[Skip to content]

Royal Brompton & Harefield NHS Foundation Trust
For patients & carers
Search our Site

Patient support services

Your personal information

Fair Processing Notice – Data Protection Act 1998

This page provides you with information about how we use and manage the information we have about you, including how we share it with NHS and non-NHS organisations, and how we maintain confidentiality.

What is personal data?

Personal data is information that relates to a living individual who can be identified from that data.

Why we collect information about you 

Royal Brompton & Harefield NHS Foundation Trust keeps records about the health care and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us.

It helps you because:

  • accurate and up-to-date information assists us in providing you with the right care
  • full information is readily available if you see another doctor or are referred to a specialist or another part of the NHS.

It helps the NHS to:

  • prepare statistics on NHS performance
  • audit NHS Services
  • monitor how we spend public money
  • plan and manage the health service
  • teach and train healthcare professionals
  • conduct health research and development.

Data Protection Act 1998

The Data Protection Act 1998 governs the processing of personal data held on computer systems and in other formats. It restricts how we can use an individual’s data, and consists of eight Data Protection Principles that must be applied when processing personal data.

Organisations that process personal data must register as a 'data controller', and notify the Information Commissioner (ICO) why they need to process the data.

The Royal Brompton & Harefield NHS Foundation Trust is the data controller of personal information that is collected by the Trust to help us provide and manage healthcare to our patients.

Full details of all the purposes to which data may be put are listed at the ICO website. The Trust is registered with the Information Commissioner. The Trust registration number is Z2916978.

What kind of information does the Trust hold about you?

  • Name, address, date of birth, NHS Number and next of kin
  • Contacts we have had with you such as clinic visits
  • Details of diagnosis and treatment
  • Allergies and health conditions

How do we keep your records confidential?

Everyone working for the NHS is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised and consented to by the patient, unless there are other circumstances covered by the law.

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. This will be noted in your records.

The Trust shares data with a range of organisations. Wherever possible the information is anonymised. However, data may be shared with other organisations for the purposes of caring for a patient. In that case the data has to be identifiable to ensure that all parties are always clear exactly whose data is being used.

We may share your information for health purposes with other NHS organisations, eg health authorities, NHS Trusts, general practitioners (GPs), ambulance services and other NHS common services agencies such as primary care agencies.

Information sharing with non-NHS organisations

For your benefit, we may also need to share information from your health records with non-NHS organisations, from which you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.

We may also be asked to share basic information about you, such as your name and address, which does not include sensitive information from your health records. Generally, we would do this to assist them to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Fair Processing Notice, under the Data Protection Act.

Where patient information is shared with other non-NHS organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.

These non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the Police, voluntary sector providers and private sector providers.

Patient satisfaction

We may use your details to contact you with patient satisfaction surveys relating to services you have used. This is to improve the way we deliver healthcare to you, our patient.

Your right to withdraw consent for us to share your personal information

You have the right to refuse / withdraw consent to information sharing at any time.


The possible consequences will be fully explained to you and could include delays in receiving care.

Can I see my information?

Under the Data Protection Act 1998 a person may request access to information (with some exemptions) that is held about them by an organisation. This is known as the Right of Subject Access.

If you require access to your health records you must make a written request to either Royal Brompton Hospital or Harefield Hospital, depending on where you were seen:

Clinical records manager

Royal Brompton & Harefield NHS Foundation Trust

Sydney Street,
London SW3 6NP

Clinical records manager

Royal Brompton & Harefield NHS Foundation Trust

Hill End Road, Harefield,
Middlesex, UB9 6JH


The Trust can only provide access to information it holds. For example to see the records held by your GP you have to contact the surgery.


The Access to Health Records Act 1990 also allows access, in certain circumstances, to information that we hold on deceased patients.

How long do we retain your records?

All our records are destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained. We do not keep your records for longer than necessary.

All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.

Raising a concern

If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed,  please contact:

Patient Advice & Liaison Service (PALS)

Royal Brompton & Harefield NHS Trust

Sydney Street,



Tel: 020 7349 7715

Email: pals@rbht.nhs.uk

Additionally, you have a right to complain to the Information Commissioner if ever you are unsatisfied with the way the Trust has handled or shared your personal information:

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Tel: 0303 123 1113 (or 01625 545745 if you would prefer not to call an ‘03’ number, or +44 1625 545745 if calling from overseas)
Fax: 01625 524510

Further information

To learn more about how we use, manage and maintain confidentiality of your information, please speak to the health professionals concerned with your care, or contact:

Information governance manager

Britten wing

Royal Brompton & Harefield NHS Foundation Trust

Sydney Street

London SW3 6NP

Tel: 020 7351 2957

Email: ig@rbht.nhs.uk


Royal Brompton

Sydney Street,
London SW3 6NP
Tel: +44 (0)20 7352 8121