Privacy Policy & Data Protection

How we handle your information

Local Health Services such as hospitals, like ourselves, and GP Practices will record and keep your information to ensure you receive the best possible care.

These records include:

  • Your name, date of birth, NHS Number and contact details
  • Information about your appointments and clinical visits
  • Reports and notes about your health, treatment and care
  • Relevant information about people who care for you, such as next of kin and other Health Professionals.

This information provides essential reference for Health Professionals who you see, in all parts of the NHS. It also enables us to investigate any issues, complaints or legal claims.

All NHS Staff have a legal duty to keep your information confidential and secure and records are held securely and in the strictest confidence.

What information do we collect online?

You may choose to submit personal information about yourself (e.g. name, email, address) through the webforms we provide. By entering and submitting your details in the fields requested, you are consenting to North Bristol NHS Trust and our service providers to process your data and provide you with the services you select. Any information you provide to the North Bristol NHS Trust will only be used by us, our agents and service providers and will not be disclosed unless we are obliged or permitted to by law to do so.

Processing your Information

We process personal information to enable us to:

  • provide healthcare services for patients
  • provide feedback on services
  • data match under the national fraud initiative
  • research
  • support and manage our employees
  • maintain our accounts and records
  • use CCTV systems for crime prevention
  • use Body Worn Video Camera (BWV). There are a number of proven uses and benefits such as evidence/record of events, deterring violence and aggression, training and staff development.
  • Use Automatic Number Plate Recognition (ANPR)

Type/classes of information processed

We process relevant information including (but not limited to):

  • Personal details
  • Family details
  • Education, training and employment histories
  • Financial details
  • Goods and services
  • Lifestyle and social circumstances
  • Visual images, personal appearance and behaviour
  • Details held in the patients’ record
  • Responses to surveys

We also process ‘special category’ classes of information that may include:

  • Racial and ethnic origin
  • Offences and alleged offenses
  • Criminal proceedings, outcomes and sentences
  • Trade union membership
  • Physical and mental health details
  • Religion and beliefs
  • Sexual life
  • Genetic data
  • IP addresses

We process personal information about:

  • Our patients
  • Suppliers
  • Employees
  • Complainants, enquirers
  • Survey respondents
  • Professional experts and consultants
  • Individuals captured by CCTV or BWV images

Sharing information

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of general data protection regulation, both UK and globally. Only information that is relevant will be shared following the seven principles of information sharing (Caldicott2 Principles):

  • Formal justification of purpose
  • Information transferred when absolutely necessary
  • Only the minimum required
  • Need to know access controls
  • All to understand their responsibilities
  • Comply with and understand the law
  • The duty to share information can be as important as the duty to protect patient confidentiality.

Where necessary or required we share information with:

  • Our patients
  • Family, associates and representatives of the person whose personal data we are processing
  • Staff
  • Current, past or potential employers
  • Healthcare, social and welfare organisations
  • Suppliers, service providers, legal representatives
  • Auditors and audit bodies
  • Survey and research organisations
  • People making an enquiry or complaint
  • Financial organisations
  • Professional advisers and consultants
  • Business associates
  • Police forces
  • Security organisations
  • Central and local government
  • Voluntary and charitable organisations
  • Community Pharmacists – regarding discharge information (for patient follow up and for patients requiring compliance devices)
  • Regulatory bodies; e.g. Care Quality Commission (CQC).

Legal Basis for Processing - What are the lawful bases for processing?

The lawful bases for processing are set out in Article 6 of the General Data Protection Regulations.

At least one of these must apply whenever we process personal data:

(a) Consent: you have given clear consent for us to process your personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. (This cannot apply if we are a public authority processing data to perform our official tasks.)

We collect and process your Personal Data for a variety of purposes as outlined in this Privacy Policy. 
In many cases, separate consent is not required and therefore we will rely on another ‘legal basis for processing’; these purposes could include:

  • For the purpose of a contract
  • To meet legal obligations
  • For legitimate interests
    • Communication
    • Respond to your requests
    • Promotional messages
    • Surveys
    • Compliance with Law and Public  Safety
    • Improvement & Development
    • Enforcing Terms and Notice

We would obtain consent for the following reasons:      

Consent as a Basis for Processing:

  • Marketing & Communication
  • Sharing with 3rd Party Services

We would also process Personal Identifiable Data potentially for:

  • Research
  • Advertising & communication
  • Transfer of Data
  • Automated processing
  • To enable social sharing and connect with us on social media

Managing preferences and withdrawing consent

Consent means offering individuals genuine choice and control. Under the General Data Protection Regulation, consent requires a positive opt-in. 

