This is the Kingston Hospital NHS Foundation Trust Privacy Notice. It explains why information is collected about you and the ways in which this information may be used. You may also have heard about this booklet as the Fair Processing Notice or the Your Information leaflet. This booklet is written to inform you how the Trust is complying with the General Data Protection Regulations 2016 (GDPR), the Data Protection Act 2018 and the Access to Health Records Act 1990. It also explains how you can access or get copies of your information. Please note, we have published separate COVID Privacy Notices covering sharing of information during the pandemic.
Kingston Hospital NHS Foundation Trust is a medium sized district general hospital in Kingston upon Thames. We serve a population of approximately 350,000 people locally. We have some 350 beds and provide the following services:
We also provide outpatient or day-surgery facilities at a number of community locations. Please see our website for details.
The Trust is registered with the Information Commissioner’s Office, the UK’s Independent body set up to uphold information rights, including your rights on your information. Our registration number is Z7070123.
Our Caldicott Guardian (senior person who ensures that patient information is shared appropriately) is Dr Bill Oldfield. He is also our Chief Medical Officer. His contact details are William.Oldfield1@nhs.net tel 020 8934 2450.
Our Senior Information Risk Owner (SIRO – focal point for managing information risks and incidents) is Ms Yarlini Roberts, who is also our Chief Financial Officer. Her contact details are Yarlini.Roberts@nhs.net tel 020 8934 3528.
Our Data Protection Officer is Ms Janice Sorrell who is also Head of Information Governance and the Freedom of Information Lead. Her contact details are Janice.Sorrell@nhs.net tel 020 8934 5292.
For Patients
We ask you for information about yourself so that you can receive care and treatment. We keep this information, together with details of your care, because we legally have to under the Public Records Act 1950, and more importantly it may be needed if we see you again, and it allows continuity of care.
As data controllers under the GDPR we process personal data (under Article 6) and sensitive data which the GDPR terms as Special Categories (under article 9).
Personal data is defined as information relating to a living individual that can identify them. Examples include name, date of birth, NHS Number or a combination that can also identify an individual.
Special Categories are defined as: race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life and sexual orientation.
The legal basis for the Trust as a public authority for processing information for your individual care under GDPR is as follows:
Article 6
6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’
6(1)(d) ‘…necessary in order to protect the vital interests of the data subject or of another natural person’
and
Article 9
9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’
For safeguarding
9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by Union or Member State law..’
Our guiding principle is that we hold your records in strict confidence.
The Information we collect about you may include:
For Staff, Volunteers, Governors, Non-executive Directors and Job Applicants
The Trust keeps information on employees, volunteers and job applicants in connection with their work for the Trust or their application.
The legal basis for the Trust as a public authority for processing information for this under GDPR is as follows:
6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of employment…social protection law in so far as it is authorised by Union or Member State law..’
For individual contractors providing services to the Trust.
Article 6(1)(b) is necessary for a contract where the individual has a contract with the Trust or because the individual has asked the Trust to take specific steps before entering into a contract.
This information may include:
The Trust may collect this information in a variety of ways. For example, data might be collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, the trust may collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
Not a Patient or Staff? – for Visitors, Relatives, Friends, Next of Kin etc
It is possible that the Trust holds information on you as part of someone else’s record. Under GDPR you may still be entitled to receive a copy of this information, so long as it would not breach the confidentiality of the person whose records hold the information, or there is another reason not to provide it.
The legal basis for the Trust as a public authority for processing information for your data under GDPR is as follows:
6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’
What the GDPR/DPA terms mean:
Contract: the processing is necessary for a contract the individual has with the Trust, or because they have asked the Trust to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for the Trust to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Exercise of Official Authority: there are many Acts of Parliament which set out the responsibilities and authority of NHS bodies, such as Foundation Trusts of which Kingston Hospital is one. For instance, the Health and Social Care (Community Health and Standards) Act 2003 and the Health and Social Care Act 2012.
Public task: the processing is necessary for the Trust to perform a task in the public interest or for the Trusts official functions, and the task or function has a clear basis in law.
• Your doctor, nurse or any other healthcare professional involved in your care needs to have accurate and up-to-date information to assess your health.
• A record of any treatment or care you receive in hospital needs to be kept, in case you return for further treatment.
•This information is available should you have to see another doctor at Kingston Hospital, or receive treatment elsewhere in the NHS.
• Your records are a good basis for hospital staff to assess the type and quality of care you have received.
