Data Protection and Medical Records Request

close-up-female-hands-typing-stylish-laptop-modern-interior-work-online-laptop.jpg

Protecting your Personal Information

 

How do you protect my personal information?

NHS Scotland cares about your personal data and it is important that you know how we use it and keep it safe. We use a computer system to support sexual health and HIV clinics in Scotland, called ‘NaSH’. You may be asked to complete a registration form or complete the registration process with one of our call handlers, so we can create an electronic record using your personal details. Some people may register directly through our on-line booking site. We prefer to download your name and address details electronically, using your NHS Scotland number (CHI number), as this saves time and reduces errors. The registration process will record your permission to use CHI. You can also choose to use an assumed (‘made-up’) name and not use your CHI number but please be aware that we would not be able to refer you for any x-ray investigations or communicate with your GP or other health professionals under an assumed name.

If you are attending a sexual health clinic you will usually be assigned a sexual health clinic number called a ‘NaSH number’ which starts with ‘AN’ (e.g. AN012345678). Please keep this number safe as it may be required to access your test results. You can use this number to access care in any specialist sexual health clinic in NHS Scotland.

We are committed to protecting your privacy. We will only process personal confidential data in accordance with the Data Protection Act 2018.

 

Who can access the NaSH system and my personal information?

The NaSH system can only be accessed by staff working under the oversight of specialist sexual health and HIV services in Scotland. They have a legal duty to keep information about you confidential. No other staff in the NHS, either in hospital, community or GP practices can see your NaSH record.

At the time of registration, if we note that you have already accessed care elsewhere in Scotland with a NaSH record, you have the choice of simply continuing with the same record in our health board or creating a new record.

All of our staff receive Information Governance training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

 

How is my information used?

The personal information you give us is extremely sensitive. This is why we have a separate computer system for specialist sexual health services and to support HIV care in Scotland. Your information is used to help us provide you with the best care and treatment, for example offering you appropriate vaccinations and tests or recording contraceptive procedures. Only people directly involved in providing or supervising your care can see your record.

We also process data from NaSH to generate management information reports, such as the number of patients attending a particular service, receiving certain medicines or undergoing procedures. For HIV services this might include outcomes of antiretroviral treatment or numbers having specific health needs. Local Health Boards and Public Health Scotland (PHS) use this information for the administration and improvement of services, and to protect and improve public health. A link to the PHS Privacy Statement can be found here.

Finally, we may invite you to take part in research. You may then agree to share part of your record with the researchers involved, but only with your specific consent.

 

Would you share my clinical information without my consent?

Information may be disclosed without your consent where there is a legitimate interest in accordance with the Data Protection Act 2018. This can include:

· Where there is a legal requirement

· Where a child or vulnerable adult may be in need of protection or is at risk of harm

· To aid the police in the prevention or detection of a serious crime

Where appropriate we would contact you to inform you that your information had been shared and with whom.

 

Can I access my information on NaSH?

Yes - you have a right to access any information held about you and we would be happy to provide the necessary information from your electronic record on request and free of charge. Under the Data Protection Act 2018, you have a right to know who holds personal information about you.

Within Health Boards, this person or organisation is called the Data Controller, and for this purpose in NHS Grampian, the request should be made to the Information Governance Department via email gram.infogovernance@nhs.scot or phone 01224 551549.

 

Further Information

Each NHS Health Board has Caldicott Guardians and Data Protection Officers who are responsible for protecting the confidentiality of service users and their information and enabling appropriate and lawful information sharing. If you are unhappy with the way in which we use your personal information, you can contact your local data protection officer: Information Governance Department via email gram.infogovernance@nhs.scot or phone 01224 551549.

You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk.

 

Further information about how NHS Scotland protects data confidentiality is available here: https://nhsnss.org/how-nss-works/data-protection/ and www.nhsinform.scot.

Published: 12/09/2024 11:29