Data Protection

The Data Protection Act

Hinchingbrooke Health Care NHS Trust is committed to comply with the Data Protection Act 1998 (the Act).

The Act sets certain principles which organisations must adhere to in order to ensure the confidentiality of patients (and staff) whose records we hold.This page will give you some basic information about the Act and some of our obligations. If you wish to find out more or to discuss how this trust handles your personal information you may contact the information governance lead on 01480 363525 or by email to:

What data do we collect?

Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These help ensure that you receive the best possible care from us. They may be written down (manual records) or held on a computer. The records may include:

  • Basic details about you, such as address and next of kin
  • Contacts we have had with you, such as clinic visits
  • Notes and reports about your health and any treatment and care you have received
  • Details and records about the treatment and care you receive
  • Results of investigations, such as X-rays and laboratory tests
  • Relevant information from other health professionals, or those who care for you and know you well

How do we keep your records confidential?

Everyone working for the NHS has a legal duty to keep information about you confidential.
You may be receiving care from other organisations as well as the NHS (e.g. Social Services). We may need to share some information about you so we can work together for you benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires information to be passed on. Anyone who receives information from us is also under a legal duty to keep it confidential.

Who do we share information with?

We are required by law to report certain information to the appropriate authorities. This is only provided after a qualified Health Professional has given formal permission.

Occasions when we must pass on information include:

  • Notification of new births
  • Where we encounter infectious diseases which may endanger the safety of others, such as meningitis (but NOT HIV/AIDS)
  • Where a formal court order has been issued

Our guiding principle is that we are holding your records in the strictest confidence.

Who are our partner organisations?

The principal partner organisations, with which information may be shared include:

  • Other Health Authorities
  • NHS Trusts
  • General Practitioners (GPs)
  • Ambulance Services

Your information may also, subject to strict agreements describing how it will be used, be shared with:

  • NHS Common Services Agencies, such as Primary Care Agencies
  • Social Services
  • Education Services
  • Local Authorities
  • Voluntary Sector Providers
  • Private Sector Providers

Audit Commission

This trust is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

The Audit Commission appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Audit Commission may require us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Audit Commission for matching for each exercise, and these are set out in the Audit Commission’s handbooks, which can be found at

The use of data by the Audit Commission in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Audit Commission is subject to a Code of Practice. This may be found at

Access to Your Personal Data

Under the data protection act you have a right to view any records held about you. This right extends to your medical records.

If you wish to see a copy of your medical records you must contact our Medical Records Department. You may be asked to fill in a form giving details of yourself and what records you require. You may also be charged for copies of your records. This will all be explained to you if you contact us.

Request for Access to Personal Information

Request for Access to Personal Information relating to a deceased patient

Members of staff are also entitled to ask for a copy of their Personnel records. You will need to contact your line manager, or the HR department to discuss this.

Hinchingbrooke Health Care NHS Trust Data Protection

Register entry. (To find entry type “Z6608359” in the registration number search box and hit enter).