Privacy Notice
Countess of Chester Hospital NHS Foundation Trust Privacy Notice for Patients
This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.
Data Controller:
Countess of Chester Hospital NHS Foundation Trust
Liverpool Road
Chester
CH2 1UL
01244 365 000
ICO Registration: Z6903413
We are the controller for your information. A controller decides on why and how information is used and shared.
Data Protection Officer:
Our Data Protection Officer is Claire Raggett and is responsible for monitoring our compliance with the data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at Coch.dpo@nhs.net
Our leaflets are available in large print, Braille, and in other languages on request via the Data Protection team coch.dpo@nhs.net
What happens to my information?
The Countess of Chester Hospital NHS Foundation Trust (CoCH) is committed to handling your information securely and in line with data protection legislation, the common law duty of confidentiality, and the Caldicott Principles which apply to the use of confidential information within health and social care organisations.
We use personal and confidential information for a number of purposes as detailed below. To ensure that we process your personal data fairly and lawfully we are required to inform you:
- Why we need your data;
- How it will be used: and,
- Who it will be shared with.
We will also explain what rights you have and how you can control how we use your information.
We recognise the importance of protecting personal and confidential information in all that we do and takes care to meet its legal duties.
FAQ's
- What kind of information does the NHS collect about me?
- Why do they collect information about me?
- Who sees my information?
- How are my medical records kept secure?
- What are my rights as a data subject?
- How do i access my information?
- Can i have access to records about other people?
- Will I see all of the information in my records?
- What if the information in my records is incorrect?
- What if i'm not happy?
What kind of information does the NHS collect about me?
The Countess of Chester Hospital collects and requires information to be able to provide our patients with an informed service to help deliver healthcare services, including (but not limited to):
- Details held in the patient’s record;
- Patient images, for example photographs, x-rays, scans;
- Personal details such as names, address and telephone numbers;
- Family details, for example next of kin details;
- Employment details;
- Financial details, where we provide or receive payment for services;
- Visual images, personal appearance and behaviour, for example CCTV images used as part of the building security and body worn cameras;
- Responses to surveys, where individuals have responded to surveys about healthcare issues.
- Call recordings
As part of the data protection legislation there are certain categories of data, classed as sensitive, which we may process where necessary, including (but not limited to):
- Physical or mental health;
- Racial and ethnic origin;
- Religious or philosophical beliefs;
- Sexual orientation and activity;
- Offences (including alleged offences), criminal proceedings, outcomes and sentences;
Why do they collect information about me?
To help you
Your doctor or other health professionals caring for you keep records about your health and any treatment or care you receive during your visit to the Countess of Chester Hospital. This information is either written down or held on a computer. These records are then used to guide and manage the care you receive. This is to make sure that:
- any health professional involved in your care has accurate and up-to-date information to assess your health and decide what care you need;
- there is a good basis for assessing the type and quality of care you have received. This will lead to better care both for you and for other patients in the future;
- if you need to complain about the care you receive, your concerns or complaints can be properly investigated.
We are legally obliged to keep such records.
You may receive care from organisations that are not part of the Countess of Chester Hospital Trust, such as other NHS providers, social services, or private and voluntary healthcare providers. If so, there may be a need to share some information about you so that everyone involved in your care can work together for your benefit. We may also receive information about you from other health and care organisations involved in your care so that we can provide you with care.
To help the NHS
Information is also used to help support the future development of the NHS, ensuring the services provided to our patients and staff is always improving. Some areas where we may process data include:
- analysis of statistical data to review NHS performance and key performance indicators;
- to aid the completion of audits across our NHS services;
- to review and monitor how we spend public money;
- to help plan and develop strategic direction for the future delivery of our NHS service;
- to review and monitor service delivery;
- to teach and train healthcare professionals;
- to conduct health research and development.
You can opt-out of your data being used for research and planning purposes (see National Data Opt-out Pr below).
