Privacy statement

Privacy and Accessibility

The Dudley Group NHS Foundation Trust has responsibility for ensuring your personal data is processed in accordance with the principles of the Data Protection Act 1998. The purpose of this privacy statement is to:

  • Inform you why we collect information about you
  • Inform you how we use your personal information
  • Explain who we share your personal information with
  • Explain how you can restrict the disclosure of information
  • Inform you about our text messaging service
  • Explain how your personal information is used to improve the NHS as a whole
  • Explain how you can access your medical records

Dudley Multi Agency Safeguarding Hub privacy notice

The purpose of the NHS is to provide you with the highest quality of health care. To help us achieve this we must keep records about your health, treatment and the care we have provided or plan to provide.

These records are called your health records and may be stored in paper format or electronically. Health records may include information such as:

  • Personal information including your name, address, date of birth, NHS number, next of kin, ethnicity and contact details
  • Contacts we have had with you such as hospital admissions or outpatient appointments
  • Records and reports about your health
  • Results of investigations, such as X-rays and laboratory tests
  • Relevant information from other health professionals, relatives or carers

If you think that any of the information we hold about you is incorrect, please let us know as soon as possible. Please check that the details we have about you are correct with either the receptionist if you are attending an outpatient’s appointment or the ward clerk if you are an inpatient. If you feel we hold incorrect medical information please inform your doctor.

Your records are used to guide and administer the care you receive to ensure your doctor, nurse or other healthcare professionals involved in your care has up-to-date information to assess your health and decide what care you need when you visit in the future.
In all circumstances where we need to share your information we will only share it with those who are authorised to receive it. In most cases this will include:
  • NHS Trusts (where your care and rehabilitation is to be continued elsewhere)
  • General Practitioners (GPs)
  • Ambulance Services
  • Other healthcare providers with which the Trust has a sharing agreement in place
  • Clinical Commissioning Groups (CCGs)

All information we hold about you is confidential. We will not release any information about you without your consent, except to other professionals involved in your care or in exceptional circumstances for instance when the health and safety of others is at risk or where the law requires information to be passed on..

Subject to strict agreements describing how it will be used, your information may also be shared with:

  • Social Services
  • Education services
  • Local Authorities
  • Private Sector Providers
  • Crime Reduction Initiatives
  • Safeguarding Teams
  • Dudley MBC Community and Housing Services
  • Voluntary services
  • The Police

We will ask you for your explicit consent to share your personal information unless we are mandated by law or the health and safety of others is at risk.

  • Look after the health of the general public
  • Audit NHS financial accounts and patient services
  • Investigate complaints, legal claims or Serious Incidents
  • Make sure our services can meet patient needs in the future
  • Prepare statistics on NHS performance
  • Review the care we provide go ensure it is of the highest standard
  • Receive payment for the care we provide
  • Teach and train healthcare professionals
  • Notify central NHS groups of outbreaks of infectious diseases

Some of this information will be held centrally, but, where this is used for other purposes, care is taken to ensure that the individual patients cannot be identified.

Anonymous information may also be passed on to organisations with a legitimate interest, such as:

  • Universities
  • Research institutions

Personal identifiable information may be used for essential NHS purposes such as research and auditing services. This will only be done with your consent unless the law requires information to be passed on to improve public health.

You may be receiving care from several organisations including the NHS, Social Services and voluntary organisations.

  • We may need to share your information so we can all work together for your benefit
  • We will only ever use or pass on information about you if professionals involved in your care have a genuine need for it.

We will not disclose your information to third parties without your permission, giving you the chance to opt out of the sharing, unless there are exceptional circumstances, such as when the health or safety of vulnerable patients are at risk, the health and safety of others is at risk or where the law requires information to be passed on.

The law requires us to report certain information to the appropriate authorities:

  • Notifications of new births
  • Where we encounter diseases which may endanger the safety of others, such as meningitis or measles etc.
  • Where a formal court order has been issued
The Care Record Guarantee is the NHS commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing. The Care Record Guarantee can be accessed via the following link:

Everyone who works for the NHS or in partnership with the NHS has a legal obligation to keep your information confidential and secure.

All staff are required to complete on an annual basis mandatory information governance training which covers confidentiality and processes for keeping your information secure.

Within The Dudley Group NHS Foundation Trust there are key individuals with responsibility for protecting your information and these are the Senior Information Risk Owner (SIRO) who is accountable for the management of information assets and associated risks and incidents, and also the Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.

The Dudley Group NHS Foundation Trust operates a text messaging reminder facility for certain services. You can opt in to this service by confirming your contact details, including your mobile telephone number. Text messages will then be sent to the mobile telephone number you have provided us with.

