hero image

Data Protection

Download a leaflet about how we use your information here.

Bedford Hospital’s mission is to protect the rights of our patients and staff in relation to their personal information. As such the Trust is committed to comply with the Data Protection Act 1998 (the Act).

The Act sets out certain principles which organisations must adhere to in order to ensure the confidentiality of patients and staff whose records we hold.

This page provides some basic information about the Act and some of our obligations under it. If you wish to find out more or would like to discuss how this Trust handles your personal information, please contact the Information Governance Manager on 01234 355122 ext. 2620 or by email to: information.governance@bedfordhospital.nhs.uk.

Data Controller

Bedford Hospital NHS Trust is the data controller under the Data Protection Act 1998. This means Bedford Hospital NHS Trust is permitted to collect and process personal information about data subjects so that we can meet our business responsibilities. We will process your data in accordance with the Data Protection Act 1998.

Caldicott Guardian – Medical Director

The Guardian plays a key role in ensuring that the NHS, Councils with Social Services responsibilities and partner organisations satisfy the highest practical standards for handling patient identifiable information. Acting as the ‘conscience’ of an organisation, the Guardian actively supports work to enable information sharing where it is appropriate to share, and advises on options for lawful and ethical processing of information. Should you wish to contact the Caldicott Guardian please email information.governance@bedfordhospital.nhs.uk

Senior Information Risk Owner (SIRO) – Director of Corporate Affairs

The SIRO is a member of Trust Board who has lead responsibility to ensure organisational information risk is properly identified, managed and that appropriate mechanisms exist.  The Trust Board member appointed as the SIRO ensures necessary safeguards for, and appropriate use of, corporate, patient and personal information.

What Data we collect

Your doctor and other health professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These help ensure that you receive the best possible care from us. They may be written down (manual records) or held on a computer. The records may include:

  • Basic details about you, such as address and next of kin
  • Contacts we have had with you, such as clinic visits
  • Notes and reports about your health and any treatment and care you have received
  • Details and records about the treatment and care you receive
  • Results of investigations, such as x-rays and laboratory tests
  • Relevant information from other health professionals, or those who care for you and know you well

How we keep your records confidential

Everyone working for the NHS has a legal duty to keep information about you confidential.
You may be receiving care from other organisations as well as the NHS (e.g. Social Services). We may need to share some information about you so we can work together for you benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk, or where the law requires information to be passed on. Anyone who receives information from us is also under a legal duty to keep it confidential.

Who do we share information with?

We are required by law to report certain information to the appropriate authorities. This is only provided after a qualified Health Professional has given formal permission.

Occasions when we must pass on information include:

  • Notification of new births
  • Where we encounter infectious diseases which may endanger the safety of others, such as meningitis (but not HIV/AIDS)
  • Where a formal court order has been issued

Our guiding principle is that we are holding your records in the strictest confidence.

Who are our partner organisations?

The principal partner organisations, with which information may be shared include:

  • Other health authorities
  • NHS Trusts
  • General Practitioners (GPs)
  • Ambulance services

Your information may also, subject to strict agreements describing how it will be used, be shared with:

  • NHS common services agencies, such as primary care agencies
  • Social services
  • Education services
  • Local authorities
  • Voluntary sector providers
  • Private sector providers

More information can be found in our Information Governance patient information leaflet.

Audit Commission

This Trust is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

The Audit Commission appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Audit Commission may require us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Audit Commission for matching for each exercise, and these are set out in the Audit Commission’s handbooks, which can be found here.

The use of data by the Audit Commission in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Audit Commission is subject to a Code of Practice and information can be found here.

Access to Your Personal Data

Under the data protection act you have a right to view any records held about you. This right extends to your medical records. For further information please click here.

The Information Commissioners Office

Bedford Hospital NHS Trust is registered with the Information Commissioner’s Office as a Data Controller under the Data Protection Act 1998. To see details of our registration, please visit the Information Commissioner’s Office website and enter registration number Z5645207.