Our commitment to your privacy
NHS Dorset recognises the importance of protecting personal and confidential information in all that we do and takes care to meet our legal duties under Data Protection Law. NHS Dorset puts in place all reasonable technical, security and procedural controls required to protect your personal information for the whole of its life, in whatever format we hold that information in.
How do we keep your information confidential and secure
Within the health sector, we have to follow the Common Law Duty of Confidentiality, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. The NHS Care Record Guarantee and the NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.
Everyone working in, or for, NHS Dorset must use personal information in a secure and confidential way. We are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All NHS Dorset staff, contractors and Governing Body members are mandated to attend annual training to ensure they are aware of their personal responsibilities and contractual obligations to uphold confidentiality. This is monitored by NHS Dorset and can be enforced through disciplinary procedures. We ensure that any external companies who support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We also ensure that the information we hold is kept in secure locations and restrict access to information to authorised personnel only. We use administrative and technical controls to do this. We protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). We use strict controls to ensure that only authorised staff can see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis. NHS Dorset has a Chief Officer responsible for protecting the confidentiality of patient information, called the Caldicott Guardian. This role is carried out by the Chief Medical Officer, who can be contacted by emailing: dataprotection.requests@nhsdorset.nhs.uk or by telephoning 01305 368900.
How the law protects you
Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it outside of NHS Dorset. The reasons why NHS Dorset may process your personal information are:
Sending personal information outside of the UK
If we transfer information outside of the UK, we will ensure that appropriate safeguards are in place. We will only send your personal information to countries outside of the UK to:
We will always use one or more of these safeguards:
How long we keep your personal information
We will only keep your personal information in accordance with the national guidance from the Department of Health set out in the Records Management Code of Practice for Health and Social Care 2021.