• Your concerns can be properly investigated if you need to complain.
• Review the care we provide for you and other patients, to ensure it is of the highest standard.
• helps to ensure sure our services can meet patients’ needs in the future.
• Teach and train healthcare professionals.
• Conduct health research and development.
• Make sure your hospital gets paid for your treatment.
• Audit NHS services and accounts.
• Prepare statistics on NHS performance.
• Investigate complaints, legal claims or untoward incidents.
Some of this information will also be held centrally by the NHS where it is used for statistical purposes in order to plan ahead. This is known as Secondary Use. Strict security measures are taken to ensure that individual patients cannot be identified.
Anonymous statistical information may also be passed to organisations with a legitimate interest in health care and its management, including universities, community safety units and research institutions.
Where it is not possible to use anonymous information, personally identifiable information may be used for essential NHS purposes such as research and auditing. This will only be done with your consent, unless the law permits the information to be passed on to improve public health or the research has been approved by the Confidentiality Advisory Group (CAG – a national body comprised of ethicists, data protection experts as well as lay people).
There are times when it may be necessary to be able to track back to the patient. In these cases the patient detail is replaced by a code and we keep the decode in the Trust. This is called pseudonymisation and is sometimes known as partial de-identification.
Everyone working for the NHS has a legal duty to keep information about you confidential.
You may receive care from other people as well as the NHS (like Social Services). We may need to share some information about you so that we can all work together for your benefit. We will only ever use, or pass on, information about you if others involved in your care have a genuine need for it such as our partner organisations which we have listed in this booklet.
All NHS organisations must comply with the NHS Care Records Guarantee. The document sets out the rules that govern how patient information is used in the NHS and what controls a patient can have over this.
We will not disclose your information to third parties outside health and social care without your consent unless there are exceptional circumstances. These may be in situations when the health and safety of others is at risk, or where the law permits information to be passed on. Anyone who receives information from us is also under a legal duty to keep it confidential.
We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional.
Occasions when we must pass on information include:
• Notification of new births.
• Where we encounter infectious diseases which may endanger the safety of others, such as meningitis, or measles (but not HIV/AIDS).
• Where a formal court order has been issued.
• Where a serious crime has been committed or a terrorist incident.
We have appointed a senior person, our Chief Medical Officer, as our Caldicott Guardian. The Caldicott Guardian is responsible for protecting the confidentiality of patients and enabling appropriate and lawful information sharing.
Further contact details of our Caldicott Guardian are as follows
Dr Bill Oldfield
Medical Director
Chief Executive’s Office
Kingston Hospital NHS Foundation Trust
Galsworthy Road
Kingston upon Thames
Surrey
KT2 7QB
Tel: 020 8934 2450
The principal partner organisations or people with which relevant information may be shared are:
In particular, we have strong links with tertiary and specialist hospitals such as St George’s University Hospitals NHS Foundation Trust, who provide lab testing, and The Royal Marsden NHS Foundation Trust who provide cancer services on the Kingston Hospital site in the Sir William Rous Unit. The Trust also jointly runs the South West London Elective Orthopaedic Centre (SWLEOC) at Epsom Hospital in partnership with St George’s University Hospitals NHS Foundation Trust, Croydon Health Services NHS Trust and Epsom and St Helier University Hospitals NHS Trust
Relevant information may also be shared with the organisations below. Where this is done it will be either to benefit your treatment plan or to help plan future services for others. Usually this is covered by a strict agreement describing how the information is to be used (a Purpose Specific Information Sharing Agreement).
Across the country, the Discharge to Assess (D2A) model began in March 2020. The intention of D2A has been to reduce unnecessary time spent in hospital for people who are medically able for discharge, and support more people to be discharged to their home.
Through embedding the D2A model and utilising the national discharge funding we are expecting improvements in the following areas:
To be able to achieve the above aims, high level coordination and collaboration across all services involved in a person’s care must occur. This needs to happen from the moment a person is admitted to hospital and continue during and following discharge.
The creation of the Transfer of Care Hub (ToCH) in December 2021 provides a system level (hybrid) team to ensure all relevant services are linked to enable the provision of personalised and coordinated care to best support each individual.
The first phase of implementation of the ToCH, targets the first stages of bringing system wide services together under the ToCH model. This focuses on building relationships; testing key functions of the ToCH and establishing procedures to achieve person-centred, timely and safe discharges for people identified as benefiting from discharge.
