We place great importance in dealing with your personal data in the strictest of confidence.
This applies to manual and computer records and conversations about patients' treatment. Everyone working for the National Health Service (NHS) is under a legal duty to keep patients' information, held in whatever form, confidential.
Patient information includes medical records and 'non-health' information e.g. a patient's name, address, date of birth, details of financial or domestic circumstances provided by the patient and added to by NHS staff, a relative or other person.
What is personal information?
Personal information is any material held within the hospital concerning you, the patient.
Personal information within any medical organisation is stored in a number of different formats to become your own, unique medical health record. This record will ensure you are correctly identified and receive the appropriate care and treatment for your individual needs.
This information can be stored in several formats including: paper, imaged, electronic and microfiche.
Patient information can also be classed as non-health information including your name, address and any other personal details you may have provided.
Medical health records are located throughout Cambridge University Hospitals in secure storage areas and libraries, and electronically on secure databases. Please see NHS Care Records Service (opens in a new tab) for more information on the future of NHS medical records storage.
Data Protection Act (DPA)
Our Trust complies with the Data Protection Act 2018 (opens in a new tab), which means you have the right to find out what information our hospitals store about you.
Our Trust undertakes Data Protection Privacy Impact Assessments (DPIA) when appropriate for new projects and services. Information on completed DPIA is available from the Trust Data Protection Officer.
How we use your information
Read our Patient Privacy Notice for more information about how we use your data.
Access your health records
Under the General Data Protection Regulation 2018, you, or an authorised representative, are entitled to access your health records.
If you wish to gain access to any other type of recorded information held within the Trust please see the Freedom of Information pages.
How can I see my records?
To ask to see your own health records, please complete our Subject Access Request form.
If you are unable to print off this form, paper copies are available from the Patient Advice and Liaison Service (PALS).
Your request should be sent to:
Access to Health Records Department
Cambridge University Hospitals NHS Foundation Trust
Please state who you are and how you can be contacted.
You may wish to obtain all, or parts of your health record, so please do specify any particular treatment dates you wish to view.
Who else can see my records?
- Anyone who has parental responsibility for a child under the age of 16
- Anyone appointed by the courts authorised in writing
- A representative of a deceased patient authorised in writing
What happens next?
- The Access to Health Records Officer will either deal with the access request directly, or request further details from you, the patient, to ensure that they are dealing with the correct person.
- The Officer will comply with the request within one month of receipt of the request.
Everyone working for the NHS has a legal duty to keep information held about you confidential and secure.
Information concerning you or your condition can often be of a sensitive nature which you may not wish to be known by others. Staff dealing with information are under obligation by law to make sure it is protected at all times.
The duty of our staff
Giving our patients the best care possible can sometimes mean sharing personal information with other sources, for example, other Trust departments or GP practises directly concerned with your treatment. Whenever information is shared, our staff adhere to strict codes of confidentiality. Staff sign a confidentiality agreement on commencing work within the Trust and receive the appropriate training.
The guidelines used to ensure all staff deal with patient information in the strictest confidential manner are known as the Caldicott Principles (opens in a new tab).
The Caldicott guardian for Cambridge University Hospitals can be contacted at: Cambridge University Hospitals NHS Foundation Trust, Box 153, Addenbrooke's Hospital, Hills Road, Cambridge, CB2 0QQ.
Sharing data is often vital for the progress and quality of your care. At Cambridge University Hospitals we have in place a number of policies and procedures to ensure the collection, storage and use of your personal information is secure.
How is the security of personal information enforced?
There are a number of legislations in place to govern the security of information within Cambridge University Hospitals. As security risks are forever evolving with new technological advances, these policies and procedures are constantly reviewed and updated. The NHS Confidentiality Code of Practice, the Data Protection Act and Computer Misuse Act all cover Information Security, and are what all NHS organisations must comply with. In addition to these, the NHS has also adopted the British Standards Code of Practice for Information Security Management.
We have clear guidelines for computer use which help protect unauthorised access to, and the integrity of, data contained on the hospitals computers. In brief: computers are used only for Trust business, are password protected, virus checked, and measures are taken to prevent access via email or the internet. Removable media devices, including laptops and memory sticks, are encrypted.
Speak to the team
We have our own Information Governance team who ensure the information governance framework is adhered to throughout our organisation.
If you would like more information, please contact the Information Governance team:
Cambridge University Hospitals NHS Foundation Trust