IHG collects information about you when you are referred by your GP for treatment and during your clinical consultation. We also collect information when you voluntarily complete customer surveys, visit our website, provide feedback and speak to a member of our team.
Non-Personal Identification Information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web browser cookies
Personal Identification Information
As a trusted healthcare provider we need to hold information about our patients to help ensure that they receive proper, necessary and effective treatment. We firmly believe that information should be held securely and should only be available on a ‘need to know’ basis. The information includes:
• your full name, date of birth and address, phone number, email address
• your next of kin contact details
• medical test results, symptoms and diagnoses
• details of contact we have had with you, such as referrals
• details of the services you have received
• patient experience feedback and treatment outcome information you provide
• notes and reports about your health and any treatment you have received or need, including clinic and operational visits and medicines administered
Legal Basis for Sharing of Information
As a healthcare provider we access your healthcare information to provide direct care in accordance with Articles 6 and 9 of the EU General Data Protection Regulations.
The information we hold about you helps us to:
• provide a good basis for all health decisions made by you and your healthcare professional
• make sure your care is safe and effective
• work effectively with others providing you with care.
We may also use your information to:
• Respond to enquiries, questions and/or other requests.
• analyse how visitors use our website to improve services;
• assess the quality of care we give you
• protect the health of the general public
• monitor NHS spending
• manage health services
• help investigate any concerns or complaints you or your family have about your healthcare
• report infectious diseases
• help with accounts and auditing
• secure clinical funding from your GP and the Clinical Commissioning Group
• report fraudulent claims for NHS treatment.
We have a duty to:
• maintain a full accurate record of the care we give you
• keep records about you confidential, secure, accurate and accessible
• follow UK law and dispose of your information confidentially when it is no longer needed
• give you copies of your healthcare information in an easy to understand format (in a large type if you are partially sighted) and a list of medical abbreviations we use.
How and why is your information shared?
At IHG we take your privacy seriously and will only use your personal information when caring for you and to give you any products and services you have asked for.
The company will not disclose any information about you other than in exceptional circumstances where we are required to do so by law.
You can also get further information on:
• agreements we have with other organisations for sharing information
• circumstances where we can pass on personal data without consent for example to prevent and detect crime and to produce anonymised and pseudonymised statistical information to improve NHS services
• our instructions to staff on how to collect, use and delete personal data
• how we check that the information we hold is accurate and up to date.
Who we share your information with
IHG uses approved specialist companies which are accredited to provide any diagnostic tests or services you might need; for example, genetic testing and specialist tests.
We work closely with many organisations in order to provide you with the best possible care including:
• your GP practice
• other hospitals and community organisations providing care services
• Clinical Commissioning Groups responsible for the management of your local NHS budget
• specialist companies providing diagnostic and testing services you might need; for example, blood test, X-ray, and ultrasound scans.
• Health professionals should share information in the best interests of their patients. This means that where necessary we will also share your health information with other health care providers/professionals involved in your care.
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We have implemented the following:
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Do I have a choice about who accesses my medical record?
IHG uses a secure electronic patient record system which enables GPs to refer you here. You can decide whether we can give limited access to the information held within your GP record.
Our system is also used by other GP practices, child health services, community services, hospitals, out-of-hours services, palliative care services and many more. This means your information can be shared with other clinicians so that everyone caring for you is fully informed about your medical history, including medication and allergies. We will seek your consent before sharing your medical information.
Sharing out: This controls whether your information stored by us can be shared with your GP
Sharing In: This controls whether information in your medical record held by your GP can be viewed by staff on a need to know basis
When using our website, Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
Security and Performance
IHG is registered with the Information Commissioner’s Office which is the regulator for data protection and privacy and electronic communications. Our registration number is: Z1713294
We are committed to keeping your personal information secure. We have put in place physical, electronic and operational procedures to safeguard and secure the information we collect. All our employees and partner organisations are legally bound to respect your privacy and the confidentiality of your information. Access to your information is strictly controlled and only accessible to employees on a need to know basis.
