[Skip to content]

Search our Site
HRCH logo

Patient records

Protecting your personal information

Hounslow and Richmond Community Healthcare Trust takes your confidentiality and privacy rights very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) 2018 and any subsequent UK legislation

We have a duty to support and care for those most in need.  To do this, we must hold records about you, your personal circumstance and the services/care you are receiving or may need to receive in the future.

This information will be held securely either on paper or on an electronic record.

The record may include:

  • basic details about you, such as address, date of birth, postcode, sex, first language, next of kin, NHS number, ethnic group; in some cases, this might also include genetic information; biometrics (where used for ID purposes); health;

  • sex life; or sexual orientation

  • current and past contacts we have had with you

  • notes and reports about your health and social care and any treatment, care or support you need

  • details and records about the services or care you receive and who is providing them

  • results of your tests and diagnosis

  • relevant information from other professionals, relatives or those who care for you or know you well

  • any contacts you have with us such as home visits or outpatient appointments

  • information on medicines, side effects and allergies

  • patient experience feedback and treatment outcome information, you have provided

  • photos or videos you have consented to be taken

Please note that this is not a full list of the types of information we hold or handle.

Most of your records are electronic and are held on a computer system or a secure IT network. New ways of providing joined up services are being implemented, with closer working with GPs and other healthcare and social care providers. 

To assist this, the use of other electronic patient record systems to share your information will be implemented.  You will be given the opportunity to say no and to opt-out of this sharing.  To do this, please speak to your GP or the team providing your treatment.   

The information that we keep is used to ensure that we can:

  • contact you
  • make informed decisions about your treatment and care
  • plan your service and support
  • refer on to another service if required
  • investigate any concerns or complaints about your service
  • review the care we provide to ensure it is effective
  • work effectively with others who also provide you with care – i.e. your GP, other health providers, social care, or other providers of care
  • monitor people receiving a service and the funding for that service
  • carry out research in order to improve services and ensure they meet people’s needs
  • produce statistics for central government and local planning (This information is used anonymously).

We will process your personal information fairly and lawfully by only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights;

We do not rely on consent to use your information for a health care purpose as a ‘legal basis for processing’.  We rely on specific provisions under Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller or the provision of health treatment.’ 

This means we can use your personal information to provide you with your health care without seeking your consent.  However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care.

Your information will be safe and treated with the utmost respect.  If we ask you for personal information we promise to:

  • make sure you know why we need it

  • ask only for what we need and not collect too much or irrelevant information in order for us to carry out the various tasks within the delivery of your care

  • have secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored to protect it and make sure it is only available to authorised members of staff

  • only collecting and using your information to provide you with your care and treatment and will not use it for anything else

  • if the data is to be used for another purpose (not health care) we will get your consent to share it with other organisations and give you the chance to refuse permission

  • not make your personal information available for commercial use

  • consider your request if you ask us to stop holding and processing data about you

  • notify you if your data is disclosed inappropriately

  • only hold your information for as long as is necessary for your care. This time period is set out and agreed following national guidance. Please ask us for more information


In return we ask you to:

  • give us accurate information

  • tell us as soon as possible if there are any changes to your personal circumstances such as your address

    This helps us to keep your information reliable and up to date


    It is good practice for those providing your care to:

  • discuss and agree with you what they intend to record about you
  • give you a copy of letters and other documents they write about you
  • show you what they have recorded about you
  • ask for your permission to share information with others and
  • let you know what they have told others about you and who those others are

The only individuals who have access to your records regularly, are those involved in providing your service. The NHS and other agencies, including social services and private healthcare organisations work together so we may need to share information about you, with other professionals and services involved in your care. Everyone involved in your service has a legal duty to keep information about you confidential and secure.

When other agencies are involved in providing a service, they will have access to your records. However, in these circumstances only the relevant amount of information is shared.

We share your data with other professionals in order to provide the most appropriate treatment and support for you, and your carers, or when the welfare of other people is involved. 

Examples of who we share personal information with:

  • ambulance services
  • external care providers
  • social care
  • GPs
  • hospitals and other health partners
  • housing organisations
  • police
  • voluntary organisations

The information from your patient record will only be used for purposes that benefit your care - we would never share it for marketing or insurance purposes.

You have the right to refuse/withdraw your consent to information sharing at any time. Please discuss this with your relevant care professional as this could have implications in how you receive further care, including delays in you receiving care.

