Privacy Notice

Tameside and Glossop Integrated Care NHS Foundation Trust serves a community of 250,000 people across Tameside and Glossop. We provide a range of high quality services both within the hospital and across our local community for both adults and children.

Data Controller

Tameside and Glossop Integrated Care NHS Foundation Trust is named as the controller of the personal information.
We are registered with the Information Commissioner with the registration number Z2236125

The Trust’s Data Protection Officer

The Data Protection Officer’s role is to ensure that the personal data used within the organisation is used responsibly, safely, and within the data protection laws.
Dan Greenwood
Data Protection Officer
Tameside and Glossop Integrated Care NHS Foundation Trust
0161 922 5599

DPO@tgh.nhs.uk 

dan.greenwood@tgh.nhs.uk

Personal data is information that relates to a living individual who can be identified from that data.

These may include

• Demographical information such as names, address, date of birth, telephone numbers, and next of kin.
• Appointments, here at the hospital, in the community, or home visits.
• Details and records of treatment and care, including medical notes, letters between different care providers, letters to your GP, letters to the patient, and reports on the patient's health
• Results from x-rays and blood tests etc.
• Information from people who care for you and know you well, such as health professionals and relatives.

We may also have information that is personal sensitive, such as sexuality, race, your religion or beliefs, and whether you have a disabilities, allergies, or health conditions.

This information is collected in a number of different ways, via your healthcare professional, referral information provided by for GP, or directly given by you. 

We also collect surveillance images/video for the prevention and detection of crime.

• To help inform decisions that we make about your care.
• To ensure that your treatment is safe and effective.
• To work effectively with other organisations who may be involved in your care.
• To support the health of the general public.
• To ensure our services can meet future needs.
• To review care provided to ensure it is of the highest standard possible.
• To train healthcare professionals.
• For research and audit.
• To prepare statistics on NHS performance.
• To monitor how we spend public money.

Additionally we use the information to

• Improve individual care.
• Understand more about disease risks and causes.
• Improve diagnosis.
• Develop new treatments and prevent disease.
• Plan services.
• Improve patient safety.
• Evaluate Government, NHS and Social Care policy

NHS England's NHS login (for Tameside's Patient Portal)

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately."

It helps you because: 

• Accurate and up-to-date information assists us in providing you with the best possible care.
• If you see another healthcare professional, specialist or another part of the NHS, they may readily access the information they need to provide you with the best possible care.

Where possible, when using information to inform future services and provision, non-identifiable information will be used.

Direct Care Purposes

Unless you object, we will normally share information about you with other health and social care professionals directly involved in your care so that you may receive the best quality care. For example every time you attend the hospital as a patient, we will send your GP a summary of any diagnoses, test results or treatment given. 

You may be receiving care from other people as well as the NHS, for example social care services. We may need to share some information about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it or we have your permission.

When we share your information it is subject to strict agreements on how it is protected and used, the organisations that we may share information with are:

• Social care services
• Education services
• Local authorities
• Voluntary and private sector providers working with and for the NHS

We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as when either your or somebody else’s health and safety is at risk; or the law requires us to pass on information.

We use the following lawful basis for direct care when processing your information:

• Common Law Duty of Confidence
• Health & Social Care Act, section 251 [b]
• General Data Protection Regulation, article 6 [1] [e]
• General Data Protection Regulation, article 9 [2] [h]

Indirect Care Purposes

We also use information we hold about you to:

• Review the care we provide to ensure it is of the highest standard and quality
• Ensure our services can meet patient needs in the future
• Investigate patient queries, complaints and legal claims
• Ensure the Trust receives payment for the care you receive
• Prepare statistics on NHS performance
• Audit NHS accounts and services
• Undertake heath research and development (with your consent – you may choose whether or not to be involved)
• Help train and educate healthcare professionals

Nationally there are strict controls on how your information is used for these purposes. These control whether your information has to be de-identified first and with whom we may share identifiable information. You can find out more about these purposes, which are also known as secondary uses, on the NHS England and NHS Digital websites:

https://www.england.nhs.uk

https://digital.nhs.uk/services

We use the following lawful basis for indirect care when processing your information:

For Research, Health & Social Care Providers, Commercial Research Partners, Arms' Length Bodies, Universities

• Common Law Duty of Confidence
• Health & Social Care Act, section 251 [b]
• General Data Protection Regulation, article 6 [1] [f]
• General Data Protection Regulation, article 9 [2] [j]

Clinical Commissioning Group/commissioning and planning purposes 

• Common Law Duty of Confidence
• Control of Patient Information Regulations 2002
• General Data Protection Regulation, article 6 [1] [c]
• General Data Protection Regulation, article 9 [2] [h]

Patient satisfaction 

We may use your details to contact you with patient satisfaction surveys relating to the services you have used. This is to improve the quality of healthcare we deliver to you.

Staff information

We process information on staff members in order to fulfil a contract of employment, the information is
protected the same as patient information.

