Your information – Your rights – What you need to know
This page explains why NHS Wales collects information about you and how this may be used.
Many organisations in the NHS such as, hospitals, GPs, Dentists, Opticians, and Community Pharmacists provide healthcare services to the people of Wales.
The people providing these services aim to provide you with the highest quality care. To do this they must keep records about your health and any treatment or care which they provide you. The NHS hold your information in a written or computer record, sometimes it is in both. These records help to guide and manage the care you receive.
This is to make sure that:
When we collect and use your personal information, we will ensure this is processed in accordance with at least one of the legal grounds available to us under data protection legislation. Where necessary, we may process your personal information either with your consent or where the law enables us to do so. For example, where we have a legal obligation as a public authority and/or in carrying out our functions or performing a task in the interests of the public.
You may receive care from organisations that are not part of NHS Wales, such as Social Services or private and voluntary health and social care providers. If so, there may be a need to share some information about you so that everyone involved in your treatment or care can work together for your benefit.
If you are a Welsh resident who has received treatment by an NHS care provider in England, your information will be shared back into NHS Wales in order to verify and combine with your information held in Wales. That information will be used by the Health Board/Trust to identify you and validate what care was provided.
NHS Wales handles your information in the strictest confidence whenever it is used. We will ensure that:
We will keep your personal information for as long as we need to, so that we are able to deliver our services and to make sure that we are providing you with the highest quality care. We will keep your information in line with our legal requirements and the law. When your information is no longer required, we will make sure it is disposed of in a secure manner.
From time to time, your information can help to run and improve the NHS in Wales by using it to:
If your information is used, whenever possible all personal information will be removed. Where this is not possible, rules and contracts are in place to ensure that patient information is safe and its use complies with the law.
Sometimes we have to use organisations outside of NHS Wales to provide information services, for example, for audit or computer system maintenance. Where this is the case, these outside organisations must meet strict NHS rules around the safety and security of your information.
Your information may be used to help protect and improve the health of other people, and to help create new services. This will always be in line with data protection laws.
Where necessary and to comply with the law, the people involved in your care may have to give personal information to certain organisations, for example if you have an infectious disease, which may endanger the safety of others (e.g. acute meningitis, whooping cough or measles).
Some services need information to support medical research and find out how diseases develop. This will make sure that:
Whenever possible your information will anonymised, where it is required to be identifiable, strict confidentiality rules will apply.
Data protection laws and
There are laws, which provide certain rights to individuals regarding the processing of their personal information. Within health these rights include, a right to:
Not all individual rights under data protection law are absolute. Where possible we will look to comply with any request from you, but we may need to hold or process your personal information in connection with one or more of our legal functions.
To follow up any of these rights please see the contact details on our website or speak to a Receptionist for further information.
The people providing these services aim to provide you with the highest quality care. To do this they must keep records about your health and any treatment or care they provide you.
They take their responsibility to look after your information very seriously. NHS Wales staff are under a legal duty to keep your information confidential, accurate and secure at all times, and are trained to handle your information correctly and to protect your privacy.
There may be a need to share your information with people and organisations within the NHS who are responsible for providing you with treatment and care. For example, your Dentist could share your information with a doctor in a hospital, so that they can provide you with further treatment or a hospital could share information about your medication following discharge, with your community Pharmacist for them to carry out a medication review.
Sometimes members of a care team, which may include people from organisations such as health, social care, or other care organisations, may need to share your information within the team to provide your care.
There may be occasions where we are required to use or share your information to help us to plan our services for patients and check how well we are doing when we provide you with treatment and care.
We will only share the minimum information needed at that time and only where the law allows us to share it. We will never sell your information.
Leaflets are available which give you more details about how we manage your information and the rights you have in respect of the personal information that we hold about you. A child friendly privacy notice can be found HERE
Please ask a member of staff for a copy or you can download the electronic version below.
If you have any concerns about the way your information is used you may wish to discuss these with the healthcare professional responsible for your care or our Data Protection Officer. Contact details for the Data Protection Officer for Cwm Taf Morgannwg University Health Board are:
Data Protection Officer
Cwm Taf Morgannwg University Health Board
Telephone: 01443 744800 and ask for the Data Protection Officer.