• HCA supports audit projects including
national disease databases intended to
evaluate the health of the nation and the
quality of related care.
• HCA supports ethically approved
research projects which measure the
long-term effectiveness of treatment.
There will be a specific consent form for
contribution to any research projects.
• You may be receiving care from other
people as well as employees of HCA
hospitals. So that we can all work
together for your benefit, we may need
to share some information about you
with those people. Such people or
organisations may wish to send your
information to companies/individuals
outside the European Economic Area to
support subsequent care.
• We may also share information with
third parties who are responsible for
your treatment expenses, for example
your insurance company.
• Whenever we can, we shall remove
details that identify you
• We will provide the minimum
information needed to achieve the
• We will use some of this information for
other reasons, e.g.
- to plan for the future,
- to see that the hospital runs legally
and effectively and can account for
- to make sure we can pay the staff who
look after you and for the facilities
needed for your care.
• Sometimes the law requires us to pass
on information, for example to notify
• The sharing of some types of very
sensitive personal information is strictly
controlled by law.
• You have a right of access to your health
records under the Access to Health
Records Act as well as DPA98.
• For more information, you may like to
consult the Information Commissioner’s
Access to Non-Medical Information
Access to non-medical information
may be granted to others by HCA or
your insurer (if applicable) on a strictly
confidential basis in the course of and for
the purpose of efficient administration, for
example audit, financial management and
credit control and managing or improving
our services. This access may be given to
any person or organisation involved in
billing, processing, payment or collection
of accounts or the provision of credit
referencing. In some instances we are
obliged by law to disclose information
for example where it will assist in
investigations into fraud, or notification
of births and deaths.
Some pieces of information, for example
religious beliefs and mental health, are
termed “sensitive data” under the Data
Protection Act 1998. In general we do
not record “sensitive data” unless it is
directly relevant to your condition and
its treatment. In such cases, we will ask
your permission to hold this information.
If we have to share this information with
non-HCA health professionals to enable
your care, we will ask your permission
before disclosing this information to any
CCTV, Video and Telephone Call
HCA uses CCTV at some sites for security
purposes only and areas monitored by
CCTV are signposted. If photographs are
taken during your admission, operation or
treatment, a separate consent form will be
given to you for your signature. Your call
to service departments within our facilities
may be recorded for training purposes.
Retention, Storage and Destruction
Information about you is stored in a
confidential manner whether it is in
manual or computerised form and it will
be kept for the specific retention periods
outlined by the relevant professional
bodies. Destruction of data, either manual
or digital is undertaken using documented
procedures with an audit trail of activity
Identifying You as an Individual
It is of vital importance that all patients
are properly identified as individuals. This
allows us to collate your various visits and
treatment in the same discrete medical
record. We have many patients with
In order to be absolutely sure that you have
been correctly identified we ask for at least
three pieces of information about you.
Suitable items include:
• Full name
• Date of birth
• NHS number
• National Insurance number
• Passport number