The lawful basis for processing the information related to staff is:

• General Data Protection Regulation, article 6 [1] [e]
• General Data Protection Regulation, article 9 [2] [b]
• Data Protection Act 2018, article 10
• Safeguarding Vulnerable Groups Act 2006 (DBS)

Transferring information

We only transfer information with companies whose purposes for processing match ours. It is rare that personal information is processed outside of the NHS.

It is important that we keep your information safe, secure, and available only to those who are involved in your care. To do this we restrict access using technology.

Everyone working for the organisation is subject to the Common Law Duty of Confidentiality and the General Data Protection Regulation (2016). Information provided in confidence will only be used for your treatment unless there are other circumstances when we will ask for your consent.

Under the NHS Confidentiality Code of Conduct, all staff are required to protect your information. All staff are required to undertake annual training in data protection, information governance, and confidentiality.  In addition to this staff that access and process information on your health do so using a number of security measures including chip and PIN access to computerised medical information. Paper records are held in a secure room protected with door access controls.

We store your records and use the NHS Retention Schedule to determine how long we keep these records. The length of time is determined on the type and format of the record.
 
The retention schedule is accessible at the following address https://www.nhsbsa.nhs.uk

The Data Protection Act (1998) has been replaced by new data protection laws called the General Data Protection Regulation (GDPR) 2016 and Data Protection Act 2018. 
These laws are very similar to the old Data Protection Act (1998), with additional rights for the data subject.
These rights are:
 
Right of access by the data subject (GDPR Art 15), often called a Subject Access Request – SAR).
You have the right to receive the personal data concerning them in a commonly used electronic format for no charge. We are required to complete this request within calendar month. Additional copies of notes may incur a fee.
 
The right to rectification (GDPR Art 16), people have the right for their personal information to be changed if it is found to be incorrect.
This for instance, could be because of inaccurate personal data, how a name is spelt, to change your next of kin details, or a new address.
 
The right to restriction of processing (GDPR Art 18), people have the right to restrict how data is collected, used, and stored relating to them.
 
The right to data portability (GDPR Art 20), this is closely linked with Art 15, the Right of Access to the Data Subject. You have the right to receive the personal data concerning them in a commonly used electronic format for no charge.
 
The right to object (GDPR Art 21), under the General Data Protection Regulation you have the right to object to us processing your information.
 
If we change any of the information due to a request from you, we will contact you and tell you what we have changed.  In some cases upholding the rights to object, rectification, and the restriction data may affect the treatment you receive, and may make the provision of treatment or care more difficult or even unavailable. We may refuse to uphold the request. If this is the case we will inform you without undue delay, and within one month of the request.

We will tell you:

• The reason why we are not taking action
• Your right to complain to the Information Commissioners Office
• Your right to enforce the right via legal means

 
If you require access to your health records you will need to make a written request to:

OPD/Health Records Administration Manager
Tameside & Glossop Integrated Care NHS Foundation Trust
Fountain Street
Ashton-under-Lyne
OL6 9RW

Tel: 0161 922 6519

Email: accesstohealthrecords@tgh.nhs.uk

The organisation can only provide access to the information it holds. For instance, to see the records held by your GP you will have to contact your GP surgery.
 

This authority is under a duty to protect the public funds it administers, and to this end may use the information you have provided on this form for the prevention and detection of fraud. It may also share this information with other bodies responsible for auditing or administering public funds for these purposes.

For further information contact your Local Anti-Fraud Specialist 0161 206 1909 

National Fraud Initiative

This authority is under a duty to protect the public funds it administers, and to this end may use your personal information i.e name, address, DOB, you have provided to the Trust upon appointment for the prevention and detection of fraud. It may also share this information with other bodies responsible for auditing or administering public funds for these purposes.

For further information, see the anti-fraud intranet page or contact your Local Anti-Fraud Specialist.

We take confidentiality very seriously, should something go wrong and your data has been compromised we will contact you, and the Information Commissioner’s Office to inform of the breach.

If the incident is part of a wider breach and it is impossible to inform all those affected personally, we will contact the media news outlets to inform people of the data breach.

Contacting us/Raising a concern

If you would like to contact us or have any concerns about your care of treatment, or that of your relative we need to know about them as soon as possible, so we can take action to improve the situation.
 
Please contact:
Quality and Governance Unit
PALS and Complaints Department
Silver Springs House
Tameside and Glossop Integrated Care NHS Foundation Trust
Fountain Street
Ashton-under-Lyne
OL6 9RW
 
Tel 0161 922 4466

Email: palsandcomplaints@tgh.nhs.uk

Information Commissioner’s Office

The General Data Protection Regulation 2016 requires the Trust to lodge a notification with the Information Commissioner to describe the purposes for which we process information.
 
The details are publicly available from the Information Commissioner’s Office:
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
 
Telephone: 01624 545 745

Website www.ico.gov.uk

Twitter @ICOnews

Tameside and Glossop Integrated Care NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services.

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply.

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Our organisation is compliant with the national data opt-out policy.

Cookies are used minimally on this website for site usage analytics. You may delete and block all cookies from this site, but some parts of the site may not work as expected.

We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this and we will make it clear when we collect personal information and will explain what we intend to do with it.

For more information on enabling and disabling cookies please visit About Cookies.

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice above.
 
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current situation it has become even more important to share health and care information across relevant organisations.
 
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
 
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to subject access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
 
In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
 
During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
 
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.  
 
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.  
 
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
 
We may amend this privacy notice at any time so please review it frequently. The version control on this page will be amended each time this notice is updated.

Each health and care organisation in Greater Manchester collects information about you and keeps records about the care and services they have provided.
 
The GM Care Record pulls together this key information about you from these different health and social care records and displays it in one combined record. This enables health and social care staff to find all the key information about your care in one place which helps them to make the most informed decisions and provide the best care to you as a patient or service user. It is also essential that health and social care staff have access to the most up to date information including alerts that may be helpful for staff involved in your care.
 
We also remove or scramble the information that identifies you such as your name, address, and date of birth so that we can use this information to better plan our services, make sure that we are providing the best care, and for research into different conditions.
 
Health Innovation Manchester works across Greater Manchester’s Health and Care system and is rolling out the GM Care Record on behalf of our partners.

You can find out more about the GM Care Record by clicking here

Staff data collected for seasonal flu to support the management of COVID19

NHS Digital have been instructed by the Secretary of State and NHS England to support the programme by providing the flu vaccination data in preparation for the coronavirus vaccinations when they become available.
 
All staff members have been offered the flu vaccination this year, as part of process all staff members were required to complete a flu vaccination form where the Trust recorded your personal information in relation to the vaccine. The Trust will be required to share this information with other NHS Organisations.
 
How will your data be collected?
The data regarding your vaccination status has been recorded by the Trust and will be provided to NHS Digital along with information from the Electronic Staff Record (ESR) system and the Personal Demographic Spine. This data will be updated throughout the flu season.
 
What data is being collected?
The full list of data items can be viewed on the Trust's intranet along with the source of the data, please note that your NHS number is not stored in ESR.
 
Who we will share the data with:
Your data will be shared by NHS Digital with NHS South, Central and West Commissioning Support Unit who are delivering the national call and recall service on behalf of NHS England, this service requires data about which members of staff are eligible to receive a vaccination and who has had the vaccination.
 
What can I do?
Please ensure that all your information on ESR is up to date at all times.
 
What is the legal basis for sharing?
The DPIA states the legal basis for establishing this system and processes and is covered by the NHS Control of Patient Information Regulations, (COPI) Notice. When receiving the vaccination, you are considered a patient.
 
The details of the COPI can be found here:
https://www.nhsx.nhs.uk/information-governance/guidance/flu-vaccines-and-covid-19-response/
https://digital.nhs.uk/coronavirus/coronavirus-covid-19-response-information-governance-hub/control-of-patient-information-copi-notice
 
NHS England’s exercise of the Secretary of State’s public health functions

National Health Service Act 2006, c. 41, Part 1, Exercise of Secretary of Secretary of State's public health functions, Section 7A and sections 2, 2A, 2B and 12 of the 2006 Act so as to provide or secure the provision of s.7A services (as described in paragraph 1.3)
 
NHS public health functions agreement 2019-20, Public health functions to be exercised by NHS England dated December 2019 describes what is to be included Public Health Functions Agreement 2019-20
NHS Act 2006 S.2 General Powers
 
The Secretary of State, the Board, or a clinical commissioning group may do anything which is calculated to facilitate, or is conducive or incidental to, the discharge of any function conferred on that person by this Act.
 
Further Information:
Please contact the Information Governance Team at DPO@tgh.nhs.uk
 

Approved by IGG [Version 1.13]

17/07/2023 Updated information from NHS Digital, to NHS England

16/12/2022 Updated information following comments by NHS Login
26/09/2022 Added the mandatory information relating to the National Fraud Initiative by MIAA.

18/08/2022 Added information relating to NHS Digital's NHS Logon

17/08/2022 Updated the Trust's compliance to the NHS Data Opt-Out

23/12/2020 Added the NHSX url to 'Staff data collected for seasonal flu to support the management of Covid19'

07/12/2020 Updated COVID19 section, the addition of 'Staff data collected for seasonal flu to support the management of COVID19' section
09/04/2020 Added 'Covid19 and your information' section.
23/12/2019 Updated the title on the home page to read to, 'How we use personal information'.
16/08/2019 Updated National NHS Data Opt-Out Programme information.
28/08/2018 Updated contact details. 
04/10/2018 Added Anti-Fraud information.
19/12/2018 Updated 'What is a Privacy Notice' section on MIAA's PG's suggestions.