Data Protection & Your Information

Bedfordshire Hospitals NHS Foundation Trust collects large amounts of personal information every day. We are legally obliged under the Data Protection Act 2018 to use this information appropriately and store it securely. We take this obligation very seriously and are committed to taking all reasonable measures to ensure your right to confidentiality is upheld.

Your information and how it is held:

The doctors, nurses and team of healthcare professionals caring for you have to collect and hold information about you to enable them to provide you with care and treatment. This information will be either:

  • Written down and held in a paper record.
  • Written on paper then later scanned for viewing as an electronic record via a computer system, which is secured on our IT Network.
  • Entered directly onto a computer system, which is secured on our IT network together with any images e.g. x-rays & scans.

What information is held in these records?

These records may include:

  • Basic personal details about you such as your name, address, date of birth, next of kin, etc.
  • Contact we have had with you such as inpatient stays and outpatients clinic appointments.
  • Notes and reports about your health, treatment and care.
  • Results of x-rays, scans and laboratory tests.
  • Results of exploratory examinations and investigations.
  • Relevant information from people who care for you or who know you well e.g. your GP, other health care professionals, relatives or carer.

How is the record protected?

It would not be practical to list all of the measures we have in place to protect your information; the following is a short summary:

  • Written policies, processes and procedures.
  • Staff Training on data protection/confidentiality
  • Staff contracts include data protection/confidentiality clauses.
  • All non-Bedfordshire Hospitals NHS Foundation Trust organisations who work for us have to agree to data protection/confidentiality clauses in their contract.
  • Information Sharing Agreements and Data Protection Impact Assessments (DPIA’s).

What is the information in my records used for?

Your records are used to manage and deliver your care and treatment. The information will help to ensure:

  • The doctors, nurses and other healthcare professionals involved in your care have information to assess your health and decide on the most appropriate care for you.
  • Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive.
  • We can properly investigate any concerns you may have.
  • Appropriate information is available if you see a different member of the team who are caring for you or you are referred to a different department or team.

We are required to monitor & manage our services, so your information may also be used to:

  • Contact you inviting you to take part in a Patient Satisfaction survey (*see details below).
  • Review the care we provide to ensure it is of the highest standard and quality.
  • Ensure our services can meet patient needs in the future.
  • Ensure the hospital receives payment for the services we provide.
  • Prepare statistics on NHS performance.
  • Audit accounts and services.
  • Helping to train and educate healthcare professionals.
  • Undertaking heath research and development (with your consent – you may choose whether or not to be involved).

*Patient Satisfaction Surveys

We may contact you in writing or by telephone inviting you to take part in a Patient Satisfaction survey. You do not have to take part, but if you do your identity will not be kept with your completed survey. You will only be identifiable if you chose to include information about yourself in your response.

The purpose of these surveys is to give you the opportunity to give us your views and to enable us to identify where we need to make improvements to our services and other services provided by the NHS.
If you do not wish to be contacted for this purpose, please inform the Patient Advice & Liaison Service (PALS). You will find their contact details at the end of this leaflet.

Who will the information be shared with?

We will share information with the following main organisations:

  • Other NHS organisations that are directly involved in your care.
  • Non-NHS organisations who are directly involved in your care e.g. Social Care, voluntary and private sector providers working with the NHS.
  • General Practitioners (GPs).
  • Health & non-health organisations who are providing services on our behalf.

We may also share your information in circumstances where the health and safety of you or others may be at risk or where we are required to by law e.g., notification of births, matters of public health, where a court order requires us to do so.

Sometimes special permission is given to enable us and the NHS to use or share your information for other reasons. These may be for medical research, checking quality of care or keeping registers of patients with particular conditions, illnesses or needs e.g. cancer registers. This permission is given by the Secretary of State for Health.

Everyone who we share patient information with has a legal duty to keep the information confidential and to comply with the Data Protection Act 2018.

Do I have the right to say I don’t want my information to be shared?

In some circumstances you have the right to restrict with whom we share the personal information in your records that identify you. By choosing this option, it may make the provision of treatment or care more difficult or unavailable, so it is advisable to discuss this with your Consultant or the team who are caring for you. This must be noted explicitly within your records in order that all healthcare professionals and staff treating and involved with you are aware of your decision.

Do I have the right to see what information you hold about me?

Yes. The Data Protection Act 2018 gives you the right to request and be provided with a copy of information we hold about you.

For more information and to download a request form please visit our website, or contact the Access to Health Records Team on: Luton Site – 01582 417288 or Bedford Site – 01234 355122

What is an NHS Summary Care Record?

This is a secure electronic record of essential information about your health that can be accessed by NHS staff who are directly providing your care, in any part of the country in an emergency.

You can opt out of this scheme. To find out more please phone 0845 300 6016, or visit the website.

More information

If you feel your confidentiality has been breached, please speak to the person in charge of your care or contact the Data Protection Officer (DPO):

By email –

By post – Data Protection Officer – Information Governance

Luton & Dunstable Hospital NHSFT
Lewsey Road