Privacy Policy

If you are a user with general public and anonymous access the EPUT website does not store or capture personal information, but merely logs the user’s IP address that is automatically recognised by the web server. We do not use cookies for collecting user information and we will not collect any information about you except that required for system administration of our web server.

This privacy statement only covers the EPUT website at [http://eput.nhs.uk]. This statement does not cover links within this site to other websites.

Terms and Conditions

Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern EPUT’s relationship with you in relation to this website.

The term ‘EPUT’ or ‘us’ or ‘we’ refers to the owner of the website. The term ‘you’ refers to the user or viewer of our website.

The use of this website is subject to the following terms of use:

The content of the pages of this website is for your general information and use only. It is subject to change without notice.

Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.

Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any services or information available through this website meet your specific requirements.

This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance, and graphics. Reproduction is prohibited other than in accordance with the copyright policy, which forms part of these terms and conditions.

From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).

You may not create a link to this website from another website or document without EPUT’s prior consent. Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Scotland, and Wales.

Fair Processing Notice

Essex Partnership University NHS Foundation Trust (the Trust) processes information about you in order to provide health care services, and in doing so has to comply with the requirements of the General Data Protection Regulation (GDPR). This means that data held about you must only be used for specific purposes as defined by law. This Fair Processing Notice has been created to inform you about the types of information held about you, why that information is held about you, and to whom that information may be shared.

Who are we and what do we do
Why we collect information about you
How your personal information is used
How your records are used to help the Trust
How we keep your records confidential and secure:
Retention Periods
Who do we share your information with?

Who are we and what do we do?

Essex Partnership University NHS Foundation Trust (EPUT)

Address:
The Lodge
Lodge Approach
Wickford
SS11 7XX

Essex Partnership University NHS Foundation Trust (EPUT provides community health, mental health and learning disability services to support more than 3.2 million people living across Bedfordshire, Essex and Suffolk.

We are large employer in the East of England with more than 5,400 staff working across more than 200 sites. We also provide services in people’s home and community settings.

If you have any questions in regard to your information and how it is used, please contact the below department and we will do our best to help:

Data Protection Officer (DPO)

epunft.dpo@nhs.net

Information Commissioners Officer registration number: ZA242481

If your issues cannot be resolved by the DPO in regard to your query, and you are still not happy with our response, please see the Trust complaints department details below and the ICO details (Information Commissioners Office)

Trust Complaints Department

01268 407817 / 01268 739717
epunft.complaints@nhs.net

Information Commissioners Office (ICO)

Call our helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).

ICO website

Why we collect information about you

Your clinical care team and other health and care professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These help ensure that you receive the best possible care from us. They may be written down (manual records) or held on a computer. The records may include:

  • Basic personal information about you, such as,
    • name
    • address
    • date of birth
    • contact details (telephone numbers/email address),
    • NHS number
    • next of kin details
  • Contacts we have had with you, such as day care clinics and/or home visits
  • ”Special categories” of information about you, such as,
    • Notes and reports about your health and any treatment and care you need
    • Details and records about the treatment and care you receive
  • Relevant information from other health and social care professionals, local authorities, voluntary organisations, relatives or those who care for you and know you well

Other types of information used/processed by the Trust:

  • Anonymised information/data, which is data about you, but you cannot be personally identified
  • De-identified information/data (Pseudonymised), which is data about you, but you cannot be personally identified only your care pathway to help improve the services we provide
  • We record CCTV images of people entering, approaching, or passing our buildings (there will be clear signs to advise you that CCTV is in operation) to;
    • Help staff and visitors feel safer
    • Act as a deterrent to offenders
    • Allow the collection of evidence to help find and convict offenders
    • Prevent, detect, investigate, and prosecute fraud
  • Body Worn Video (BWV) footage is used by our Mental Health staff within our wards to reduce the potential escalation of incidents to protect patients and staff. This will allow the collection of evidence to help find and convict offenders. The BWV will only be activated if the staff feel there is a risk to safety. Should the BWV be activated, you will be advised by the staff.
  • Oxevision is a medical device that captures video footage to monitor vital signs of patients. Footage can be used (clipped) in response to a patient safety incident or following change in a patients vital signs resulting in a system alert.  The video data is stored on the system for 24 hours before being overwritten.  Clipped footage is stored for the duration of the incident investigation, and then securely destroyed.

