Information Governance

Privacy Statements

Access to health records

You have a right of access to information held about you. We will require proof of identity in order to avoid any breach of confidentiality and if someone makes the application other than the patient, we will need proof that he or she is entitled to make the application.

Freedom of Information

The Freedom of Information (FOI) Act gives the public a general right of access to the corporate, non-personal, information held by the Trust, subject to exemptions.

Caldicott Guardian

A Caldicott Guardian is a senior person within a health or social care organisation who makes sure that the personal information about those who use its services is used legally, ethically and appropriately, and that confidentiality is maintained. Caldicott Guardians provide leadership and informed guidance on complex matters involving confidentiality and information sharing.

The Trust’s Caldicott Guardian is Dr Jugnu Mahajan, Medical Director.

01704 704765 | j.mahajan@nhs.net

Data Protection Officer

Health and social care organisations that are public authorities must appoint a Data Protection Officer (DPO).

The Trust must have procedures in place to make sure that the DPO is consulted on all data protection matters at an early stage (as part of privacy by design and default).

The Trust must ensure that the DPO role is independent, free from conflict of interest and reports directly to the highest management level of the organisation – there are specific roles that the DPO cannot perform in conjunction with this new role.

The DPO must have expert knowledge of data protection law and practices and the ability to acquire detailed understanding of the organisation’s business, the purposes for which it processes, or intends to process personal data. The DPO’s responsibilities include:

The Trust’s Data Protection Officer is Audley Charles, Company Secretary.

01704 704769 | a.charles1@nhs.net

Senior Information Risk Owner

The Senior Information Risk Owner (SIRO) should be an Executive Director or other senior member of the board (or equivalent senior management group/committee).

The SIRO may also be the Chief Information Officer (CIO) if the latter is on the board but should not be the Caldicott Guardian, as the SIRO should be part of the organisation's management hierarchy rather than being in an advisory role. The key responsibilities of the SIRO are to:

The Trust’s Senior Information Risk Owner Steve Shanahan, Director of Finance.

01704 704771 | steve.shanahan@nhs.net