Privacy Policy

This privacy notice explains how we process personal information. Find out about what information we collect, who it might be shared with and more.

How we look after your records

Everyone in the NHS has a legal duty to keep information about their patients confidential and secure. We take your confidentiality and data security very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) and any superseding Data Protection laws. 

What do we collect?

For us to look after patients, we must keep a record of their name, address, date of birth and family doctor.

We must record information about the medical condition, related tests and treatment, drugs which are given or operations. We may record information about illnesses of other family members, information from GP’s or other hospitals where treatment has been received

If you view your hospital appointments and are over the age of 16 via the NHS app, we share your data with NHS England, who operate the NHS App and provides this functionality, known as NHS Wayfinder services. For more information, see the NHS Wayfinder services privacy policy.

The Data Protection Act     

All personal information about patients is kept in the hospital patient record, or on the computer via our Electronic Patient Records systems. The Data Protection Act requires all the information to be kept safe and also gives all patients certain rights.

  • Patients, or their guardians, have the right to see the information which we keep.
  • All information is kept securely and only those who need it to help with treatment, have access to it.
  • We only pass on the information about our patients if the other person has a genuine need to know about or protect your health.
  • We only pass on the information which is needed and no more.
  • You have the right to ask for us to correct incorrect data.
  • The Data Controller is Birmingham Women’s and Children’s NHS Foundation Trust.

Each type of record is held for a certain amount of time before it is recognised as no longer being needed and can be confidentially destroyed. National time periods are shown in the Records Management Code of Practice for Health and Social Care 2016

Who might we share your information with?

We may have to share information with GP, other hospitals, social services or schools. Our patients may need care from other organisations who will need information from us in order that they can plan the best treatment.

We have to share information within the NHS to ensure that treatment is properly funded and carried out. The information may not identify individual patients and is usually to help plan future needs of the NHS to check that we are performing satisfactorily, or that a type of treatment is effective.

We also carry out reviews ourselves to help improve investigation and treatment, this is called Clinical Audit.

Some conditions or infectious diseases are required to be added to national registers. Sometimes this does require a patient’s name but if this is the case, we will tell you.

We may be required to pass on information from which patients can be identified without the patient’s (or their guardian’s) permission. This may be for emergency treatment of for official Health Service Statistics of if the law demands it.

We also need to share information with the Care Quality Commission (https://www.cqc.org.uk/about-us/our-policies/privacy-statement) which regulates healthcare providers.

We are a teaching hospital

Teaching and research are very important in the NHS and this hospital is a teaching hospital. We have a responsibility to the students’ universities and colleges to see that they are properly taught and supervised whilst they are with us.

  • Our patients have the opportunity to refuse to have any students take part in their treatment.
  • Part of the student’s training may involve reviewing some patient records and test results
  •  If any of our students or staff involved in any research project would like to use information about individual patients, the patient or their guardian will be informed.
  • Permission from the patient or their guardian will be asked for whenever it may be possible to identify any patient individually.

All students are fully aware that it is their duty to keep any information they use during their training confidential.

Some organisations process information for us

Some facilities at Birmingham Women’s and Children’s are operated in partnership with private contractors and information about our patients may be seen by their employees. Likewise, this may be the case as we are improving our systems and processes to provide greater efficiency and ultimately service user experience. These organisations are required to work to the same standards of confidentiality as all NHS employees, and we have agreements and contracts in place to ensure these standards are maintained.

You can request to opt out of sharing

You have the right to ask that we do not share your information. We may have a discussion with you regarding the effect on patient care if information is not shared. We have a duty to share where we feel we need to for the wellbeing of patients and may still share the information.

National data opt-out programme

Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments.

In May 2018, strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.

By 31 July 2022, all health and social care organisations are required to be compliant with the national data opt-out policy, where confidential patient information is used for research and planning purposes. NHS Digital and Public Health England are already compliant and are applying national data opt-outs. Birmingham Women’s and Children's will apply registered choices with effect from 1 August 2022.

You can choose whether your confidential patient information is used for research and planning. You can view or change your national data opt-out choice at any time by using the online service on the NHS website (https://www.nhs.uk/your-nhs-data-matters/)

If we have an incident or complaint     

Sometimes we need to use patient information to help us investigate incidents, complaint or legal claims. If a patient is identified, they or their guardian will be informed.

Sharing information to assess compliance with standards

The Care Quality Commission (CQC) monitors, inspects and regulates NHS services to make sure they meet fundamental standards of quality and safety. The CQC currently inspect NHS hospitals at least once a year against a set of agreed standards.

As part of the CQC’s inspection, the inspectors may look at a small number of patient notes, incident forms and complaints. The aim is to ensure that these documents are managed in accordance with appropriate policies and procedures.

More information about the CQC and the inspection process can be found on the CQC website (https://www.cqc.org.uk/)

Keeping your records up to date

Please help us to keep our information about you up to date by informing us if you change your address, GP or contact details.

How you can get access to your health record

Patients or their guardian(s) are entitled to apply for copies of their medical records. You can do this by contacting our Patient Admin Services on

0121 333 9714 or 0121 333 9705 or by email bwc.accesstohealthrecords@nhs.net.

Other contacts

Our Caldicott Guardian is responsible for ensuring information about you is used properly. If you have any concerns about the use of your information, please write to the Caldicott Guardian at the address below or by emailing bwc.caldicott@nhs.net

  • Caldicott Guardian: Birmingham Women’s and Children’s NHS Foundation Trust, Ladywood House, Steelhouse Lane, Birmingham, B4 6NH

Our statutory Data Protection Officer can be contacted at the address below or by emailing

bwc.informationgovernance@nhs.net

  • Data Protection Officer, Birmingham Women’s and Children’s NHS Foundation Trust, Ladywood House, Steelhouse Lane, Birmingham, B4 6NH