The initial members of the ToCH are representatives from:
The service is being overseen by the Single System Coordinator (employed by HRCH).
The ToCH is physically based in Kingston Hospital, and best practice will be for a representative from the above services to be present daily. However, given the current COVID working practices if a representative is not able to be present they will still be aboe to join on MS Reams or by telephone.
The ToCH functions as a co-ordinating centre linking all the relevant services for each individual person, so the most appropriate care and support can be provided. This enables: the right people to be involved at the right time, consistent and accurate communication between services, named practitioners providing support in identified roles, a clear plan for discharge and post-discharge support, and the person (and/or their carer) being at the centre of all decision making.
At the heart of the ToCH is a commitment to the “home first” principles:
“Home First principles recognise that every effort should be made to enable each individual to be able to recover, re-able, rehabilitate or die in their own home” (HM Government, 2020).
Processing and sharing of information is essential to the ToCH. This will occur at different stages of the patients journey from admission to discharge, and will continued in the community. It will occur in different contexts (e.g. Community Bed Meeting, ward round, or MDT (multi-disciplinary team) discussion within the ToCH). However, the focus of the data sharing is centralised around the patient and their care and support needs to enable a personalised, timely and safe discharge from hospital to ideally their home.
This will involve discussing information primarily between the patient (and/or their carers) relevant health and social care practitioners. Referrals may also be made to specific voluntary sector organisation (e.g. Age UK Richmond or Stay Well Kingston), but verbal consent will be sort prior to the referral.
In the initial stages of the project, health and social care practitioners will remain working on their own individual IT systems, and share information predominately verbally. However, they will also have access to Connecting Your Care (see below for more information), where shared information is available to view.
In the future work will be undertaken to enable access to Kingston Hospital System CRS.
Kingston Hospital NHS Foundation Trust and Hounslow and Richmond NHS Community Healthcare NHS Trust have entered into a partnership agreement to improve healthcare outcomes for local people. For more information please visit Better Together (hounslowkingstonandrichmondhealthcare.com)
The Summary Care Record (SCR) is a summary electronic patient record of national health services patient data held on a central secure database covering the whole of England. The purpose of the system is to make ‘essential’ patient data readily available anywhere the patient seeks treatment. The Trust does not feed any information into the system however staff that are treating you at the Trust may access the SCR to view your record with your consent or when it is in your vital interest.
Health and Social care organisations have improved the way we connect your care initially across South West London, now across the whole of London. Health and care professionals are now able to access your records from other health and care organisations when you need them to. This will make it quicker and easier for you when you visit your GP or hospital. Please note that the system is not based on consent but performance of our public task for medical and care purposes.
The London Care Record means that professionals involved in your care such as your GP, Hospital Doctors, Nurses and Social Workers and other care organisations will be able to immediately see important information about you through a secure system, to help them make the best decisions about your care, which could be lifesaving in emergency situations.
If you are happy for your information to be shared in this way, then you don’t need to do anything.
If you do not want your information to be shared through The London Care Record, you can raise a Right to Object to the organisation that holds the data you do not want shared. Please note that this is not an Absolute Right. You should write to the Data Protection Officer at each organisation you do not wish to share data, stating clearly the reason(s) why you do not want your data shared. At Kingston this is, Ms Janice Sorrell. Your right to object will be discussed by the SIRO, Caldicott Guardian, Data Protection Officer and the Clinician in Charge of your care to achieve a balance between Information Rights and Clinical Risk.
For more information please follow this link:-
Kingston Patient Portal and the NHS App
For Patients over 16 years, Kingston Patient Portal is a secure online system provided by Zesty for Kingston Hospital (the data controller) that allows you to look at information from your hospital record, view outpatient appointments, receive messages from your hospital care team and complete forms and questionnaires. It is available from your computer, tablet, or smartphone. It’s optional and if you don’t sign up we will continue to communicate with you by post and phone. If you do sign up, you will have the option to turn off paper appointment and clinic letters.
Please see https://kingstonhospital.nhs.uk/patient-portal/ for more information about the portal. Over 100,000 patients have already signed up as of April 2023!
From May 2023 you will also be able to access information from the portal through the NHS App. For more information on the NHS App
NHS login https://access.login.nhs.uk/privacy
e-RS (with secondary care appointments) https://digital.nhs.uk/services/e-referral-service/document-library/privacy-statement—nhs-e-referral-service
NHS App (with secondary care appointments) https://www.nhs.uk/nhs-app/nhs-app-legal-and-cookies/nhs-app-privacy-policy/privacy-policy/
The NHS App links to the Kingston Patient Portal and you may find it easier to first log in to the NHS App then “jump-off” into the Kingston Patient Portal.
