Skip to main content

Privacy Policy

Royal Berkshire NHS Foundation Trust takes data protection and compliance of confidentiality extremely seriously and this notice explains how we as trust are compliant with the Data Protection Act 1998 and the new General Data Protection Regulation (GDPR) which will be introduced by 25th May 2018.

Royal Berkshire NHS Foundation Trust collects information about you when you are referred by your GP for treatment and during your clinical consultation. We also collect information when you voluntarily complete customer surveys, provide feedback and speak to a member of our team.

As a healthcare provider we need to hold information about our patients to help ensure that they receive proper, necessary and effective treatment. We firmly believe that information should be held securely and should only be available on a ‘need to know’ basis. The information includes:

  • your full name, date of birth, address, phone number, email address
  • your next of kind contact details
  • medical test results, symptoms, and diagnoses
  • details of contact we have had with you, such as referrals
  • details of the services you have received
  • patient experience feedback and treatment outcome information you provide
  • notes and reports about your health and any treatment you have received or need, including clinic and operational visits and medicines administered.

The information we hold about you helps us to:

  • provide a good basis for all health decisions made by you and your healthcare professional
  • make sure your care is safe and effective
  • work effectively with others providing you with care

We may also use your information to:

  • analyse how visitors use our website to improve services;
  • assess the quality of care we give you
  • protect the health of the general public
  • monitor NHS spending
  • manage health services
  • The Trust shares data to support research opportunities that improved patient outcomes. This is anonymised data only.
  • help investigate any concerns or complaints you or your family have about your healthcare
  • report infectious diseases
  • help with accounts and auditing
  • secure clinical funding from your GP and the Clinical Commisioning Group
  • report fraudulent claims for NHS treatment.

Our duties

The GDPR ensures that the Trust controls and processes personal data and we have a duty to:

  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • accurate and, where necessary, kept up to date
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Accordingly we have a duty to:

  • maintain a full accurate record of the care we give you
  • keep records about you confidential, secure, accurate and accessible
  • follow UK law and dispose of your information confidentially when it is no longer needed
  • give you copies of your healthcare information in an easy to understand format (in a large type if you are partially sighted) and a list of medical abbreviations we use.

How and why is your information shared?

Here at Royal Berkshire NHS Foundation Trust we take your privacy seriously and will only use your personal information when caring for you and to give you any products and services you have asked for.

The Trust will not disclose any information about you other than in exceptional circumstances where we are required to do so by law.

You can also get further information on:

  • agreements we have with other organisations for sharing information
  • circumstances where we can pass on personal data without consent for example to prevent and detect crime and to produce anonymised and pseudonymised statistical information to improve NHS services
  • our instructions to staff on how to collect, use and delete personal data
  • how we check that the information we hold is accurate and up to date.

If you are a patient seeking routine treatment and you live outside of the NHS England boarders, the Trust is required to contact your local GP practice and Local Health Board (LHB) or the National Specialised Services team responsible for your area to obtain authorisation prior to commencing your treatment. If you are planning to move outside the NHS England borders please can you confirm your new address and GP Practice with the Trust as soon as possible to ensure a continuation of care.

On occasion it may be necessary for the Trust to contact you directly about your provision of care as we will be working on your behalf to ensure that the continuity of care is not adversely affected.

Who do we share your information with?

The Trust uses approved specialist companies which are accredited to provide any diagnostic tests or services you might need; for example, genetic testing and specialist tests.

We work closely with many organisations in order to provide you with the best possible care. This means that with your consent, and when it is beneficial to your health or in your vital interests, your information will be shared with organisations including:

  • the Berkshire Connected Care group of healthcare providers, and more detail can be found at the following link
  • your GP practice
  • other hospitals and community organisations providing care services
  • Clinical commissioning groups responsible for the management of your local NHS budget
  • specialist companies providing diagnostic and testing services you might need; for example, blood test, X-ray, and ultrasound scans.

Health professionals should share information in the best interests of their patients. This means that where necessary we will also share your health information with other health care providers/professionals involved in your care.

Do I have a choice about who accesses my medical record?

The Trust uses a secure electronic patient record system which enables GPs to refer you here.

Our system is also used by other GP practices, child health services, community services, hospitals, out-of-hours services, palliative care services and many more. This means your information can be shared with other clinicians so that everyone caring for you is fully informed about your medical history, including medication and allergies. We will seek your consent before sharing your medical information.

Sharing out: This controls whether your information stored by us can be shared with your GP

Sharing In: This controls whether information in your medical record held by your GP can be viewed by staff on a need to know basis

Security and performance

Royal Berkshire NHS Foundation Trust is registered with the Information Commissioner’s Office which is the regulator for data protection and privacy and electronic communications. Our registration number is: Z7044786.

We are committed to keeping your personal information secure.

We have put in place physical, electronic and operational procedures to safeguard and secure the information we collect. All our employees and partner organisations are legally bound to respect your privacy and the confidentiality of your information. Access to your information is strictly controlled and only accessible to employees on a need to know basis.

The Royal Berkshire NHS Foundation Trust is registered with the Department of Health (DOH) and our security and confidentiality compliance is assessed by the completion of the Information Governance (IG) Toolkit. This is an online system which allows organisations’ information security, data protection, and confidentiality processes and procedures to be assessed against national standards required by NHS Digital and the Care Quality Commission.

Updating this privacy notice

We will review and update this notice regularly in line with guidance issued by the privacy regulator, the Department of Health and NHS Digital.

Accessing information

If you would like to receive a copy of your medical records, report a concern or inaccuracy within your record or would like to restrict who your medical data is shared with, please speak to your clinician or contact any of the people listed below. They will be happy to help:


Mrs Caroline Lynch

Data Protection Officer
Trust Secretary
Corporate Directorate
Royal Berkshire NHS Foundation Trust
Craven Road
Tel: 0118 322 5335

Mr Clive Wewerka

Health Records Manager
Corporate Directorate
Royal Berkshire NHS Foundation Trust
Craven Road
Tel: 0118 322 8163

Dr Janet Lippett

Caldicott Guardian
Chief Medical Officer
Tel: 0118 322 7445

Nicky Lloyd

Senior Information Risk Owner
Chief Finance Officer & Senior Information Risk Owner
Tel: 0118 322 6904

Back to top