Information governance and data protection

Your information

Your personal health data and how we manage it is as important to us as it is to you. The way we collect, store, use and share data about you is constantly evolving in line with technology, and the laws that govern the use of your personal data have also evolved to accommodate these changes.

At Mid and South Essex NHS Foundation Trust, we take great care to ensure your data is managed in line with current Data Protection laws.

How your information is protected.

Data Protection laws are in place to make sure that all organisations operate in a way that protects any personal data they hold, and know how to what to do if something goes wrong. The Trust has a robust suite of policies and processes in place to ensure that your information is managed safely and lawfully.

How you have more control over what happens to your information.

You have a right to privacy and a right to expect your data to be protected. Current Data Protection law gives you easier access to the personal data we hold about you. It is designed to give you confidence that this information is accurate, up to date and well managed.

You are entitled to request copies of any personal data we hold about you, and also to request for changes to be made.

If you have any questions, or require any further information about how we manage your data, please contact mse.informationgovernance@nhs.net

Your rights under the General Data Protection Regulation (GDPR)

The right to be informed

You have the right to be informed about the collection and use of your personal data
We must provide you with information including: our purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with. This is called ‘privacy information’

The right to request access

You have the right to obtain:

confirmation that your data is being processed
access to your personal data
evidence that we treat your data within the rules of the law.

The right to request rectification

You have the right to ask that for any information you believe is inaccurate to be corrected or completed if it is incomplete.

The right to request erasure

You have the right to ask that we delete any information we hold about you.

The right to restrict processing

This means that you can limit the way we share your information.
This means that we can hold your information but we cannot use it or share it with external organisations.

The right to data portability

This allows you to ask for and reuse your personal information for your own purposes for different services
It also allows you to move, copy or transfer personal information easily from one IT environment to another in a safe and secure way, without any effect on your ability to use it.

The right to object

to us using your information for reasons other than to provide you with care
to your information being used for direct marketing (including profiling)
to your information being used for purposes of scientific or historical research and statistics

Data Subject Access Request and Right of Access

Under current Data Protection Law, you have the right to ask an organisation whether or not they are using or storing your personal information. You can also ask them for copies of your personal information, verbally or in writing.

This is called the Right of Access and is commonly known as making a Data Subject Access Request or ‘DSAR’.

Under current Data Protection Law, organisations have one calendar month to provide you with the information you have requested subject to exemptions as outlined on the ICO exemptions information page https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/

A copy of the information requested as a DSAR must be provided free of charge. However, in line with current Data Protection Law, when a request is deemed ‘manifestly unfounded or excessive’, particularly if it is repetitive, a ‘reasonable fee’ can be charged.

To request a copy of your health records, please visit our Access to Health Records page .

To request access to any other type of information the Trust holds about you, please access the following link https://mseig.ams-sar.com to complete and submit the form.

National Fraud Initiative (NFI) Privacy Notice

We are required by law to protect the public funds we administer. We may share information provided with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to determine the extent of the match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office's National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud – see guidance https://www.gov.uk/guidance/taking-part-in-national-fraud-initiative. We want you to know that we take privacy very seriously. Please be assured that we will always manage your data securely and responsibly. See private notice guidance which sets out how we will use your personal data as part of the Cabinet Office’s National Fraud Initiative (NFI) data matching exercise to aid in the prevention and detection of fraud Privacy notice - GOV.UK (www.gov.uk).

The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under data protection legislation or the General Data Protection Regulation (GDPR). For further information on how we will use your personal data, and your rights, see National Fraud Initiative privacy notice - GOV.UK (www.gov.uk). For further information on the reasons why it matches particular information, see Code of Data Matching Practice for the National Fraud Initiative - GOV.UK (www.gov.uk)

For further information on data matching at Mid and South Essex NHS Foundation Trust please contact Mark Kidd, Local Counter Fraud Specialist, by emailing mark.kidd@nhs.net. Further information on how the NFI has assisted the NHS and other public sector organisations can also be found at National Fraud Initiative case studies - GOV.UK (www.gov.uk)