We hold basic demographic details about you plus notes, reports and results of your treatment and care. Please let us know of any changes when you contact or visit the hospital.
We wills send text reminders about your appointments, if you do not wish to receive text messages, please let us know.
We use your information to provide you with health care so that:
We also use information we hold about you to:
We are allowed to use and process your information under the UK Data Protection Act 2018, Article 6(1) for your personal data such as contact details and Article 9(a)(h) for your sensitive health information. Under the common law duty of confidentiality, we must keep your personal information confidential and obtain your consent to use and share it although that can be implied. For example, when your GP sends us a referral it is implied that we can use and store that information.
All our staff must protect your information, tell you how it will be used and allow you to decide if and how your information can be shared. We keep your paper and computerised records safe and secure, and restrict access. If someone other than you (e.g. relative or friend) contacts us to find out about your care or treatment we will not be able to talk to them unless we have your permission.
We will share your information with health and social care professionals directly involved in your care. For example, every time you attend the hospital as a patient, we will send your GP a summary of any diagnoses, test results or treatment given.
We are part of the West Midland shared care record which means we can share your health care information with health and social care staff in other locations providing your health care. Access is strictly controlled to only those directly involved in your care. You have the right to object and opt out but please talk to your clinician first who will explain how this may affect you. Please be aware that if you make this choice we may not be able to give you the best care. However, we will respect your choice unless there are legal reasons why we can’t. For more information go to: https://www.livehealthylivehappy.org.uk/birmingham-and-solihull-shared-care-record/
We may also share information about you with the following to support the delivery of your care:
We may also share your information, with your consent and subject to strict sharing protocols about how it will be used, with:
We may also share your information with others that need to use records about you to carry out the following:
There is a National Data Opt-Out programme where you can choose to opt out of data being used for research and planning. If you are happy with this use of information you do not need to do anything. If you do want to opt-out you can record your objection with the National Data Opt-Out scheme – although there are many exemptions. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.
Right to rectification: If you believe your information is wrong you can ask for it to be reviewed. If your clinician is concerned a change could cause you or our staff harm, we will not be able to change it. Nor can we delete health records but we will document your objection in your records.
Right to object: If we asked you for consent to use your data, e.g. for research, you can ask us to stop at any time. You can ask us not to share your health record even with other clinicians involved in your care, e.g. your GP. Where possible, we will respect your wishes unless we feel that this would cause you harm.
Right to Access: You can ask to access or have copies of the information we hold about you. This is called a subject access request. There is no charge and we must respond to you within one month. You must provide evidence of your identity when you make a request. See contact details below.
We keep your records according to the national Records Management Code of Practice 2021 and records are destroyed confidentially once their retention period has been met.
Further information
The hospital is the Data Controller responsible for keeping your information confidential and is registered with the Information Commissioner - Ref. No. Z8937486
Key roles in the Trust are:
If you have any questions or concerns regarding how your data is being processed, please contact the Data Protection Officer or Information Governance Manager at
If you are unsatisfied with the way the Trust has handled or shared your personal information you have the right to complain to the Information Commissioners Office: www.ico.org.uk / 0303 123 1113
© Royal Orthopaedic Hospital. All rights reserved.