Patient privacy policy

Why we collect patient information

We keep health records to provide the best possible care. We retain patient information for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.

Health records may be stored in a paper or electronic format and may include the following information:

• name, address and date of birth 
• next of kin or named emergency contacts 
• appointments
• information about a patient’s health, care plan, treatment, and other relevant information to support the provision of health care

Health records are used to ensure:

• there is a documented record of care
• healthcare professionals have accurate and up-to-date information to support clinical decisions
• we can evaluate the care our patients have received 
• concerns, complaints, or incidents can be investigated

Patient confidentiality and information security

By Law everyone working for, or on behalf of, the NHS must respect patient confidentiality and keep information secure.

The computer systems we use are subject to strict access controls, and only staff involved in a patient’s care can access those records.

We will only share relevant patient health information and will always use the most secure method available.

Information sharing for individual care

Information about patients receiving care from one of our services using SystmOne (our electronic health record system), will be accessible to other Health and Care Providers within Sussex who are directly involved in the patient’s care.

For example: patient care may be provided through a multi-disciplinary care team. This may include people from external organisations. We will inform patients if this is the case. 

Sharing information between services ensures health and care providers have up-to-date information about a patient’s care and treatment.

Where we are sharing a full health record with other health and care professionals (such as another NHS organisation or the GP) involved in a patient’s care, this will be discussed with you. Other providers may also ask whether a patient would like Sussex Community NHS Foundation Trust (SCFT) Services to be able to view their health records when treating them.

Working with Sussex Health and Care

SCFT is a key part of Sussex Health and Care. Across Sussex, the NHS and Local Authorities are working together to improve health and care. We are involved in a number of key initiatives involving the use and sharing of information to improve patient care. The latest information is available on our website.

How patient information is used to help the NHS

Where information is required for reasons other than individual care, personally identifiable information will usually be removed.

Patient information is used to help the NHS in the following ways:

• reviewing our care provision
• teaching and training healthcare professionals
• conducting clinical audits
• creating data to look after the health and wellbeing of the general public
• planning services
• conducting health research and development
• working with health and care providers to improve patients' care journeys
• reporting our performance to the Department of Health and Social Care (DHSC), NHS England, and NHS Digital 
• supporting the funding of a patient's care
• collecting overseas visitor payments
• improving the management of health care services by collecting and analysing patient level costing information
• equality data is used to try and reduce healthcare inequalities in line with the Health and Social Care Act 2012, and the Equality Act 2010

We are legally required to provide data to NHS Digital to produce non-identifiable reports for monitoring national and local service standards, including efficiency, fairness and effectiveness, and to improve data quality. Patients have the right to Opt-out of their data being used in this way directly from NHS Digital.

Legal responsibilities

We have a public duty to care for our patients. This is our legal basis for processing patient health information under Data Protection Laws. These Laws and the Department of Health and Social Care (DH) allow personal data to be processed for healthcare treatment, and the management of healthcare systems and services. If we need to use a patient’s health information for any other reason, we will discuss this with our patients.

Data Protection Laws give patients the following rights regarding the health information that we hold:

• being informed why, where, and how we use patient data
• being able to ask for information to be corrected if it is  inaccurate or incomplete
• having patient data deleted where there is no need for us to continue processing it
• being able to object to how information is used
• requesting access to your own records

At times we have a legal duty to share patient data without consent. Some examples are:

• to protect children or vulnerable adults
• reporting serious crime to the police
• a court orders us to do so
• reporting events, such as: serious incidents, notification of infectious diseases, or birth notifications to the appropriate authorities

For queries on the use of health information for individual care, speak with your health professional. For queries on other uses of patient data, contact our Data Protection Officer on 01273 666 473 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it. 

Requesting to see a health record (Subject Access Request)

Under Data Protection Laws, patients have the right to request access to the information contained in their health record. Patients can ask a member of staff to make an appointment to view their health record.

Patients can request a copy of their health record. This request will need to be put in writing. A member of staff can help with this if necessary.

By Law we should provide copies of records within one month unless it is a complex request. We can withhold any parts of health records that, in our professional medical opinion, are likely to cause serious harm to the physical or mental health of the patient or any other person.