Privacy Notice

What information we hold about you

We hold basic demographic details about you plus notes, reports and results of your treatment and care. Please let us know of any changes when you contact or visit the hospital.

We wills send text reminders about your appointments, if you do not wish to receive text messages, please let us know.

How we use your information

We use your information to provide you with health care so that:

  • Clinical staff have accurate and up-to-date information to be able to treat you.
  • Administrative staff supporting your care can sort out your appointments, deal with queries and send letters.
  • Information is available if you see another clinician or are referred to another part of the NHS or social care.

We also use information we hold about you to:

  • Review the care we give you to make sure it is of the highest standard and quality and meets patients’ needs in the future.
  • Help train and educate health care professionals.
  • Do patient satisfaction surveys about the services and care you had so we can improve the way we deliver healthcare to you and other patients, for example, the Friends and Family Test.
  • Tell you about resources or help to support your care.
  • Investigate patient queries, complaints and legal claims.
  • Ensure the hospital receives payment for the care you receive.
  • Assess our performance.
  • Audit NHS accounts and services.
  • Review your suitability for research studies or clinical trials.
  • Contact you about Trust membership.
  • Carry out important heath research - with your consent.

We are allowed to use and process your information under the UK Data Protection Act 2018, Article 6(1) for your personal data such as contact details and Article 9(a)(h) for your sensitive health information. Under the common law duty of confidentiality, we must keep your personal information confidential and obtain your consent to use and share it although that can be implied.  For example, when your GP sends us a referral it is implied that we can use and store that information.

How we keep your records confidential

All our staff must protect your information, tell you how it will be used and allow you to decide if and how your information can be shared. We keep your paper and computerised records safe and secure, and restrict access. If someone other than you (e.g. relative or friend) contacts us to find out about your care or treatment we will not be able to talk to them unless we have your permission.

Who we share information with

We will share your information with health and social care professionals directly involved in your care. For example, every time you attend the hospital as a patient, we will send your GP a summary of any diagnoses, test results or treatment given.

We are part of the West Midland shared care record which means we can share your health care information with health and social care staff in other locations providing your health care. Access is strictly controlled to only those directly involved in your care. You have the right to object and opt out but please talk to your clinician first who will explain how this may affect you. Please be aware that if you make this choice we may not be able to give you the best care.  However, we will respect your choice unless there are legal reasons why we can’t. For more information go to: https://www.livehealthylivehappy.org.uk/birmingham-and-solihull-shared-care-record/

We may also share information about you with the following to support the delivery of your care:

  • Department of Health and other NHS bodies
  • Other providers involved in your care, such as hospitals
  • GPs
  • Ambulance service
  • Mental health services
  • Social services

We may also share your information, with your consent and subject to strict sharing protocols about how it will be used, with:

  • Education services
  • Local authorities
  • Voluntary sector providers
  • Private sector e.g. care homes

We may also share your information with others that need to use records about you to carry out the following:

  • Check the quality of treatment or advice we have given you.
  • Protect the health of the general public e.g. national registries.
  • Manage the health service.
  • Help investigate any concerns or complaints you or your family have about your health care.
  • Confirm entitlement to NHS care, i.e. overseas visitors.

There is a National Data Opt-Out programme where you can choose to opt out of data being used for research and planning. If you are happy with this use of information you do not need to do anything.   If you do want to opt-out you can record your objection with the National Data Opt-Out scheme – although there are many exemptions. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

Your rights

Right to rectification: If you believe your information is wrong you can ask for it to be reviewed. If your clinician is concerned a change could cause you or our staff harm, we will not be able to change it. Nor can we delete health records but we will document your objection in your records. 

Right to object: If we asked you for consent to use your data, e.g. for research, you can ask us to stop at any time. You can ask us not to share your health record even with other clinicians involved in your care, e.g. your GP. Where possible, we will respect your wishes unless we feel that this would cause you harm. 

Right to Access: You can ask to access or have copies of the information we hold about you. This is called a subject access request. There is no charge and we must respond to you within one month. You must provide evidence of your identity when you make a request. See contact details below.

How long we retain your records

We keep your records according to the national Records Management Code of Practice 2021 and records are destroyed confidentially once their retention period has been met. 

Further information

The hospital is the Data Controller responsible for keeping your information confidential and is registered with the Information Commissioner - Ref. No. Z8937486

Key roles in the Trust are:

  • Data Protection Officer - Associate Director of Governance/Company Secretary: Ensuring compliance with data protection legislation.
  • Caldicott Guardian – Medical Director: Responsible for protecting patient confidentiality and ensuring we share patients’ information securely and legally.
  • Senior Information Risk Owner (SIRO) – Executive Director of Finance and Performance: Accountable for the management of all our information systems and the data they hold.
  • Information Governance Manager: Day-to-day role to ensure security and confidentiality of patient information.

If you have any questions or concerns regarding how your data is being processed, please contact the Data Protection Officer or Information Governance Manager at This email address is being protected from spambots. You need JavaScript enabled to view it. / 0121 685 4000.

Useful contacts 

  • Subject Access RequestsL This email address is being protected from spambots. You need JavaScript enabled to view it.
  • PALS: This email address is being protected from spambots. You need JavaScript enabled to view it.

If you are unsatisfied with the way the Trust has handled or shared your personal information you have the right to complain to the Information Commissioners Office:  www.ico.org.uk / 0303 123 1113

© Royal Orthopaedic Hospital. All rights reserved.