South West London Radiology Picture Archiving and Communications System (PACS/RIS)
The main Radiology imaging Trusts in South West London have got together and procured a new South West London (SWL) Picture Archiving and Communications System (PACS) system and Radiology Information System (RIS).
The PACS is a computer system that stores clinical images such as X-Rays, MRI, CAT and Ultrasound scans and the RIS is a computer system that is used to manage the electronic radiology systems and processes.
Both systems allow staff, from any of the partner organisations, who are providing you with care, timely access to your diagnostic imaging and outcome information. As usual, only those involved in your care, or admin of care are allowed to access the information.
For more information please see https://www.epsom-sthelier.nhs.uk/your-information-and-what-you-should-know
NHS Digital has developed a system to support the national data opt-out which will give you more control over how your patient information is used. The system offers you the opportunity to make an informed choice about whether you wish your confidential patient information to be used just for your individual care and treatment or also used for research and planning purposes.
This new system was launched in May 2018. To find out more please follow this link – www.nhs.uk/your-nhs-data-matters
Better Impact – Volunteer Database
KHFT has over 300 volunteers and HRCH has similar ambitions. We keep information about volunteers – basic demographic information, recruitment, retention, communications and deployment, in a database called Better Impact. The information for each Trusts Volunteers is ringfenced so that only Volunteering Staff in each Trust can see the volunteers data of their Trust.
We are also required by law to report certain information to the appropriate authorities, for example notification of new births. We may also provide information regarding crimes to the police and where a court order has been received.
Whenever we share information with other organisations we will do this line with the Data Protection Act and the NHS Confidentiality Code of Practice (2003).
We share anonymous information with local authorities and the police for the purposes of crime mapping.
We do not share information, in the ways described above, regarding treatment you may have received in the specialities of sexually transmitted infections and human fertilisation and embryology (not withstanding any legal requirements imposed on the trust).
We need information about you in order to comply with our legal obligation, which is to ensure that the Trust is paid for any services it provides and to undertake any processing that will allow us to verify whether you are entitled to free NHS care. Our obligations are set out in the Department of Health & Social Care Guidance on implementing the overseas visitor charging regulations.
Whilst we receive information from you when you come into contact with us, we also receive information about you from other individuals or organisations, such as when you are referred for treatment or in response to questions relating to your eligibility for free NHS care. We also need enough information to be able to provide you with appropriate healthcare services.
Where it is necessary for discharging our obligations in this area, your personal information may be sent to the Home Office. The information provided may be used and retained by the Home Office for its own purposes, which include enforcing immigration controls overseas, at the ports of entry and within the UK. The Home Office may also share this information with other law enforcement and authorised debt recovery agencies for purposes including national security, investigation and prosecution of crime, and collection of fines and civil penalties
Kingston Hospital NHS Foundation Trust is required by law to protect the public
funds it administers. It may share information provided to it with other bodies
responsible for auditing or administering public funds, in order to prevent and detect
fraud. The following link will take you to the Privacy Notice of the National Counter Fraud Initiative which details the information which we may share and the legal basis for this.
Surgical Devices and Implants Register
From April 2021 it has been mandatory for all Health Care Organisations in England to submit data for procedures using class IIb and III surgical device and implants and alternative procedures, with the initial focus being Pelvic Floor procedures in direct support of recommendation 7 in the Cumberlege Report. Trust submission of details for all procedures using Class III or Class IIb implantable medical devices and details of comparable/alternative procedures within 10 days of the procedure taking place. Procedure details are to be captured in Theatre/as called by the Surgeon on the day. This information will inform the Pelvic Floor Registry and be used to inform timely and accurate Product recall by the MHRA.
All hospitals which provide private healthcare are required by law to send information to PHIN (Private Health Information Network) on each episode of care. PHIN publishes information about the activity and performance of hospitals providing private care. They do this in order to help people choose their care provider. This includes some personal data through they will not be able to identify you from this. Please see the PHIN Privacy Notice for further details –
The Department of Health & Social Care mandates all NHS Trusts to undertake clinical audits on care delivered to patients, which can be undertaken by clinical staff employed by us or by external audit companies. This could involve individuals who have not been involved with your direct care accessing your medical records. Further information on national clinical audit can be found by clicking on the link below.
https://www.england.nhs.uk/clinaudit/
We have an annual clinical audit programme which requires clinical staff to participate. Clinical staff consider patient medical records to review the care provided, and to identify ways in which the care could be improved in the future.