What is our lawful basis for using information?
Under the UK General Data Protection Regulation (UK GDPR), the main lawful basis we rely on for using personal information to provide care is:
Article 6(1)(c) We have a legal obligation - the law requires us to do this, for example our regulatory obligation to keep records of care and treatment provided to patients.
Article 6(1)(e) We need it to perform a public task - for example, in our case, as an NHS foundation trust, we are a public body with the principal purpose of providing goods and services for the purpose of the NHS England.
In some circumstances, we may rely on your consent (Article 6(1)(a)) and a contract with you (Article 6(1)(b)), as well or instead of the above, for example in relation to your use of our website.
More sensitive data
Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):
Article 9(2)(f) We need for a legal claim or the courts require it.
Article 9(2)(g) There is a substantial public interest (with a basis in law, for example performing our public tasks.
Article 9(2)(h) To provide and manage health care (with a basis in law
Article 9(2)(j) For Archiving, research and statistics (with a basis in law).
Common law duty of confidentiality
In our use of health and care information, we satisfy the common law duty of confidentiality because:
· you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
· we have support from the Secretary of State for Health and Social Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
· we have a legal requirement to collect, share and use the data
· for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service
The information you provide will be recorded in paper file or on a computer. Access to these records is strictly controlled and fully auditable.
We are required by law to report certain information to the appropriate authorities. This is only provided after permission has been given by a qualified health professional. Occasions when we must pass on information include:
- A notification of new birth;
- Where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles;
- Where a formal court order has been issued;
- Solicitors or Insurers might ask for records or a medical report, with your consent;
- Where a coroner, regulator or public inquiry requires the information and has powers to require its production.
You may be receiving care from other people as well:
- Other NHS or private health care providers
- Social Services
- Education Services
- Local Authorities
We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it.
Areas where we may share your data
As a health care provider, the Countess of Chester Hospital are required to use and share your information to facilitate the provision of your care and in your best interests. We may share with other care providers if it is deemed necessary for direct care purposes only. We may also share information with external parties for other matters, if the public good outweighs your right to confidentiality, for example, service specific reviews, for crime and taxation purposes, where there are serious risks to the public or staff or to protect children or vulnerable adults.
The following are specific examples where we may share your data:
Cheshire Care Record – providing clinicians with a overview of your health and social care information in one digital record. Further information can be found here: https://www.cheshirecarerecord.co.uk/
External Systems and third party providers – there are areas of work where we use externally provided systems (such as our clinical system) to manage your information for service delivery, monitoring and improvement. We ensure that appropriate controls are in place to mitigate risk and ensure compliance with our requirements.
National Data Opt-Out Programme
The Trust is one of many organisations working in the health and care system to improve care for patients and the public. The information collected about you when you are using NHS services can be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatments and preventing illness.
All of these help to provide better health care for you, your family and future generations. Confidential personal information about your health and care is only used in this way when allowed by law and would never be used for insurance or marketing purposes without your explicit consent.
You have a choice about whether you want your confidential patient information to be used in this way. You can find out more about the wider use of confidential personal information and to register your choice to opt out by visiting www.nhs.uk/your-nhs-data-matters
External Systems and third party providers
There are areas of work where we use externally provided systems (such as our clinical system) to manage your information for service delivery, monitoring and improvement. We ensure that appropriate controls are in place to mitigate risk and ensure compliance with our requirements.
Artificial Intelligence
Sometimes we use carefully checked NHS AI tools to help review or support with your health information, but this will only happen where there is a legal basis to do soand always with strong privacy protections and clinical oversight to keep your care and data safe.
Texts
Please note that if you provide us with your mobile number then we may use this to send you a reminder about your appointment, test results and to ask you for feedback. Please let us know if you do not wish to receive these on your mobile.
Marketing
Your information is never collected or sold for direct marketing purposes.
Your data is not processed oversees unless strict safeguards are in place in accordance with UK GDPR.