However, a person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record with other agencies.  In these rare circumstances we are not required to have your consent.

Examples of this are:

  • If there is a concern that you are putting yourself at risk of serious harm
  • If there is concern that you are putting another person at risk of serious harm
  • If there is concern that you are putting a child at risk of harm
  • If we have been instructed to do so by a Court
  • If the information is essential for the investigation of a serious crime
  • If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
  • If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases

Your information will not be disclosed to third parties such as partners, relatives, friends or carers without your consent unless the:

  • disclosure is required by law

  • health or safety of others is at risk


NHS Digital, on behalf of NHS England assess the effectiveness of the care provided by publicly-funded services - we have to share information from your patient record such as referrals, assessments, diagnoses, activities (e.g. taking a blood pressure test) and in some cases, your answers to questionnaires on a regular basis to meet our NHS contract obligations.

You have the right to object to us sharing your information to NHS Digital – this will not affect your care in any way.

More about opting out of sharing your data with NHS Digital

We manage, maintain and protect all information according to legislation, our policies and best practices. We have security measures in place to maintain and safeguard the confidentiality, reliability and availability of our systems and data.

All information is stored, processed and communicated in a secure manner and made available only to authorised members of staff on a need to know basis. Only the minimum amount of information required will be shared.

The trust is registered with the information commissioner’s office, registration number: Z2593470

All the IT systems used by the trust are implemented with robust information security safeguards to protect your personal information.

The trust is accredited to Cyber Essentials standard and meets the requirements of the mandatory data security and protection toolkit

We make every effort to handle all information in a way that respects your rights and meet the requirements of the General Data Protection Regulations and subsequent UK legislation

If you would like to see the information we may hold about you, you can make a ‘subject access request ‘(SAR). Please see our guidance for more information

You also have the right to:

  • appoint a person to make the request on your behalf (for example, a trusted family member or a solicitor).

  • expect your information to be kept confidential

  • Right to refuse or withdraw consent for your information to be shared, however you may be risking the level of care you will receive

  • Right to complain to the information commissioner’s office: See below section 13.

To help us monitor our performance, evaluate and develop the services we provide, it is necessary to review and share minimal information, for example with the NHS Clinical Commissioning Groups. The information we share would be anonymous so you cannot be identified and all access to and use of this information is strictly controlled.   

In order to ensure that we have accurate and up-to-date patient records, we carry out a programme of clinical audits. Access to your patient records for this purpose is monitored and only anonymous information is used in any reports that are shared internally with in our Trust.

The trust actively promotes research with a view to improving future care. Researchers can improve how physical and mental health can be treated and prevented. If we use your patient information for research, we remove your name and all other personal data which would identify you. If we need the information in a form that would personally identify you, we would ask for your permission first.

If you do not want the information from your patient record used to support research, please contact us.

You have a right to see the information we hold about you, both on paper or electronic, except for information that: 

  • Has been provided about you by someone else if they haven’t given permission for you to see it

  • Relates to criminal offences

  • Is being used to detect or prevent crime

  • Could cause physical or mental harm to you or someone else

Your request must be made in writing and we will request proof of identity before we can disclose personal information. You can find out more about accessing your information by referring to our website below:

Please complete this form and return it to the address provided. If you have any questions please contact the Information Governance team: information.governance@hrch.nhs.uk

 Please note: You will need to provide adequate proof of identification

You should let us know if you disagree with something written on your file. You may not always be able to change or remove the information. However, we will correct factual inaccuracies and may include your comments in the records.

Information Governance team

Hounslow and Richmond Community Healthcare:

Telephone: 020 8973 3110

Email: information.governance@HRCH.NHS.uk


Heart of Hounslow Centre for Health
92 Bath Road

Patient Advice and Liaison Service:

Free phone: 0800 953 0363

Email: pals.hrch@nhs.net  

Post: If you have any queries about local health services, or you would like to make a complaint, you can write to us at:

Patient Experience Team
Hounslow and Richmond Community Healthcare NHS Trust
Thames House
TW11 8HU

Information Commissioners Office:

To get further advice or report a concern directly to the UK’s independent authority you can do this by making contacting with:

Information Commissioner's Office
Wycliffe House
Water Lane 

SK9 5AF 

Telephone: 0303 123 1113

Web: https://ico.org.uk/concerns/handling