UK and other EEA countries provide a high standard of data protection and privacy. However, we may, for the healthcare reasons already stated, use your patient data outside the UK and EEA that do not have a similar standard of data protection laws. If so, we’ll require your personal information to be protected to at least UK standards. So we only transfer personal information to:

  • countries that have been confirmed as protecting personal information to UK and EU standards
  • organisations in the USA certified as providing an adequate level of protection.

In other instances, we’ll put contractual commitments in place which make sure personal information is protected to UK and EU standards.

If you want to learn more about the specific countries to which we transfer personal data, or need a copy of the safeguards we have in place for countries, contact the Information Governance .

Information Governance Team
ICT Directorate
2nd floor A, Maple House
149 Tottenham Court Road
London
W1T 7NF

Cookies

We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://ico.org.uk/for_the_public/topic_specific_guides/online/cookies  for detailed guidance.

The list below describes the types of cookies we use on this site. Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)

Google Analytics

We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

You can find out more about Google’s position on privacy as regards its analytics service at http://www.google.com/policies/privacy/ 

Third Party Cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Facebook, Instagram and YouTube. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

Third party content and linking to other websites

This website contains links to other NHS and non-NHS websites. This privacy policy applies to UCLH only.

Following a link to another website

When you go to another website, please read the privacy policy on that website if you want to know what it does with your information. UCLH does not pass on any of your personal information to other organisations without your consent.

When you come to the UCLH site from another website, we may get personal information about you from the other website. You should read the privacy policy of websites you visit that link you to UCLH if you want to know about this.

These policies will explain how they collect and use your personal information, and whether they pass this on to websites they link you to.

Third party website content

We may embed external content from third party websites such as YouTube and include cookies. This content is not published on our website. It is delivered using tools and services from third party sites that can be inserted into our site such as media players, RSS feeds and widgets. These websites may use cookies. Their content is subject to the privacy policy of the relevant third party provider and not ours.

Finding out what information we have about you

You may want to look at your patient health folder. You have the right to make a subject access request for information that we hold about you.

To make a subject access request (SAR), you should:

  • Make the request in writing.
  • Provide enough personal information to identify you. When you send us your written SAR, you will need to include copies of at least two official documents, which show your name, date of birth and current address. These could be a driving licence, a birth or adoption certificate, passport or a recent utility bill.

Send your completed SAR request and copies of relevant official documents to:

The Trust Archivist and Records Manager
ICT Directorate
2nd floor A, Maple House
149 Tottenham Court Road
London
W1T 7NF

Your rights

You have certain rights over your personal information. These include the right to access a copy of your personal information or have some elements of it transmitted to you or another health provider in a common electronic format. In certain circumstances you can have your personal information corrected or erased, or you can restrict our use of it. You also have the right to object to the way we use your personal information as described above.

We generally won’t charge you to exercise these rights. You have the following rights:

Access

You have a right to ask UCLH if we have your personal information. If we do, you have a right to know:

  • why we have it
  • what type of information we possess
  • whether we have or will send it to others, especially outside the European Economic Area
  • how long we will keep it
  • where we got it from
  • details of any automated decision-making.

If you want, you can ask for a copy of your information.

Rectification

Where any of your information is incorrect, you have a right to tell us to correct it promptly. Please tell us as quickly as possible if you change your address or other contact details. If your information is incomplete, you can ask us to correct this too.

In certain circumstances, you’ll have the following extra rights:

Right to object

Depending on the legal basis on which we are using your information, you may be entitled to object. For example, where we’re using your information connected with marketing, we will stop if you object. However, if we’re using your information to meet certain legal obligations, we may continue to do so even if you object.

Erasure (right to be forgotten)

You may have a right to have some or all of the information we hold about you deleted. However you should be aware that, as a NHS trust, we are required to retain many records even after you close your

Portability

In certain circumstances you are may be entitled to receive some of your information from us electronically. We can either pass the information to you, or to another person or organisation if you want.

Restriction

You might also be entitled to ask us to restrict our use of your information — for example, if you think the information we hold on you is incorrect.

Withdrawing consent

If you consent to us using your information, you have the right to withdraw that consent at any time.

You can do this by contacting the Data Rights Team:

The Trust Archivist and Records Manager
ICT Directorate
2nd floor A, Maple House
149 Tottenham Court Road
London
W1T 7NF

We aim to work with you on any request, complaint or question you have about your personal information. However, if you believe we have not adequately resolved a matter, you have the right, at any time, to complain to the Information Commissioner’s Officer

As an independent UK authority, the ICO upholds information rights in the public interest, promotes openness by public bodies and data privacy for individuals. You can visit their website at https://ico.org.uk or ask for details from our Data Rights Team.