How we collect and use your information

At Moorfields Eye Hospital NHS Foundation Trust (‘Moorfields’, ‘us’ or ‘we’), we are committed to protecting your privacy. Please read this Privacy Notice to find out how we use your information and what your rights are. This notice applies to personal data provided to us, both by individuals themselves or by third parties. We process your personal information lawfully, fairly and transparently, and only where we have a lawful basis to do so.

What we do

Moorfields Eye Hospital NHS Foundation Trust is the leading provider of eye health services in the UK and a world-class centre of excellence for ophthalmic research and education. We have a reputation, developed over two centuries, for providing the highest quality of ophthalmic care. Our 2,300 staff are committed to sustaining and building on our pioneering legacy and ensuring we remain at the cutting edge of developments in ophthalmology.

How we use your information

It would not be appropriate to rely on consent as a legal basis for processing your information in order to provide you with direct care.  This is because it is necessary for us to use your personal information in order to provide you with safe and effective care, as a public healthcare provider.  We are also obliged by law to record details of the care and treatment we provide to you.  We cannot do this without your personal information, therefore it would not be appropriate to rely on your consent.  For this reason, instead of consent, we rely on specific provisions under the law, such as ‘in the exercise of official authority vested in the controller’, under a ‘legal obligation,’ or as ‘a task carried out in the public interest.’

This means we use your personal information to provide you with your direct care without seeking your consent. However, you do have the right to object to our use of your information.  We will consider your objection but if we comply with your wishes we will explain how this could have an impact on our ability to provide you with care.  It also means that you do not have the right to be forgotten as we are legally obliged to keep your information, and do so under the Records Management Code of Practice for Health and Social Care 2016.

Using your record for your care

Your personal health record, which includes your name, address and date of birth, will be used to:

  • Make sure that  decisions about  your care and treatment are always based on accurate, up-to-date information
  • Sharing information with other NHS organisations or social care providers where there is a lawful requirement to do so, for example your GP, other NHS hospitals and local Authorities
  • Investigate any concerns or complaints raised by you or your familyMeasure the outcomes of your treatment and ensure the service/care provided to you is excellent.however we will use minimal amount of personal information for this purpose
  • Incidents
  • Public bodies such as NHS Digital, Commissioners, Public Health England but only where there is a legal requirement to share personal information

Using it for other purposes:

Most of your information we process will be for direct healthcare purposes; however, there are other important reasons that we may need to process your personal information. For example:

  • As a public healthcare provider to conduct health and social care research under the UK Policy Framework for Health and Social Care Research (please note that any published data is anonymised).
  • As a world-class centre of excellence in ophthalmic education, we may use your information including images, but any information used is anonymised otherwise we would seek your consent.
  • Unless we are under a legal obligation, where information is to be used beyond direct care purposes we would make you aware of the processing and seek your consent to use your information. 
  • We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or where there is another lawful basis for processing. 

We will only use enough of your personal information that is relevant and necessary for us to carry out various tasks within the delivery of your care or for other lawful reasons.

We will keep your information accurate and up to date when using it and, if it is found to be wrong, we will make it right, where appropriate, as soon as we can.  However, where it is part of your health record, we are obliged to keep records of any changes, and so the incorrect information may not be erased, but instead would be crossed out with the correct information entered with a note..

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.  You can find details of how long we keep information for in the  Records Management Code of Practice for Health and Social Care 2016.

Protecting your privacy

Your health records are confidential.  Your privacy is protected under the:

  • Common law duty of confidentiality
  • General Data Protection Regulations 2016
  • Data Protection Act 2018
  • Human Rights Act 1998

Everyone who works for the NHS has a legal duty to maintain the highest level of confidentiality.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We have secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How you can help us to keep your health record up to date

  • Let us know when you change address or name
  • Keep a note of your unique NHS number
  • Tell us if any information in your record is incorrect
  • Tell us if you change your mind about how we share the information in your record
  • Don’t let anyone – insurers, mortgage lenders, employers, solicitors – look at your records unless you are sure it is necessary for your purposes

Accessing your health record

To see a copy of your health record, or for further information about our records system, please contact our health records manager as follows:

  • In writing:  Health records department, Moorfields Eye Hospital NHS Foundation Trust, City Road, London EC1V 2PD
  • By telephone: 020 7566 2200
  • By email: recordsrequest@moorfields.nhs.uk

If at any point you believe the information we process on you is factually incorrect you can request to see this information and even have it corrected or deleted.  However, rather than delete information in your health record, we are usually obliged to cross it out and add the correct information with a note on to the record.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate and respond to your concerns.

How long we keep your information for

We are required under UK legislation to keep your information for the full retention periods as specified by the NHS Records Management Code of Practice for Health and Social Care.

More information on records retention can be found online at https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016

Your rights

Under certain circumstances, you have rights under data protection legislation in relation to your personal information. These rights include:

  • Requesting access to your personal information. – You are able to apply for a copy of personal information held about you free of charge. This process is called a subject access request
  • Requesting correction of your personal information – This would apply if factual information held such as name, address or health information was incorrect. In this instance we usually be obliged to cross it out and add the correct information with a note on to the record.  We would consider any requests regarding any professional opinions that may be in your records; however, we are not legally obliged to change them, but may enter a note on your comments.,
  • Requesting erasure of your personal information – The right may apply if the information was no longer needed for your healthcare or it had been kept for longer than set out in the NHS Records Management Code of Practice, unless there is an overriding legal obligation for us to keep it.
  • Objecting to processing of your personal information – You can object to us processing your information if there was no overriding legal reason for us to do so.
  • Requesting restriction of processing your personal information – You can request to restrict processing of some of the information held about you in certain circumstances, such as instances where you believe it would cause you distress. Where this is the case we will discuss with you how the restriction this may have an impact your ongoing care .
  • Requesting transfer of your personal information – This right would generally not apply for health related information as this information would be shared as part of ongoing direct care with another provider
  • Right to withdraw consent – You can opt-out of activities where the basis of us using your information is  consent such as marketing or research,

If you wish to exercise your rights in relation to the above please contact the Trust’s Data Protection Officer, contact details are provided below.

How the NHS and care services use your information

Moorfields Eye Hospital NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected to help ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatment and preventing illness. All of these help to provide better health and care for you, your family and future generations. Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

You have a choice about whether you want your confidential patient information to be used in this way.

To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, visit https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/. If you do choose to opt out you can still consent to your data being used for specific purposes.

If you are happy with this use of information you do not need to do anything. You can change your choice at any time.

Moorfields’ contact details

The trust has Data Protection Officer, who is a dedicated individual responsible for data protection who can be contacted as follows:

Data Protection Officer
Information Governance Department
Moorfields Eye Hospital NHS Foundation Trust
162 City Road
London
EC1V 2PD

Email: moorfields.ig@nhs.net

Tel: 020 7253 3411

Complaints

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) as follows:-

  • In writing:  Information Commissioner’s Office, Wycliffe House, Cheshire SK9 5AF
  • By telephone: 08456 30 60 60
  • Online: www.ico.org.uk