Please note that if the mobile telephone number you provide us with is not your own, we cannot be held responsible if someone else reads your text message.

For the services that provide this facility you do not have to provide us with your mobile telephone number if you do not wish to receive this service.

The Dudley Group NHS Foundation Trust may from time to time ask for your views on the services we provide to enable us to improve.  This request may be sent by text message.  To OPT out, simply reply STOP free of charge or call free phone 0800 073 0510

When collecting or transferring sensitive information such as health and personal details we use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure.

However, any information we receive from you via Hotmail, AOL, Google mail or Yahoo or other web-based email systems and any response we might transmit via email in return, cannot be guaranteed to be completely protected from access by unauthorised persons. This is because the World Wide Web is beyond our control. It is also the case that we cannot guarantee who has access to an individual’s emails within any home, office or internet café setting.

If we receive an email from you via Hotmail, AOL, Google mail or Yahoo or other web-based email systems we will assume that you have provided your consent for us to respond to that email address and you have taken into account the issues raised above.

The Data Protection Act 1998 allows you to find out what information is held about you on computer and in certain manual records. This is known as the ‘Right of Subject Access’. If you wish to see or receive a copy of your records or those belonging to:
  • Your child, if the healthcare professional decides it’s in the best interest of the child. In the case of older children you may see the records if the child agrees, or if the child is unable to understand, if the healthcare professional agrees that it is in the child’s best interests
  • A patient who has died and you are acting as their personal representative or you have a claim resulting from their death
  • Someone unable to give permission because of age or mental ability where you have a legitimate interest.

Please make your request in writing to: The Access to Health Records Team, Health Records Department, Russells Hall Hospital, Dudley, West Midlands, DY1 2HQ
Tel: (01384) 456111 (ext. 1390)

Please include the full name, address and details of the records that you wish to receive a copy of. If you are requesting information for someone other than yourself, you will be required to provide written consent from that person or proof of your legitimate rights to access that information.

However, you can be refused access to some or all of your records if:

  • The person in charge of your care thinks that you or someone else can be harmed by disclosing the information
  • The information relates to or was provided by someone else who can be identified and is not the patient or a healthcare professional
  • You have applied on behalf of someone who has died or is no longer capable and they originally gave the information on the understanding it would not be shared

The Data Controller responsible for keeping your information confidential is:

The Dudley Group NHS Foundation Trust
Russells Hall Hospital
Pensnett Road
West Midlands
The principal partner organisations with which the Trust has sharing agreements in place and where information may be shared are:
  • Action Heart
  • Birmingham City Council
  • Black Country Partnership NHS Foundation Trust
  • Care, Grow, Live (CGL) Atlantic Recovery Centre
  • Community Safety Partnership
    • West Midlands Police
    • West Midlands Fire
  • Dudley and Walsall Health Partnership NHS Trust
  • Dudley Community Partnership
  • Dudley Council for Voluntary Service (Dudley CVS)
  • Dudley MBC
  • Genomic Health UK Ltd
  • GP surgeries
  • Ophthalmic Diagnostic Services
  • Safeguarding Teams
  • Solihull MBC
  • The Black Country Alliance
    • Walsall Healthcare NHS Trust
    • Sandwell and West Birmingham Hospitals NHS Trust
  • The Royal Wolverhampton Hospitals NHS Trust
  • Walsall Council

The Data Protection Act 1998 requires organisations to register with the Information Commissioner’s Office to describe the purposes for which they process personal information. These details are available publicly from:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

The Dudley Group NHS Foundation Trust website does not store or capture personal information other than that provided voluntarily by users of our feedback form. The site merely logs general visitor statistics which are collected and used to improve and maintain the website for the benefit of visitors.

Links to external web sites are not included.

We make every effort to check and test material at all stages of production. It is always wise for you to run an anti-virus programme on all material downloaded from the internet. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system that may occur while using material derived from this website.
This site has been optimised for a screen of 800 x 600 resolution and is best viewed in high colour (16 bit) or above.
All downloadable documents on the site are available in Portable Document Format (PDF). To view PDF files you will need Adobe Acrobat Reader installed on your computer. This can be freely downloaded from the Adobe site which can be accessed from the link below.Click here to download the latest version of Adobe ReaderAcrobat supports Microsoft Active Accessibility (MSAA), a standard that enables Windows based programs to easily deliver information to assistive technologies.Click here to find out more about Adobe Acrobat and accessibility.

This organisation is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information. For further information on data matching at this organisation contact Chris Walker, Deputy Director of Finance, on 01384 321039; or Antony Upton, Local Counter Fraud Specialist, on 07484 040694.