Undertaking research is an important element of providing healthcare. Clinical staff are actively encouraged to participate in research trials. The Trust’s Research and Development Department manages all research projects undertaken by us. Your participation in a research project will only take place with your explicit consent, or if the national Confidentiality Advisory Group (CAG) agrees that it should have special permission to undertake research without consent. The Trust occasionally works with other organisations e.g. universities and external organisations to pilot new ways of working, with the aim to provide improved and more efficient services to patients. Where the Trust undertakes this work you will be informed and be asked if you wish to participate.
In order to deal with issues raised by you or to process your complaint or legal claim, staff within our Legal Claims Department and Complaints Department will access your medical records and may share this information with other staff as well as external third parties where applicable, including our solicitors or NHS Resolution (formerly NHS Litigation Authority).
We take patient safety very seriously. If an incident occurs which was not expected we will investigate it, therefore the staff involved in your care, with support from the Trust’s Quality Governance Department, will access your medical records.
The Kingston Hospital Charity has set up their own Privacy Policy. Please follow this link – https://www.kingstonhospital.nhs.uk/get-involved/kingston-hospital-charity/about-us/privacy-policy.aspx
Kingston Hospital has a membership of more than 7,000 members from the local communities we serve. We need our local community to become members of our hospital and to support us and help shape the future of Kingston Hospital and the services we offer local people. Membership is free and it is completely up to individual members how involved they want to be.
Staff at Kingston Hospital are also automatically members unless they choose to opt-out.
A third party company manages the Trust’s Foundation Membership database. This third party company is bound by strict confidentiality agreements.
When you use our website or interact with our social media presence (e.g. Twitter, Instagram and Facebook) your data (e.g. comments, likes, reviews) may be visible to providers of social networking services and their users.
We suggest that you review the privacy and security settings of your social media accounts to ensure you understand how your data may be shared and used.
The Trust does not carry out automated decision making but will endeavour to identify people who may benefit from additional services (profiling) for example those who attend our emergency department frequently.
Appropriate staff, for example clinicians, would make the actual decisions based on the available information.
It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared where appropriate safeguards have been put in place to protect your information.
Any transfers made will be in full compliance with all aspects of current data protection legislation.
We retain health records for at least 8 years from the last date that we saw you at the Trust and until 25th birthday for children. For patients who have had cancer or blood transfusion your record is kept for 30 years after we have finished treating you.
These are the minimum times for which we keep information; we may keep it for longer if we believe doing so will be of benefit to you or we are not able to delete it, due to a technical issue for example.
We have a duty to:
Further details can be found in “The Records Management Code of Practice for Health and Social Care 21”. Even in this document it is not possible to detail every single component that would go into a health record or other record retained by the Trust and, in some instances, what information would not go into a record. For instance, some scan images cannot be taken off the machine they were recorded on and in these cases the report that is based on the image becomes part of the record. Please contact the Data Protection Officer if you have specific questions.
This means you have a right to be informed about the way we collect and use your data. This is why we are publishing this Privacy Notice.
This means you have the right to have inaccurate (incorrect or misleading as to any matter of fact) personal data corrected or completed.
This right is not absolute and only applies in certain circumstances.
It does not apply to Health Records which are legal documents under the Public Records Act 1950.
You can request either in writing or verbally to have your information erased. We will respond to your request within one month.
When does the right to erasure not apply?
If the processing is necessary for public health purposes in the public interest (eg protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
This means that you can request the processing of your data is blocked and your data stored separately.
You have the right to restrict the processing of your information in the following circumstances:
We may:
Once we have made a decision on the accuracy of the data, or whether our legitimate grounds override those of the individual, we may decide to lift the restriction. We will inform you before we lift the restriction.
This means that you can request a secure transfer of your data to another Data Controller.
The right to data portability only applies when:
This means that you have the right to object to the Trust processing your data where the processing is based on:
You must have an objection on “grounds relating to your particular situation”.
We will stop processing your information unless:
This means that in situations where you have given your explicit consent for your information to be processed you have the right to withdraw your explicit consent for the processing of your information. Please note that this does not apply to your individual care which is provided under other legal basis (please see previously).