We will not use pre-ticked boxes or any other method of consent by default.

As explicit consent requires a very clear and specific statement of consent, we will ensure that this is done.

  • We will keep consents separate from other terms and conditions
  • Be specific and granular, clear and concise
  • We will name any third party controllers who will rely on consent as required
  • Make it easy for people to withdraw consent.

We will:

  • keep evidence of consent - who, when, how and what individuals were told
  • keep consent under review and refresh if and when anything changes
  • avoid making consent a precondition of a service.

Using personal information in the wider Health Service

Prior to the launch of the national data opt-out individuals could set two types of general opt-outs, via their GP practice:

  • A type 1 opt-out prevents information that identifies individuals being shared outside of their GP practice, for secondary uses.
  • A type 2 opt-out prevented confidential patient information from being shared outside of NHS Digital for purposes beyond individual care.

Type 1 opt-outs continue to be honoured until September 2020 at the earliest when the Department of Health and Social Care (DHSC) will consult with the National Data Guardians before confirming their removal.

Type 2 opt-outs have been replaced by the national data opt-out and are no longer valid. All type 2 opt-outs recorded in GP practices up to and including 11 October 2018 have been migrated to become national data opt-outs.

NHS Digital would have written to inform people who previously registered a type 2 opt-out of this change.

More information on the conversion of type 2 opt-outs can be found on the NHS Digital website.

Other national and local opt-outs for specific purposes (for example summary care record opt-out) remain in place and should continue to be applied, when appropriate, alongside the national data opt-out.

Who can opt out?

Any person registered on PDS (and consequently with an NHS number allocated to them) is able to set a national data opt-out.

This covers the majority of patients who have received health or care services in England and, therefore, have data about them in the health and care system in England.

Channels to set a national data opt-out

A number of different channels are available for the public to set a national data opt-out. These are:

  • a digital (online) channel accessed via the national data opt-out service;#
  • for those who need support to set their national data opt-out preference online a digitally-assisted channel is provided that enables members of the public to set a national data opt-out with assistance from NHS Digital staff via the national helpline;
  • a non-digital (paper based) channel accessed by the national helpline or through forms which can be printed from the webpages, and via the NHS App.

There are some points that apply to specific groups with respect to setting a national data opt-out:

  •  Individuals aged 13 or over are able to set a national data opt-out via the digital, digitally-assisted and non-digital channels.
  • Those with parental responsibility (parents & legal guardians) are able to set a national data opt-out on behalf of a child under the age of 13 via the non-digital channel only.

There is a specific form that allows a choice to be set for up to 6 children at once. Any national data opt-out that has been set by a person with parental responsibility for a child under the age of 13 will remain in place unless and until it is proactively changed.

  • Those who have a formal proxy relationship to make decisions on behalf of another adult (either a lasting power of attorney or a court appointed deputy) are able to set a national data opt-out on behalf of that person via the non-digital channel only.
  • Individuals in the secure and detained estate (e.g. prisons) are able to set a national data opt-out through the healthcare professionals working in these settings.
  •  Individuals who have agreed with their GP for their records to be marked as sensitive will be offered the choice to set a national data opt-out through the established processes to set (or remove) a sensitive flag.
  • A national data opt-out cannot be set for a deceased patient unless they have explicitly stated this in a last will or testament. This can only be done via the non-digital channel.

A national data opt-out is stored against a person’s individual record on the NHS Digital Spine against their NHS number.

In some circumstances individuals may be allocated a new NHS number. The rules of how any existing national data opt-outs are applied to the new NHS number and in relation to other changes of circumstances are outlined in brief below.

Assigning new NHS Numbers

In instances where individuals are allocated a new NHS number any existing national data opt-out will not automatically be transferred to the new record.

This will include the following:

  • Adoptions
  • Gender reassignment
  • Identity protection

Instead such individuals will receive a letter informing them of the national data opt-out to ensure that they understand their options either via NHS Digital or the individual who is handling their case.

Connecting Care Records

Connecting Care is a local electronic patient record that allows health and social care professionals directly involved in your care, to share a summary of your medical record.

Your Connecting Care record will help those caring for you to manage your care better, and allow information to be shared quickly and safely. Only authorised staff providing health services across Bristol, South Gloucestershire and North Somerset can access your record.

For more information about Connecting Care, visit the Connecting Care website at which includes information on:

  • What Connecting Care is
  • Why share information
  • How information is protected
  • How to Opt Out/In

Changes to our policy

If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

Last updated: August 2020