A full copy of our data protection registration details can be accessed via the link: Register of Data Controllers
IHG is registered with the Department of Health (DOH) and our security and confidentiality compliance is assessed by the completion of the Information Governance (IG) Toolkit. This is an online system which allows organisations’ information security, data protection, and confidentiality processes and procedures to be assessed against national standards required by NHS Digital and the Care Quality Commission.
During the financial year 2016-17 the Trust achieved a “satisfactory” rating.
we hold information about you as a patient you have the right to:
1. Be informed:
Individuals, which include patients and staff, have the right to be informed about the collection and use of their personal data.
2. Right of access
You have the right to find out what information we hold about you as a member of staff or as a patient. This is called a right of access. You exercise this right by asking us for a copy of the information we hold about you. There is no charge for this service.
We are required to supply this information to you within 30 calendar days from the date IHG receives your request.
3. The right to get your data corrected
You have the right to have any inaccurate personal information about you corrected within 30 calendar days month.
You can make this request verbally and in writing.
In certain circumstances the Trust can refuse the request for rectification.
4. Your right to get your personal information deleted
You have the right to ask the Trust to delete any personal information we hold about you in certain circumstances. This is known as the ‘right to be forgotten’.
This right is not absolute and can only apply in certain circumstances.
You don’t have to ask a specific person within the hospital. We do recommend that you follow up any verbal requests in writing by contacting the Trust’s Data Protection Officer explaining your concerns, providing evidence and stating your desired solution.
5. Right to limit how we use your information
You can limit the way the hospital uses your personal data if you are concerned about the accuracy of the data or how it is being used.
In certain circumstances, you can make a request for the hospital to limit the use of your personal information. This could include:
•Temporarily removing information from a system
•Making it unavailable to users, or
•Temporarily removing it from a website, if it has been published.
The Trust may refuse a request to limit the use of your information if we believe that your request is unfounded or excessive. We won’t do this without letting you know and if your request is ‘manifestly unfounded’. We may ask for a reasonable fee to cover administration costs.
6. Right to data portability
You have a right to get your personal information from the hospital in an accessible format, paper, electronic or CSV file.
You can also ask the hospital to transfer your electronic information to another healthcare provider if it is technically feasible.
How long will I need to wait for my data to be transferred?
The hospital has one month to respond to your request. We may need extra time to consider your request and this may take up to two months but we will let you know.
7. Right to object
You have the right to object to the use of your information in some circumstances.
Your request can be verbal or in writing. We recommend that you follow up any verbal requests in writing by contacting IHG’s Data Protection Officer explaining your request.
8. Rights relating to decisions made about you by a computerised system.
This is called automated decision making and profiling for example, completing an online aptitude test using a pre-programmed algorithm and or criteria when applying for a job vacancy.
You can ask for information to understand the reasons behind the automated decisions. The request can be made verbally or in writing. We recommend that you follow up any verbal requests in writing by contacting IHG’s Data Protection Officer explaining your request.
Profiling means information about you is used to analyse or predict things like:
•Your performance at work
•Your personal financial status
•Your health, personal preferences and interests.
You can object to the collection of profiling information if it includes direct marketing.
It may take IHG a month to respond to your request, but in certain circumstances, we may need more time which can take up to an extra two months. We will let you know within the 30 days if it might take longer.
Raising a concern
You have a right to be confident that the hospital handles your personal information responsibly and securely.
If you would like to speak to someone, about any concerns you may have please call IHG on 0333 0100 362
You can also seek advice from or make a complaint to the Information Commissioner’s Office (ICO) who is the UK data protection regulator.
The information we collect on you is retained in accordance with the NHS Code of Practice: Records Management: https://www.gov.uk/government/publications/records-management-nhs-code-of-practice
If you would like to receive a copy of your medical records, report a concern or inaccuracy within your record or would like to restrict who your medical data is shared with, please speak to your clinician or contact any of the people listed below. They will be happy to help:
Dr Matthew Wordsworth
0333 0100 362
Ms Heidi Doubtfire-Lynn
Data Protection Officer
0333 0100 362
Information Commissioner’s Officer
Helpline number: 0303 123 1113