You can withdraw your consent by informing the department / team that took your consent. You can do this in writing or verbally.
The fact that consent may be obtained for confidentiality purposes does not mean that consent must also be the lawful basis applied for the purposes of processing data in compliance with the GDPR. Well established national guidance on confidentiality remains applicable.
It should be noted that:
The Trust makes use of CCTV systems including body worn cameras for crime prevention in line with the Information Commissioners CCTV code of practice.
Please note that emails sent to us may not be secure in transit and that we cannot take any responsibility for the security of your email before it is received by the Trust. We may choose not to reply via email if we have concerns regarding confidentiality and/or security. Please also note that we may use email monitoring or blocking software.
Email is not a guaranteed delivery service – if your communication is important please confirm we have received it by other means.
You have a responsibility to ensure that any email you send to us is within the bounds of the law.
If you would like to know more about how we use your information or if, for any reason, you do not wish to have your information used in any of the ways described in this leaflet, then please speak to your health care professional.
You can also contact
Ms Janice Sorrell
Head of Information Governance / Data Protection Officer
Kingston Hospital NHS Foundation Trust
Galsworthy Road
Kingston upon Thames
Surrey
KT2 7QB
Tel: 020 8934 5292
If you feel that we have not adequately dealt with your query or complaint regarding how we process your information you can raise the issue with the Information Commissioner who is the supervisory authority for the United Kingdom (the Regulator) at the address below:
Information Commissioner’s Office
By phone: 0303 123 1113
By letter:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
By email casework@ico.org.uk
If you would like this leaflet in your own language, in large print, in Braille or audiotape, please call 020 8934 2003.
The General Data Protection Regulations (GDPR) / Data Protection Act 2018 allows you to find out what information is held about you on computer and in certain manual records, including your health records, personnel files (for staff) and other systems. This is known as the “Right of Subject Access”, a Subject Access Request. The Regulations say that the information should be provided within one month but we aim to provide the information within 28 calendar days or sooner if possible.
Although the GDPR does not require you to fill in a form, doing so will help the Trust in identifying the information you require and guide you in what proof of identity you need to provide. If you choose apply by letter we would ask you to be as clear as possible in stating the information you require and to provide the proofs of identity. We have provided forms at the end of this leaflet.
Please be as detailed as possible when requesting information, for instance stating date ranges, appointment types or specific letters.
For Patients
Before records are released we will seek the advice of the consultant in charge of the patient care to ensure that no information about an individual’s physical or mental health or condition will be released if it would be likely to cause harm to them or another person’s physical or mental health condition. We will also withhold information provided by third parties where we don’t have consent to release it or where the patient has made it clear that they did not want the information disclosed.
For Radiology images – X-rays, CT, MRI etc – we have introduced a new system called IEP to Anyone. This system uses email to send you a link to your images, and a pin number for secure access. Please provide an active email address for the link, and your mobile number to receive the pin. You will receive the pin via text massage once you have clicked the link in the email. If you do not have a mobile phone, please add a second email address so that you can receive the pin number. Please check your email (and spam) regularly for the email. You will have 14 days to download your images. You can also share your images once.
For Staff, Volunteers, Governors, Non-executive Directors and Job Applicants
For Others – Relatives, Carers, Friends or Visitors
Please enclose copies of two proofs of ID, one from each category:-
Category One:
Category Two:
Additional information may also be required:
For a parent guardian request for a child, please also provide copies of:
For a request regarding a deceased patient a copy of one of the following:
For a request from any person with a claim arising from the death of a person:
For Patients / deceases patients free
For Staff, Volunteers and Job Applicants free
For others (requests falling outside the above) free
UNLESS the request is
manifestly unfounded, excessive or repetitive
In which case the Trust can either
10p per side plus post and packaging
Or
We will write to let you know if either is the case and will try to work with you to reduce fees/scope of the request so that we can provide information.
Please send completed application form / letter of request plus copies of proof of ID and Address etc to:
khft.subjectaccessteam@nhs.net
khft.radiologyreception@nhs.net
khn-tr.wolvertoncentre@nhs.net
Director of People, via AskHR
Please note that the Trust can accept no liability for intercepted emails.
Complaints / Appeals: Mr Jo Farrar, Chief Executive Officer
All at:
Kingston Hospital NHS Foundation Trust
Galsworthy Road
Kingston Upon Thames
Surrey KT2 7QB
Should you remain unhappy after a complaint or appeal to the Chief Executive, you can apply to:
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
