This guide explains what information is collected about you, why it is collected and the ways it is used. West London Mental Health NHS Trust recognises how important it is that you are fully aware of the information we collect and hold about you as well as how we share that information. To ensure that your information is kept confidential and that our data is kept safe and secure, all our staff are given training in data protection and information governance before they start work with us. Current staff must also undertake regular refresher training courses tailored to their individual roles.

In order to provide a healthcare service, we need to collect and use personal information for a range of purposes.  Primarily, we collect data for healthcare and administration purposes.  There are some cases where it is necessary and a legal requirement to process personal information even without the consent of the individual whom the information relates to. If we do not have accurate, up to date information, this may impact on the services (such as effective treatment) that we provide.

Information we hold about you:

  • Your name, address, telephone number(s), date of birth and next of kin;
  • Details of each contact that we have had with you, including home visits and telephone consultations;
  • Records of your health and wellbeing, including reports from other health and care providers;
  • Details of your care and treatments, including test results and investigations that have been undertaken; and
  • Relevant information from people who care for you, including other health and care providers, carers and relatives.

This information is referred to as Personal Confidential Data and we are mandated to ensure that it is treated in confidence and with respect, using the data protection laws and the Caldicott Principles as our basis for managing your information.

How your records are used

Your records are used to guide healthcare professionals in the care you receive:

  • Your records help inform the decisions that we make about your care;
  • Your records may also be available if you see another doctor or other healthcare professionals. Also if you are referred to a specialist in another part of the NHS or health care system for the purposes of direct care;
  • Your records ensure that your treatment is safe and effective, including any advice that may be provided as part of your care;
  • Your records help us to conduct clinical audit to ensure we are providing a safe, high quality service;
  • Your records help us to thoroughly investigate any feedback or concerns you may have about contact with our services;
  • Your records help us to investigate complaints, legal claims and untoward events;
  • Your records help us to teach, train and monitor staff and their work (including providing staff and clinicians with anonymous feedback from patient surveys) to audit and improve our services and ensure they meet your needs;
  • Your records help us to prepare statistics on NHS performance;
  • Your records assist with health research and development;

Third parties we share information with

There are circumstances where we need to share information without your consent. For example:

  • when the health and safety of others (including members of staff) is at risk
  • to ensure we provide you with the correct care
  • to protect public health or
  • when the law requires information to be passed on
  • for the prevention or investigation of serious crime
  • under a court order
  • when sharing is in the public interest
  • where there are safeguarding concerns for vulnerable people.

Information may be withheld if it is believed it may cause serious harm or distress to you or to another person.

Sometimes it is necessary for us to share information with another organisation. For example, you may be receiving care from social services and we may need to share information about you so we can all work together for your benefit.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. Anyone who receives information from us is also under a legal duty to keep it confidential and secure.

We may also share your information with organisations such as:

  • NHS Trusts;
  • Community staff/district nurses;
  • The ambulance or other emergency services;
  • Other General Practitioners;
  • Child and adult safeguarding services e.g. MASH;
  • Social Services;
  • Local Authorities;
  • NHS 111;
  • Care Quality Commission and other regulated auditors e.g. the Information Commissioners Office; and
  • Public Health England

Your rights

You have the right to confidentiality under the General Data Regulations (GDPR), Data Protection Act 2018 (DPA), the Human Rights Act 1998 (HRA), the Health and Social Care Act 2012 (HSCA) as well as the common law duty of confidence. The Equality Act 2010 may also apply in some circumstances.

You have the right:

  • To be kept informed
  • To Apply for access to the information we hold about you;
  • To obtain a copy of your record in a permanent form; and
  • To have the information provided to you in a way you can understand
  • To have inaccurate information corrected;
  • To restrict processing of your information
  • To object to the processing of your information in certain circumstances

How do we keep your records confidential and secure?

All organisations providing care for the NHS or on its behalf must follow the same strict policies and controls as managed by the Department of Health’s Information Governance Framework.

The sharing of your information is strictly controlled. We will not pass on information about you to third parties without your permission unless there are exceptional circumstances, for example, where we are required to by law. In all cases, where personal information is shared, either with or without your consent, a record will be kept.

Our secure networks, internal and external IT safeguards, use of the national NHS smartcard system and audits all ensure we protect your right to privacy and confidentiality. We only keep your records for as long as we need to and are required to by law / national codes after which they are securely destroyed.

What guidance/legislation do we have to adhere to?

There are a number of pieces of legislation that organisations, and in particular, NHS organisations, must adhere to:

General Data Protection Regulations (GDPR)

The GDPR sets out 6 principles that must be adhered to when handling information:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only for as long as necessary for the purposes we have told you about.
  6. Kept securely.

Caldicott Principles

  1. Justify the purpose(s)
  2. Don’t use patient identifiable information unless it is necessary
  3. Use the minimum necessary patient-identifiable information
  4. Access to patient identifiable information should be on a strict need-to-know basis
  5. Everyone with access to patient identifiable information should be aware of their responsibilities
  6. Understand and comply with the law
  7. The duty to share information can be as important as the duty to protect patient confidentiality

To make a request for a copy of your medical record, please email:

Or write to:

Information Governance Team, West London Mental Health Trust, A block 1 Armstrong Way, Southall, UB2 4SD

You can also raise any issues with regards to the way your data is processed to our Data Protection Officer by emailing them at the following address: