Key points
Why we use your personal data: We typically use your personal information (including special categories of personal data such as information about your health) to provide safe and effective care and treatment to you.
Who else has access to your personal data: To provide you with the care and treatment you need, we may share your personal information with third parties, such as other healthcare providers and third party service providers.
Security of your personal data: We respect the security of your data and treat it in accordance with the law.
Transferring your data internationally: We will not transfer your data outside of the EU.
This privacy statement explains what information is collected about you, why it is collected and the ways it is used. West London NHS Trust recognises how important it is that you are fully aware of the information we collect and hold about you as well as how we share that information.
To provide a healthcare service, we need to collect and use personal information for a range of purposes. Primarily, we collect data for healthcare and administration purposes. There are some cases where it is necessary and a legal requirement to process your personal information even without your consent.
To ensure that your information is kept confidential and that your data is kept safe and secure, all our staff are given training in data protection and information governance before they start work with us. Current staff must also undertake regular refresher training courses tailored to their individual roles.
This statement applies to all of our current and former patients. We may update this statement at any time.
If we do not have accurate, up to date information, this may impact on the services (such as effective treatment) that we provide. It is important that you inform us of any changes to your personal information (such as your contact details) we hold about you so that the information which we hold is accurate and current.
We are West London NHS Trust (the Trust/we/us).
Our head office is located at 1 Armstrong Way, Southall, UB2 4SD.
We are a 'data controller' in respect of the information we hold about you. This means that we are responsible for deciding how we use your personal information.
Our DPO is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
If you have any concerns or questions about our use of your personal information, you can contact our DPO at Kevin.Towers@westlondon.nhs.uk or by writing to
Information Governance Team
West London NHS Trust
A block
1 Armstrong Way
Southall
UB2 4SD.
Personal information is any information that can be used to identify you. We may collect the following personal information about you:
Categories of information | Types of information within each category |
Personal details | Such as your name, gender and date of birth |
Contact details |
Such as your address and telephone number(s) |
Details of each contact that we have had with you |
Including home visits and telephone consultations |
Records of your health and wellbeing |
Including reports from other healthcare providers |
Details of your care and treatments |
Including test results and investigations that have been undertaken |
Relevant information from people who care for you |
Including other health and care providers, carers and relatives |
Information about your family and friends |
Such as dependants, next of kin and emergency contact numbers |
Security information |
Such as CCTV footage |
Biometric data |
For identification purposes (fingerprints, photo of visitors and staff to our High Secure Areas) |
This information is referred to as 'personal data' under the data protection legislation and 'personal confidential data' under the Caldicott Principles. Under both the data protection legislation and the Caldicott Principles we are required to ensure that your information is treated in confidence and with respect.
Some of the information which we collect about you may be “special categories of personal data”. Special categories of personal data require a greater level of protection. The special categories of personal data about you which we may collect include your racial or ethnic origin, your religious beliefs, information about your sex life or sexual orientation and information about your health.
The above information which we collect about you will be obtained through a variety of sources which include:
- From you directly via any direct access with our healthcare services
- From your friends and relatives who provide us with information about you
- From anyone who has the authority to act on your behalf such as a power of attorney or deputy
- From your GP
- From other healthcare professionals and officers in the local authority, social services department and emergency services; and
- From any other (current and/or previous) healthcare and care providers.
We use the types of personal information listed above for a number of purposes, each of which has a ‘lawful basis’.
In accordance with the data protection laws, we need a ‘lawful basis’ for collecting and using information about you. There are a variety of different lawful bases for using personal information which are set out in the data protection laws.
We have set out below the different purposes for which we collect and use your personal information, along with the lawful bases we rely on to do so.
Why we use your information |
Our lawful basis for using your information |
---|---|
To keep and maintain an accurate record of your medical history: To help inform decisions that we make about your care, including diagnosis, decisions around medical intervention and prescriptions and to plan your care and treatment.
|
The legal basis we rely on to process your personal data is article 6 (1) (e) of the GDPR: Public task The legal basis we rely on to process your special category data is article 9 (2)(h) of the GDPR. Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law… |
To provide you with safe and effective care and treatment: To provide you with safe, appropriate and personalised care and treatment as one of our service users and ensure that we meet your individual requirements. This will include us using your personal information for the following reasons:
|
The legal basis we rely on to process your personal data is article 6 (1) (e) of the GDPR: Public task The legal basis we rely on to process your special category data is article 9 (2)(h) of the GDPR:
|
To work effectively with other organisations who may be involved in your care: To send information regarding your health to others, such as your GP, other healthcare and/or social care providers for continuity of care and to ensure that your needs are being meet appropriately. |
The legal basis we rely on to process your personal data is article 6 (1) (e) of the GDPR:
|
To communicate with you: We will use your personal information to contact you/anyone who has authority to act on your behalf, regarding your health, care, treatment, appointments and/or test results. |
The legal basis we rely on to process your personal data is article 6 (1) (e) of the GDPR:
|
For identification: When visiting our high secure hospital we will collect biometric data (photo and fingerprints) for identification purposes. |
The legal basis we rely on to process your personal data is article 6 (1) (a) of the GDPR:
|
For security: We may need to capture images of you as part of our security processes to ensure the safety of our staff, service users and members of the public. This may include the use of CCTV systems. |
The legal basis we rely on to process your personal data is article 6 (1) (f) of the GDPR: Legitimate interest |
To conduct clinical audits and prepare statistics on NHS performance: To check the quality of care provided to you to identify areas where we may need to improve. We do this by collecting information from the records of groups of patients who have similar conditions or have received similar treatments, and comparing this with what we know are the best standards of care. This helps us to identify areas where we need to make improvements. Information is anonymised as soon as possible. |
The legal basis we rely on to process your personal data is article 6 (1) (e) of the GDPR: Public task The legal basis we rely on to process your special category data is article 9 (2)(h) of the GDPR:Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State |
To improve our services: You may choose to complete our patient survey, to help us to improve the services we provide to you and others. |
The legal basis we rely on to process your personal data is article 6 (1) (a) of the GDPR: Consent |
To train and monitor our staff: Your records help us to teach, train and monitor staff and their work (including providing staff and clinicians with anonymous feedback from patient surveys) to audit and improve our services and ensure they meet your needs. |
Official authority: It is necessary for the performance of a task carried out in the public interest or in the exercise of our official authority. Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.* |
To conduct medical research: To help plan services, improve care provided and to conduct research into developing new treatments and preventing diseases, understanding more about disease risks and causes, improving diagnosis and improving patient safety. |
The legal basis we rely on to process your personal data is article 6 (1) (f) of the GDPR: Legitimate interest Public task Processing is necessary for archiving purposes in the public interest, scientific or historical research |
To investigate concerns or complaints: To ensure that any concerns or complaints you may have about your healthcare are appropriately investigated and responded to. |
The legal basis we rely on to process your personal data is article 6 (1) € of the GDPR: Public task The legal basis we rely on to process your special category data is article 9 (2)(h) of the GDPR: Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law… |
For safeguarding and regulation: We use your personal data for the purpose of safeguarding and regulation of care. |
The legal basis we rely on to process your personal data is article 6 (1) € of the GDPR: Public task The legal basis we rely on to process your special category data is article 9 (2)(h) of the GDPR: Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law… |
To collect data about public health matters: To protect against serious cross-border threats to health or ensuring high standards of quality and safety of health care, medical products or devices. |
The legal basis we rely on to process your personal data is article 6 (1) € of the GDPR: Public task The legal basis we rely on to process your special category data is article 9 (2)(h) of the GDPR: Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law… |
Sharing your information without your consent
There are circumstances where we need to share your information without your consent. For example:
- When the health and safety of others (including members of staff) is at risk;
- To ensure we provide you with the appropriate care, also known as direct care
- To protect public health;
- When the law requires information to be passed on;
- For the prevention or investigation of serious crime;
- Under a court order;
- When sharing is in the public interest; or
- Where there are safeguarding concerns for vulnerable people.
Information may not be shared if it is believed it may cause serious harm or distress to you or to another person.
The Trust uses Electronic Patient Record systems to store and process patient information. These systems include SystemOne, Rio, IAPTUS and Alfresco.
Some of these systems, that is Rio and SystemOne feed data into the London Care Record – Health Information Exchange. The London Care Record is enabled by a network of health information exchanges (HIEs) across London, providing a read-only view of an individual’s health and care information.
Also, the London Care Record (Health Information Exchange) provides access to joined-up care records – important and current information at the point of care, for the whole care team. Most information will be updated in real time, but in some cases will be updated every 24 hours. Access to joined-up health and care records will save time and support everyone delivering health and care services.
Article 21 of the UK GDPR gives data subjects the right to object to the processing of their personal data at any time. This effectively allows data subjects to stop or prevent their personal data being processed. Please note that the right to object is not absolute if the processing is for a task carried out in the public interest (Public Task), the exercise of official authority vested in you; or your legitimate interests (or those of a third party).
If you would like to exercise your right to object to processing, please contact the Information Governanace (IG) team by emailing IG@westlondon.nhs.uk where a member of the IG team will be in touch regarding your request.
Sometimes it is necessary for us to share information with another organisation. For example, you may be receiving care from social services and we may need to share information about you so we can all work together for your benefit.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We may also share your information with third parties such as:
- Your friends, family and others: including anyone who has the authority to act on your behalf such as a power of attorney or deputy, where appropriate to do so for the provision of your health or social care, in the vital interests of you or others (or with your consent where applicable);
- Other healthcare providers and multi-disciplinary teams: for direct care purposes, we will share information about you with other healthcare providers such as other NHS Trusts, your GP, community staff/district nurses, hospital staff, emergency services, NHS 111, social services and local authorities;
- Regulators / safeguarding authorities/commissioners: such as child and adult safeguarding services (e.g. MASH), the Care Quality Commission and Public Health England. We share your personal data with these public bodies where we are required to do so by law or a regulatory obligation;
- The police and other law enforcement agencies: in limited circumstances we may share your personal data with the police if required for the purposes of criminal investigations and law enforcement;
- Courts (including a Coroner’s Court) and to tribunals: for the investigation of deaths (coroner) and processing of legal claims;
- Service providers: such as external IT providers, systems maintenance providers, language and sign language interpretation/translation and telephone call recording for monitoring purposes;
- Professional advisors: such as lawyers, in the exercise or defence of legal claims;
- Charitable organisations: such as organisations that can help with support for you and your family, provision of hospice care and funding of treatments, with your consent; and
- Bulk mailing providers: in order to communicate with patients to satisfy our legal obligations and provide you with relevant healthcare information.
We will not transfer your data outside of the European Economic Area.
We typically will only use your personal information for the purposes for which we collect it.
It is possible that we will use your information for other purposes as long as those other purposes are compatible with those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
We may also use your personal information for other purposes where such use is required or permitted by law.
You have the right to confidentiality under the General Data Protection Regulation EU 2016/679 (GDPR), the Data Protection Act 2018 (DPA), the Human Rights Act 1998 (HRA), the Health and Social Care Act 2012 (HSCA), as well as the common law duty of confidence.
The Equality Act 2010 may also apply in some circumstances.
Under certain circumstances, by law you have the right to:
- Be kept informed about how and why we use your personal information.
- Request access to the information we hold about you (commonly known as a "data subject access request"), which enables you to receive a copy of that information and check that we are lawfully processing it;
- Request correction of any incomplete or inaccurate information we hold about you;
- Request erasure of your personal information where there is no good reason for us continuing to process it;
- Object to processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
- Request the restriction of processing of your information, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact our DPO by writing to Kevin.Towers@westlondon.nhs.uk or contact the Information Governance Team – Dayo Adebari, Head of Information Governance and Records Management - Adedayo.Adebari@westlondon.nhs.uk.
Information Governance Team
West London NHS Trust
A block 1 Armstrong Way
Southall
UB2 4SD
All organisations providing care for the NHS or on its behalf must follow the same strict policies and controls as managed by the Department of Health’s Information Governance Framework.
The sharing of your information is strictly controlled. We will not pass on information about you to third parties without your permission unless there are exceptional circumstances; for example, where we are required to so by law. In all cases, where personal information is shared, either with or without your consent, a record will be kept.
Our secure networks, internal and external IT safeguards, use of the national NHS smartcard system and audits all ensure we protect your right to privacy and confidentiality.
We only keep your information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our DPO by writing to Kevin.Towers@westlondon.nhs.uk or contact the Information Governance Team – Dayo Adebari, Head of Information Governance and Records Management - Adedayo.Adebari@westlondon.nhs.uk.
Information Governance Team
West London NHS Trust
A block 1 Armstrong Way
Southall
UB2 4SD
The GDPR, the DPA and other data protection laws
We will comply with data protection law. At the heart of data protection laws are the 'data protection principles' which say that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- kept securely.
The Caldicott Principles
We will comply with the Caldicott Principles, which set out that we must:
- Justify the purpose(s) for using confidential information;
- Not use patient identifiable information unless it is absolutely necessary;
- Use the minimum necessary patient identifiable information;
- Restrict access to patient identifiable information on a strict need-to-know basis;
- Ensure everyone with access to patient identifiable information is aware of their responsibilities;
- Comply with the law; and
- Be aware that the duty to share information can be as important as the duty to protect patient confidentiality.
We want to ensure that the information contained within this privacy statement is relevant and accessible for use by the people who use our children’s services.
That includes clinicians, carers, families and children. Please read the child-friendly version of the privacy policy. (PDF)
To improve your individual care, plan local services, research new treatments and speed up diagnoses, we may at times safely and securely share data with external researchers, organisations and analysts who can assist us with these processes.
We only share what is necessary for each piece of research and where possible, information is removed so that you cannot be identified. However, you can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care.
This is known as the national data opt-out. If you choose to opt out, West London NHS Trust will apply your opt out immediately.
All other health and social care organisations have been required to apply your opt-out from March 2020.
West London NHS Trust shares information about you (your personal confidential data) for the Improving Access to Psychological Therapies (IAPT) Data Set, to help achieve better outcomes and experiences of care.
NHS Digital has been directed by NHS England under section 254 of the Health and Social Care Act (HSCA) 2012 to establish and operate a system for the collection and analysis of IAPT information from providers.
The Trust previously used to seek consent for data to be sent to NHS digital. This has now changed as we are now mandated to send all data. Service users must use national data
opt-out to control how their data is processed.
Under GDPR, the Trust’s lawful basis for processing is Article 6 (1) (c), which relates to processing necessary to comply with a legal obligation to which we are subject. Our lawful basis for processing special category data is GDPR Article 9 (2) (h) and Schedule 1, Part 1 (2) (2) (f) of the Data Protection Act 2018.
- The data set collects information about demographics (e.g. postcode, date of birth, ethnic category), referral, treatment and outcomes details.
- The data will be securely sent to NHS Digital which is the central organisation that receives the same data from all NHS-funded IAPT services across England.
- The data set is used to produce anonymised national reports that show summary numbers of, for instance, numbers of patients referred to different IAPT services across the country as well as average waiting times and outcomes.
- The reports help the NHS to improve the care it provides to you and other patients.
- No information that could reveal your identity is used in these reports.
- The data may be linked with other sources of data to support a wider range of information within these national reports, such as to investigate the relationship between IAPT services and other care services.
For more information about how NHS Digital uses IAPT data including their lawful basis for processing, how long they hold it for and your rights, please see the GDPR register.
Find more information about the IAPT Data Set on the NHS Digital IAPT web pages visit the NHS Digital website.
This section of the privacy statement describes how we may use your information to protect you and others during the Covid-19 outbreak.
We may amend this section of the privacy statement at any time.
Patient information
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak.
Using this law the Secretary of State for Health and Social Care has required organisations to
to share confidential patient information to respond to the Covid-19 outbreak. These are: NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); Local authorities; Health organisations and GPs. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data.
See gov.uk. See FAQs on the law.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. See gov.uk for information on National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests while we focus our efforts on responding to the outbreak.
To look after your health and care needs, we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.
During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak.
See how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response.
This includes data already collected by: NHS England; NHS Improvement; Public Health England; NHS Digital. New data will include: 999 call data; Data about hospital occupancy; Emergency department capacity data; Data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation. In such circumstances where you tell us you are experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
Staff information (the following only applies to employees working for the Trust)
HR and non-HR teams of the Trust may collect and process information relating to your Covid-19 self-isolation status, test results and confirmed diagnosis.
This is to help with workforce planning and ensure continuity of services. Information will only be shared with other NHS organisations, such as NHS England and Clinical Commissioning Groups, in an appropriate and proportionate manner.
The lawful bases and conditions to enable this processing are listed under Articles 6 and 9 of the GDPR and include the following:
- Article 6(1)(c) (“necessary to comply with legal obligations”)
- Article 9(2)(b) (" employment,="" social="" security="" and="" protection")=""
This is because, in the UK, there is a requirement under the Health and Safety at Work etc. Act 1974 for employers to take reasonable steps to look after the health, safety and welfare of staff. As such, it is reasonable for the Trust to collect certain information (such as information about confirmed diagnosis) as part of the organisation’s general duty to safeguard health and safety.
Indeed, the concept that employers may have a role to play in relation to coronavirus has been highlighted in the Government’s recent guidance for employers and businesses on dealing with Covid-19.
You have the right to complain to the Information Commissioner's Office (the ICO) if you are not satisfied with the way we use your information.
You can contact the ICO by writing to:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
We reserve the right to update this privacy statement at any time, and we will provide you with a new privacy statement when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
What is the Single Point of Access and NHS111?
The NHS Long Term Plan called for easy and effective access to urgent mental health services through specialist mental health crisis lines. As a provider, West London NHS Trust is committed to improving access to services for people experiencing mental health crises.
We offer two crisis lines:
- A crisis line through the SPA since 2016;
- And more recently, a more familiar route has been established through NHS 111.
We are working in partnership to streamline these processes so that regardless of the entry point, you are met with specialist support.
Why do we need your information?
We’ll always tell you when we are collecting your information.
When you use the service, we collect:
- Your postcode - to get you help in the right location
- Your name
- Your date of birth
- Your address
We collect this information so we are able to comply with the UK General Data Protection Regulation (UK GDPR) to allow access to your Healthcare Record (called ‘Electronic Patient Record’).
The legal basis under UK GDPR for processing this information has been listed below:
- Article 6 1(e): performance of a task in the public interest or in the exercise of official authority vested in the controller.
- Article 9 2(h) - processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, for medical diagnosis, the provision of health or social care or treatment or for the management of health or social care systems and services, or under contract with a health professional.
When you answer questions about your symptoms (called ‘triage’) we collect the answers. We also collect the symptoms you tell us about and the outcome (called ‘disposition’) you reach. This is so we can recommend the right outcome for your health needs.
The service is used in instances where urgent mental health help or advice is needed, such as:
- You need medical help fast, but it's not a 999 emergency.
- You think you need to go to A&E or need another NHS urgent care service.
- You don't know who to call or you don't have a GP to call
- You need mental health information or reassurance. We will use this information to help you and advise you on what you can do next.
It is essential that your details are accurate and up to date. Always check that your personal details are correct and please inform us of any changes as soon as possible.
If you would like to be referred to a healthcare provider after the triage we will ask for your:
- First name
- Last name
- Address and postcode
- Telephone number
- Consent
If you’re using the service on behalf of someone else, we’ll ask for their details. We need this personal information as we can’t give you the healthcare service you requested without it.
We use the personal information you’ve given us to carry out a 'personal demographic service (PDS)' check. This means we try and find your NHS number and your GP details. Having your NHS number means the healthcare professional you’re referred to can see information about you, such as details about any care plan you might be on. This makes it easier for them to give you the right help.
We will pass this personal information and the advice you've been given to a healthcare professional. The healthcare professional may work outside the NHS (for example, SHOUT, or Safe Space), but will have been commissioned by the NHS to provide services for the SPA and NHS111.
By agreeing to be referred to a healthcare professional you consent to the sharing of your personal information in a way which respects the Common Law Duty of Confidentiality. We’ll also store the information securely for eight years for clinical audit purposes only.
How may the call recordings be used?
We aim to record all telephone calls to and from our crisis lines to:
- Check for mistakes
- Train staff
- Prevent, detect, investigate and prosecute fraud
- Help plan and make improvements to NHS services
We do this in the interests of offering a good service to our customers and to protect public funds.
If you object to this, you will need to end the call when you are told that calls may be recorded. Alternative methods of communication are available on request.
Sometimes, calls may not be recorded if:
- There is a technical fault with the telephony system.
- A call handler is using equipment which does not let calls be recorded.
- You’ve been transferred to a different line or have not dialled directly to the crisis line number(s)
Everyone working for and on behalf of West London NHS Trust must comply with Data Protection legislation and the Common Law Duty of Confidence.
Further information can be obtained via the West London NHS Trust’s Privacy Statement, NHS Privacy Statement and NHS England’s Code of Practice.