Patient Portal
We are utilising a patient portal to expedite your communications with the Trust. Through this portal, we can now send all your appointment details directly to your mobile phone or email address, reducing postage and printing costs for the Trust. For more information, please visit www.drdoctor.co.uk/for-patients.
If you prefer not to use this service, please inform us by calling the Trust at 01244 366663 or speak to the receptionist at your next appointment, and we will continue to send your information by post. If you view or manage your hospital appointments via the NHS App, the Countess of Chester shares your data with NHS England who operate the NHS App and provide this functionality, known as NHS Wayfinder services. For more information, see the NHS Wayfinder services privacy policy.
How are my medical records kept secure?
Everyone working for the NHS has a legal duty to keep information about you confidential and secure under Data Protection Legislation, Caldicott Principles and Confidentiality Code of Conduct. We use the minimum necessary information about you to be able to provide you with the care and services required. Anyone who receives information from us, as part of a sharing initiative or continuity of care, is also bound by the same legal duties as our staff and have the same confidentiality clauses within their contracts. Breaking those rules can result in investigations, disciplinary action and even dismissal from employment.
Your information is held in the UK. Your data is not processed oversees unless strict safeguards are in place in accordance with UK GDPR.
How do we store your personal information?
Your information is securely stored for the time periods specified in the Records Management Code of Practice for Health and Social Care 2021.
What are my rights as a data subject?
Data protection law gives you certain rights in respect of the personal data that we hold about you including the right:
- To be informed why, where and how we use your data
- To ask for data to be updated if inaccurate or incomplete
- To ask us to restrict the processing of your personal information in certain circumstances
- To ask us to erase your personal information in certain circumstances
- To ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
- To object to how your data is processed in certain circumstances; and
- The right to access the information we hold about you
Click here for Further Information
How do I exercise my rights?
You can download this form via the following link; Accessing your personal information | Countess of Chester Hospital and send it to:
Legal Services
Countess of Chester Hospital NHS Foundation Trust
Liverpool Road
Chester
CH2 1UL
Email: cochlegalservices@nhs.net
Tel: 01244 365 000 asking for Legal Services
Can I have access to records about other people?
You can only have access to records relating to other people if there is a lawful basis for this, for example:
- They have provided written authorisation, and have an appropriate authority in place such as an appropriate and valid Lasting Power of Attorney;
- You have parental responsibility for the patient;
- You have been appointed by a Court and this is authorised in writing;
- You are a representative of a deceased patient.
Will I see all of the information in my records?
A healthcare professional is required to examine your records before they are released to you and if they believe that certain information in the health record might cause serious harm to your physical or mental health or to that of another person they may withhold that piece of information. Third party data may also be removed.
What if the information in my records is incorrect?
If after you have seen your medical records, you think something is incorrect, you should discuss it with the person in charge of your care. If the incorrect information is non-clinical, such as a wrongly recorded name or address, this will be corrected.
If the information you think is incorrect is a health professional’s opinion, the information will not usually be amended but a comment may be added alongside the information to say that you disagree.
Usually, clinical information can’t be removed from your records unless a court orders it. This is because clinical staff need your full record to fully understand earlier decisions that were made about your care and treatment.
To make a request to amend / rectify your records please send details to: coch.amendrecordrequests@nhs.net
The Team will endeavour to respond at their earliest convenience.
What if I’m not happy with my care?
In the first instance, you should contact the Patient Advice and Liaison Service (PALS). You can phone the PALS manager, on 01244 366066 or email cochpals@nhs.net.
How do I complain?
If you have any concerns about our use of your personal information, you can make a complaint to us at coch.dpo@nhs.net
Following this, if you are still unhappy with how we have used your data, you can then complain to the Information Comission.
The Information Commission’s address is:
Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
IC website: https://www.ico.org.uk
Date of last review
May 2026, next review is scheduled May 2029