Surrey and Borders Partnership NHS Foundation Trust(lead organisation within Mindworks Surrey)

Why do we collect information about you?

It’s so we can provide you with the best possible care. But to do this, we need to keep and update your electronic records and the care we provide for you.

How do we keep your records?

Your records may be on paper, but usually they will be held online.

Who can see and update my records?

Only the people who are helping and supporting you, as part of your health and care will see or update your records.

This may be your doctor, carer or the health worker that you see; this can include mental health social workers and some administrative staff. But we are all trained to make sure your records are updated accurately and all take our legal duty seriously so your privacy is protected.

Sometimes, to make sure you get the best care from us, we do work with teams from other health and care organisations. They may be voluntary charities, other health providers or the local council/police. We will ask you its ok to share some of your details with them. Remember, we will only share what is needed for your care.

Under the law, there may be times when we must share information but are not required to seek your consent. Such as:

  • If there is a concern you are putting yourself, or another person (or child) at risk of serious harm
  • Where we have been instructed to do so by the Court or part of the investigation of a serious crime
  • If you are subject to the Mental Health Act (1983), there are cases where your ‘nearest relative’ must receive information, even if you object
  • For public health reasons or other legal reason, we have to notify the relevant authorities e.g. certain infectious diseases

How do I know my privacy will be kept?

As Surrey and Borders Partnership NHS Foundation Trust, we have a public duty under law to care for the people who use services and their personal health data.

  • We work strictly within the guidelines set out by data protection legislation and the NHS, such as the NHS Caldicott Principles
  • If any of our health care partners are not in the UK, we will tell you
  • We will not share or sell your health records for marketing purposes or shared them with third parties

Why do you need to keep my records?

We have health records so we (and you) can see what is happening as part of your health and care support. Your records also help us to:

  • Check and monitor the quality of the care we are providing you
  • If we do make an error, your records will show where we went wrong so we can learn from it
  • It also helps us to plan for the future and make sure we get the right staff in the right areas to give you the support and care you will need.

What is the legal basis for processing personal data?
The legal basis for the processing of personal data is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health and data protection law. The legislation says it is appropriate to do so for the health and social care treatment of patients, and the management of health or social care systems and services. Where we use your personal information for other reasons beyond those stated, we will discuss it with you with details available on our website.

What is in my records?

We only record the key items for your health care; this will include details about you such as:

  • Your NHS number
  • Your name and address
  • When you were born
  • Notes on care, treatment and support you are getting or had, as a patient, appointment or visit (such as from a carer)
  • And who you have told us we can contact in the event of an emergency

How long will you keep my records?

We only keep your details for as long as necessary, which is set out under NHS guidelines: ‘Records Management Code of Practice for Health and Social Care 2016’. A copy may be downloaded from our website.

What are my rights about the data you hold about me?

You have a right to see all the records we hold about you (paper and digital), unless:

  • It has been provided by someone else and we don’t have their permission to share it
  • It relates to criminal offences, or the detection/prevention of crime
  • It could cause harm (physical or mental harm) to you or someone else.

Under current data protection legislation, you have rights regarding your data:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

Further details about your data rights are available from the Information Commission’s Office or from our website (search for the ‘Data rights’).

If you would like further information on how we use the information we keep about you, please ask your care co-ordinator.

Need more information?

  • Your care co-ordinator may be able to help.
  • Our website contains more information on data protection and your personal information.
  • Our Patient Advice and Liaison Service (known as ‘PALS’) has advice and support to help resolve any concerns you may have about our services. You can contact them at:
  • For details on accessing your records, please refer to our Access to Health Records Guidance and Application form which may be accessed by:
  • Our Data Protection Officer Louis Lau can be contacted at: dpo@sabp.nhs.uk
  • If you are still not satisfied with the outcome, you can contact: