Main navigation

Information governance

Information Governance (IG) is about how we look after your information.  It ensures necessary safeguards for, and appropriate use of, personal information to ensure that we handle it carefully, securely and confidentially.

The confidentiality and security of your information is very important to us. We take the utmost care when handling your personal and confidential information and ensure that we have appropriate organisational and technical security measures in place to prevent unauthorised access, accidental damage, destruction or loss.

You can find out more about your other rights, the legal basis for using your information and how we protect your data by visiting our Privacy Policy, requesting a hard copy, speaking with your care team or contacting the Data Protection Officer.

Your health and care records

We have a legal and ethical duty to keep your health and social care records confidential Our staff and volunteers across all our services are required to comply with the requirements of the Data Protection Act, the General Data Protection Regulation and the NHS Confidentiality Code of Practice.

Your health and care records are generally held in electronic format and hold personal information about you such as your name, address, telephone numbers, date of birth, next of kin, GP practice

To ensure that you receive the best possible care, your record will also contain more sensitive information and reports about your health and care including details of any support, appointments, illness, tests and other treatments and/or care you receive

When you attend an appointment, the health and care professionals who see you will add notes to the record based on their professional opinion. Where possible this will be discussed with you at the appointment

Some information about you may be held in paper format until they are added to your record.  These could be your registration form, referrals, reports, results and notes.

Our Caldicott Guardian

To help with this, we have appointed a Caldicott Guardian, a senior person who is responsible for protecting the confidentiality of patient and other service user information, and enabling appropriate information sharing.  Our Caldicott Guardian is our Clinical Director, Dr Peter Taylor.

He is supported by the ‘Caldicott Function’ which is comprised of the IG Team and deputy Caldicott Guardians based out in our services. The Caldicott Function has responsibility to champion patient confidentiality and support staff in making decisions about how your information is handled.

How we'll use the information we hold about you

  • Your personal health record, including your name, address and date of birth, will be used to make sure that decisions about your care and treatment are always based on accurate up-to-date information
  • Where your information is part of an integrated care records, there will be detailed information about how your record is shared, the protection around it and how you can change your preferences and/or opt out.
  • To make sure you receive all of the care and treatment you need, we may need to obtain or share the information in your health and care record with other staff and organisations. This could include your GP, pathology laboratories, sexual health test and radiology services.
  • Sometimes we will share information with your employer but only if you consent to this. We will inform you when we do this and you have the opportunity to see any reports before they are shared.
  • We may use your information to investigate and respond to incidents, claims, complaints and feedback
  • We remove your name and other details that could identify you, so that we can use the information in your health records anonymously to:
  • Monitor and improve the quality of care received by our clients
  • Protect the health of the general public
  • Make sure that the treatments and services we provide are meeting the needs of our clients
  • Train and educate staff
  • Records may be shared without in exceptional situations, such as:
  • When a serious crime has been committed
  • If there is a serious risk to the public or our colleagues
  • To protect children or vulnerable adults who are unable to decide whether their information should be shared

What we need from you when you request a copy of your records

  • your full name and current address;
  • contact email and phone numbers;
  • any previous names;
  • date of birth;
  • location, dates or periods that you were receiving care;
  • proof of identity.

Proof of identity should be two official documents which show your date of birth, name and current address on it (separately or when combined) such as a current drivers licence, current passport, utility bill, council tax bill etc. Please do not send original documents, good quality copies are adequate if you are uploading using the online form or sending by post – note we will not return these but will temporarily store then permanently and securely dispose.

If you wish, you can appoint someone you trust to act on your behalf.  If you are applying to see someone else’s records you will need to enclose their signed permission or other legal documentation such as Parental rights or Power of Attorney to confirm their request.

Once we have the information we need from you we log it on our secure portal and will respond to you within one month unless your request is complex and/or numerous and we need more time. If this is the case, we will contact you further and provide you with a timescale. The extension will be no more than 2 months.

Request a copy of your records

Under UK Data Protection laws, you have a right to request a copy of your medical records and the information we hold about you.

By post or email

You can write to us:

Data Protection Officer,
660 Daresbury Business Park,

You can call us on: 0300 247 1122 (opt 2)

You can also email us: