Privacy Notice

Last updated: 2023-08-08

East Kent Hospitals University NHS Foundation Trust aims to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you. 

Health records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and available in accordance with data protection laws, the NHS Constitution and common law. 

Our staff members undertake annual training to process your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold on to third parties. Your information is not sent outside the United Kingdom or the European Union unless the recipient has the same level of legal responsibility as we do. 

Sometimes your care may be provided by members of a care team, which might include people from other organisations such as health; social care; education; or other care organisations. We have a legal duty to share information for your care unless you tell us not to do so. We may also use sub-contractors to process your data. They will be bound by law to maintain your privacy. 

Information is held for the periods of time recommended by the NHSX Records Management Code of Practice 2021. 

Information collected about you to deliver your health care is also used to assist with:

  • Making sure your care is of a high standard; 

  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care; 

  • Using statistical information to look after the health and wellbeing of the general population and planning services to meet the needs of the people we serve; 

  • Preparing statistics on our performance for the Department of Health and other regulatory bodies; 

  • Helping train staff and support research; 

  • Supporting the funding of your care; 

  • Reporting and investigation of complaints, claims and untoward incidents and 

  • Reporting events to the appropriate authorities when we are required to do so by law. 

The legal basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health and data protection law says it is appropriate to do so for health and social care treatment of patients, and the management of health or social care systems and services.

If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below: 

  • the public interest is thought to be of greater importance for example: 

    • if a serious crime has been committed; 

    • if there are risks to the public or our staff or 

    • to protect vulnerable children or adults.

  • we have a legal duty, for example: 

    • registering births; 

    • reporting some infectious diseases; 

    • reporting wounding by knives or firearms and 

    • court orders. 

  • we need to use the information for medical research without specific consent. In this case we have to ask permission from the Secretary of State for Health. An example is carrying out mass surveys of cancer patients to determine the effectiveness of treatment over a long period.

Individuals’ Rights 

 Data Protection laws give individuals rights in respect of the personal information that we hold about you. You have the right to: 

  • be informed why, where and how we use your information; 

  • ask for access to your information; 

  • ask for your information to be corrected if it is inaccurate or incomplete; 

  • ask for your information to be deleted or removed where there is no need for us to continue processing it; 

  • ask us to restrict the use of your information; 

  • ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information; 

  • object to how your information is used and 

  • challenge any decisions made without human intervention (automated decision making). 

Health and care organisations had until 2020 to put systems and processes in place so they are compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is compliant with the national data opt-out policy.

For further information please see our webpage National Data Opt-Out Programme - Your right to opt out or to find out more or to register your choice to opt out, please visit

On this web page you will: 

  • See what is meant by confidential patient information 

  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care 

  • Find out more about the benefits of sharing data 

  • Understand more about who uses the data 

  • Find out how your data is protected 

  • Be able to access the system to view, set or change your opt-out setting 

  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone 

  • See the situations where the opt-out will not apply 

 You can also find out more about how patient information is used at: 

You can change your mind about your choice at any time. 

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement. 

Should you have any queries on the uses of your information, wish to exercise one or more of your rights or complain about our use of your information please direct your enquiry to our Data Protection Officer – via our website at or using the contact details at the foot of this notice.

Online Services

East Kent Hospitals University NHS Foundation Trust uses various platforms to provide online health services. These services are subject to this privacy notice. They may be subject to their own terms, and may provide supplementary privacy notices. 

Supplementary Privacy Notices

The following online services provide their own supplementary privacy notices:

NHS login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login's Privacy Notice and Terms and Conditions, please visit:


Our privacy notices may change. The latest version of our privacy notice will be accessible at this URL.

Complaints and Contact

Trust Data Protection Officer: Tel: 01227 783142, IG Manager, Kent & Canterbury Hospital, Ethelbert Road, Canterbury, CT1 3NJ 

If you are unhappy with the outcome of your enquiry you can contact the regulator: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF - Telephone: 01625 545700