Skip to content

020 8510 5555

Your health records and our obligations to you.

Your personal information
This page provides you with information about how we use and manage the information we have about you, including how we share it with NHS and non-NHS organisations, and how we maintain confidentiality.

What is personal data?
Personal data is information that relates to a living individual who can be identified from that data.

Why we collect information about you
Homerton University Hospital NHS Foundation Trust keeps records about the health care and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us.

It helps you because:

  • Accurate and up-to-date information assists us in providing you with the right care
  • Full information is readily available if you see another doctor or are referred to a specialist or another part of the NHS

It helps the NHS to:

  • Prepare statistics on NHS performance
  • Audit NHS Services
  • Monitor how we spend public money
  • Plan and manage the health service
  • Teach and train healthcare professionals
  • Conduct health research and development 

Data Protection Act 2018 (This is the UK’s implementation of the GDPR (General Data Protection Regulations)
The Data Protection Act 2018 governs the processing of personal data held on computer systems and in other formats. It restricts how we can use an individual’s data, and consists of the Data Protection Principles that must be applied when processing personal data.

Organisations that process personal data must register as a 'data controller', and notify the Information Commissioner (ICO) why they need to process the data.

Homerton University Hospital NHS Foundation Trust is the data controller of personal information that is collected by the Trust to help us provide and manage healthcare to our patients.

Full details of all the purposes to which data may be put are listed at the ICO website ( ). The Trust is registered with the Information Commissioner. The Trust registration number is Z5917319. 

What kind of information does the Trust hold about you?

  • Name, address, date of birth, NHS Number and next of kin
  • Contacts we have had with  you such as clinic visits
  • Details of diagnosis and treatment
  • Allergies and health conditions

We are currently upgrading our electronic patient record system and rolling out ePrescribing to help our clinicians with decision support and easy, fast access to the information they need to provide you with the best possible care.  This will also help make our records of your care more robust; help us keep your GP informed of all we do for you here; and better secure the storage of your health record for the future. 

How do we keep your records confidential?
Everyone working for the NHS is subject to the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (the UK’s implementation of the GDPR), and also the Common Law Duty of Confidence. Information provided in confidence will only be used for the patient’s direct care. If it is required for other purposes, then the patient will be asked for consent, unless there are other circumstances covered by the law.

Purpose and Lawful Basis for processing
The Lawful Basis we rely on to process your personal data is article 6(1)(e) in conjunction with Article 9(2)(h) for Special Category Data of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a National Health Service provider.

The National Data Opt-Out
This is a service that allows patients to opt out of their confidential patient information being used for research and planning. By 2020 all health and care organisations are required to apply national data opt-outs where confidential patient information is used for research and planning purposes.

Patients can find out more and set their opt-out choice at

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. This will be noted in your records.

The Trust shares data with a range of organisations. Wherever possible the information is anonymised. However, data may be shared with other organisations for the purposes of caring for a patient. In that case the data has to be identifiable to ensure that all parties are always clear exactly whose data is being used.

We may share your information for health purposes with other NHS organisations, e.g. health authorities, NHS Trusts, general practitioners (GPs), ambulance services and other NHS common services agencies such as primary care agencies. 

Information sharing with non-NHS organisations
For your benefit, we may also need to share information from your health records with non-NHS organisations, from which you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.

We may also be asked to share basic information about you, such as your name and address, which does not include sensitive information from your health records. Generally, we would do this to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.

This organisation is a member of the North east London Information Sharing Network. When patient information is shared with other non-NHS organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.

These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the Police, voluntary sector providers and private sector providers. 

Patient satisfaction
We may use your details to contact you with patient satisfaction surveys relating to services you have used. This is to improve the way we deliver healthcare to you, our patient. 

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information. See below*
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

*Can I see my information?
Under the Data Protection Act 2018 a person may request access to information (with some exemptions) that is held about them by an organisation. This is known as the Right of Subject Access.

If you require access to your health records you must make a written request to:

Health Records Manager
Homerton University Hospital NHS Foundation Trust
Homerton Row
E9 6SR

Please make all other requests to:

Information Governance
Homerton University Hospital Foundation Trust
St Leonard’s Hospital 
2nd Floor A Block
Nuttall Street
London N1 5LZ

Textphone number 07584 445 400 

The Trust can only provide access to information it holds. For example to see the records held by your GP you have to contact your surgery.

The Access to Health Records Act 1990 also allows access, in certain circumstances, to information that we hold on deceased patients.

How long do we retain your records?
All our records are destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained. We do not keep your records for longer than necessary.

All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required. 

Monitoring ethnicity
We serve a multicultural community and ethnicity is monitored because it helps us to understand how and why different groups suffer from different diseases. This means we can give you better care and treatment.

Your views
Every year the NHS undertakes surveys of patients’ views. You may be asked to help us understand how you feel about the services we provide. This will help us to continually improve the services we offer.

Information about ethnicity and views provided in surveys and questionnaires are confidential. They will not affect the treatment you receive at the hospital. 

Raising a concern
If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, please contact:
Patient Advice & Liaison Service (PALS)
or write

Homerton University Hospital NHS Foundation Trust
Homerton Row
E9 6SR

Tel: 020 8510 7315

A voicemail service is available out of office hours

Additionally, you have a right to complain to the Information Commissioner if ever you are unsatisfied with the way the Trust has handled or shared your personal information:

Information Commissioner's Office
Wycliffe House
Water Lane 
Cheshire SK9 5AF

Tel: 0303 123 1113 (or 01625 545745 if you would prefer not to call an ‘03’ number, or +44 1625 545745 if calling from overseas)
Fax: 01625 524510 

More information

Patient Information

Privacy Notice easy print

Data protection impact assessments