Information governance

Privacy Notice - How we use your information

This privacy notice tells you what to expect when Barnet Enfield & Haringey Mental Health NHS Trust (the Trust) collects personal information. It applies to information we collect from people accessing our services.

The Data Protection Officer for the Trust is:
Sarah Wilkins

Tel: 07443 679073 

The Trust collects your personal information to ensure that you receive appropriate care and treatment and to meet certain statutory obligations. This information is kept, together with details of your care, because it may be needed if you require treatment again.

In accordance with Caldicott 2 – To Share or Not to Share, the Trust shares information if and when for example, child protection or safeguarding concerns have been raised

The Trust provides services into a range of criminal justice settings.  Your information may be shared with criminal justice agencies and other associated partners in order to ensure your safety whilst in those settings and to enable you to access the appropriate care and treatment.  This will always be in accordance with Data Protection legislation such as the General Data Protection Regulation.

The Trust and the police are working together planning the implementation of Serenity Integrated Mentoring (SIM) & High Intensity Network with the aim on reducing the number of people being detained by the police under the Section 136 of the Mental Health Act (MHA) in the community. Again, your information will only be shared in line with Data Protection Legislation, such as the General Data Protection Regulation (GDPR).

Ways in which your information may be used to help the NHS

  • Ensure services meet patient needs in the future
  • Investigate legal claims, complaints or untoward incidents
  • Monitor clinical practice
  • Provide anonymised statistics on the NHS performance and activity
  • Train and educate our staff
  • Audit accounts and services within the NHS
  • Research and development, to support the health of the general public

Your information may sometimes be disclosed as a requirement of the law, for example monitoring ethnicity.

Improving Services - The Trust aims to provide service users with the best possible care. We assess the effectiveness of the care we provide so we can continually improve. We do this by collecting information about your condition, the type of care you receive and the outcome of your treatment.

We collect data about our Community Services such as health visiting services, school nursing services and diabetes services, and data about you such as referrals, assessments, diagnoses, activities (for example, taking a blood pressure test) and, in some cases, your answers to questionnaires.

The data is securely sent to NHS Digital which is the central organisation that receives the same data from all publicly-funded Community Services across England. NHS Digital removes all identifying details and combines the data we send with the data sent by other care providers, forming the Community Services Data Set.

The data set is used to produce anonymised reports that show only summary numbers of, for instance, patients referred to different types of services. It is impossible to identify any individual patient in the reports, but the reports do help us to improve the care we provide to you and other patients. No information that could reveal your identity is used in national reports.

The benefits to you as a patient include:

  • Ensuring that Community Services are available to all patients in all areas by measuring the care that is being delivered.
  • Improved care, through monitoring progress to allow future services to be planned.
    Informing patients about the care offered at different hospitals.
  • Personalised and better organised care for through understanding what care is needed nationally, for example understanding how many patients who are discharged from hospitals then need looking after at home.

To get the most accurate picture and therefore get most benefit, data has to be collected from as many patients as possible.

If, however, you do not want your information to be used to help better manage and plan care provision, you do have the right to object.. This will not affect your treatment in any way. If you would like to find out more about how we use the information, including how to object, please speak to a member of staff or the Trust’s Data Protection Officer.

The Trust retain records in accordance with the Records Management Code of Practice for Health and Social Care 2016 applying the criteria stipulated in section 4 of the code (Retention schedules). For example the Trust are required to retain information held in a mental health record for a minimum of 20 years since the last contact in most cases. Children’s records are retained for a longer period of time.

Information Sharing - Your information may be disclosed to other non-NHS organisations who may be involved in your care, such as the Local Authority or Education services.  All NHS staff have a legal duty to maintain confidentiality. Non-NHS staff who have received information from us about you also have a legal duty to maintain confidentiality. The Trust would only share information about you when there is a justifiable reason to do so, and where an appropriate legal basis under data protection law has been identified, enabling us to work together for your benefit.

Legal Basis for Processing. In accordance with the law the Trust must have a legal basis for processing your information. For the delivery of health services and administration this will include the following conditions:

  • Art 6 (1) (e) Public Task, the processing is necessary for the Trust to perform a task in the public interest of for the Trust’s official functions, where the task has a clear basis in law.
  • Art 9 (2 ) (h) For the provision of health or social care or treatment or the management of health or social care systems and services
  • Health and Social Care Act 2015.

The NHS Constitution for England (revised 2013) The NHS Constitution sets out a series of patients' rights and NHS pledges. All NHS bodies are required by law to take account of the Constitution in their decisions and actions.  The rights and pledges include:

  • The right of access to your own health records and to have any factual inaccuracies corrected;
  • The right to be informed about how your information is used;
  • The right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis.  

How the NHS and care services use your information/National Data Opt-out

Barnet Enfield and Haringey NHS Trust is one of many organisations working in the health and care system to improve care for patients and the public

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: (which covers health and care research);  and (which covers how and why patient information is used, the safeguards and how decisions are made) You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is not currently compliant with the national data opt-out policy but are actively working with NHS Digital to ensure the Trust will be ready for the deadline next year. 

Keeping in touch

We will keep in touch with you using the contact details provided by you.  The ways we keep in touch include sending you correspondence by post, email, calling you on the telephone and sending you appointment reminders via text messaging. 

We will always use appropriate secure methods of transfer to protect your information.  It is very important that you let us know if any of your contact details change to avoid us sending your information to the wrong person.  Please inform your clinical team if you do not want to be contacted via text messaging.

The Protecting Your Information leaflet provides more details on how we use your information.

In addition to the NHS Constitution the General Data Protection Regulation (GDPR) provides the following rights for individuals

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

Not all of these rights apply at all times, there are some exceptions. Contact the Trust’s Data Protection Officer for more information, alternatively detailed guidance relating to individuals rights can be found on the Information Commissioners website.

Data Protection by Design

The Trust carry out data protection impact assessments in accordance with the General Data Protection Regulation, when contemplating  new projects that involve personal data or changes in processing operations.  Please contact the Data Protection Officer if you would like more information relating to Data Protection Impact Assessments.

CCTV on Trust Premises - The Trust is compliant with Data Protection law and CCTV codes of practice.  The Trust locates CCTV signage in areas where cameras are located. This ensures that members of the public are aware of CCTV in each location and are aware that they are being monitored for the purposes of crime prevention, crime detection and promotion of public safety.

Car park Management  - is provided by a third party company under a contract with the Trust.  The contractor will collect vehicle information on behalf of the Trust when individuals park their vehicles in restricted areas, this is to support traffic flow and for the prevention and detection of crime.

For more information or to raise a concern: The Trust are committed to maintaining good information security standards and developing a culture of data security awareness, if however you have any questions or would like to raise a concern please contact the Trust’s Data Protection Lead Sarah Wilkins  Tel: 07443 679073 

The Trust investigates concerns raised by members of the public, including staff, if however you feel that the Trust have not addressed your concerns effectively you are entitled to discuss the issues with the supervisory authority, who in the UK is the Information Commissioner.