How your personal information is used

Your records are used to direct, manage, and deliver the care you receive to ensure that:

  • The clinical care team and other healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you
  • The clinical care team and other healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive
  • Your concerns can be properly investigated if a complaint is raised
  • Appropriate information is available if you see another member of the clinical care team, or are referred to a specialist or another part of the NHS

In order to process your information for the above reasons, we will have met a legal requirement, in general this is where we have complied with one of the following:

  • The information is necessary for facilitating direct healthcare for patients (GDPR Article 6 (1)(e), Article 9 (2)(h))
  • We have received consent from individuals to be able to use their information for a specific purpose (GDPR Article 6 (1)(a))
  • There is an overriding public interest in using the information (e.g. to safeguard an individual, or to prevent a serious crime (GDPR Article 6 (1)(e), Article 6 (1) (f), Article 9 (2)(g))
  • There is a legal requirement that will allow us to use or provide information (e.g. a formal court order) (GDPR Article 6 (1)(c))
  • We have special permission for health purposes (granted by the Health Research Authority Section 251)
  • For the health and safety of others, for example to report an infectious disease such as meningitis or measles (GDPR Article 6 (1)(e), Article 9 (2)(i))
  • Processing is necessary in order to protect the vital interests of the data subject or another natural person (GDPR Article 6 (1) (d))

How your records are used to help the Trust

Your information will also be used to help us manage the Trust and protect the health of the public by being used to:

  • Review the care we provide to ensure it is of the highest standard and quality
  • Ensure our services can meet service user needs in the future
  • Investigate service users’ queries, complaints, and legal claims
  • Prepare statistics on the Trust’s performance
  • Audit Trust accounts and services
  • Undertaking heath research and development (you may choose whether to be involved)
  • Helping to train and educate healthcare professionals
  • Test that current / new patient and clinical systems are working effectively

Some of this information is held centrally within the Trust, but where this is used for statistical purposes stringent measures are taken to ensure that individual service users cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including Universities and Research Institutions.

Where it is not possible to use anonymised information, personally identifiable information may be used for essential NHS purposes. They may include research and auditing services.

You have a choice about whether your confidential patient information is used for research and planning.  If you are happy with this use, you do not need to do anything.  If you choose to opt-out, your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt-out, please visit the Your NHS Data Matters website or call the national helpline on 0300 303 5678.  You can change your mind about your choice at any time. 

How we keep your records confidential and secure:

Everyone working for the NHS has a legal duty to keep information about you confidential and secure.

We keep your information safe and secure and comply with industry standards, such as, Cyber Security Essential and the Data Security and Protection Toolkit (DSPT).

You may be receiving care from other organisations as well as the NHS e.g. Social Services and the Voluntary Sector. We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. When we pass on any information, we will ensure it is kept confidential and secure.

We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional, as defined under Data Protection. Occasions when we must pass on information include:

  • Notification of births and deaths
  • Where we encounter infectious diseases, which may endanger the safety of others such as meningitis or measles
  • Child Protection cases
  • Where a formal court order has been issued
  • Benefits Agency cases
  • National Treatment Agency for Substance Misuse to monitor the availability, capacity, and effectiveness of treatment for drug misuse in England 

Retention Periods

We follow the Trust and the Department of Health (DOH) policies and guidance in regard to the retention periods of data and information that we hold.

DOH (NHSx) Records Management Code of Practice 2021 – NHSX

Who do we share your information with?

Everyone working within the NHS has a legal duty to keep information about you confidential and secure. Similarly, anyone who receives information from us has a legal duty to keep it confidential and secure.

We will share information with the following main partner organisations:

  • Other NHS Trusts, hospitals that are involved in your care
  • Clinical Commissioning Groups and other NHS bodies
  • General Practitioners (GPs)
  • Ambulance Trusts

You may be receiving care from other service providers as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it as part of your care or we have your permission. Therefore, we may also share your information with:

  • Social Care Services
  • Education Services
  • Local Authorities
  • Voluntary and private sector providers working with the NHS
  • Police in emergency situations

All Trust servers are based in the UK, however, if we do transfer your personal information outside the UK, we will make sure that it is protected to the same extent as it would be within the UK. 

What are your data protection rights?

You have a right to have your privacy respected and your data protected. The new law gives you easier access to the personal information we hold about your if you wish to check or change it. Its is designed to give you confidence that this information is accurate, up to date and well managed.

Your rights are listed below.

  • The right to request access to information we hold about you (https://eput.nhs.uk/contact-us/your-health-records-information/)
  • The right to be informed about how we collect and process the information we hold about you
  • The right to have your information rectified if the information we hold about you is not correct
  • The right to request erasure of the information we hold about you that falls outside our legal basis
  • The right to restrict processing which gives you an alternative to the erasure of the information we hold about you. This means we can hold the information, but we cannot use it or share it with external organisations.
  • The right to object to the use of your information for reasons other than to provide you with care.