We only use information that may identify you, in accordance with the Data Protection Legislation which requires us to process data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

Within the health sector, we also have to follow the common law duty of confidence, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare and only between other professionals and clinicians, unless you have agreed otherwise.

Everyone working for the NHS has a legal duty to keep information about you confidential under the NHS Confidentiality Code of Conduct. The NHS Care Record Guarantee and NHS Constitution  provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

The NHS Digital Code of Practice on Confidential Information applies to all of our staff and anyone working on our behalf. We expect all SCW staff to manage information in a confidential way where this is required and receive annual training on how to do this.

We ensure the information we process is held in secure locations.  We restrict access to certain categories of information to authorised personnel only where they can demonstrate a clear need for access as part of their job role.  We ensure that where we process information on equipment such as laptops or other types of equipment outside of our normal office environment, we protect it with encryption software (which masks data so that unauthorised users cannot see or make sense of it).

We sometimes ask other organisations to help us process and manage our information and the information we process on behalf of our Customers.  Any third parties and external processors are legally and contractually bound to operate within security arrangements that are equivalent to those we have in place.

The NHS Care Record Guarantee

The NHS Care Record Guarantee  for England sets out the rules that govern how patient information is used in the NHS and what control the patient can have over this. It covers people's access to their own records; controls on others' access; how access will be monitored and policed; options people have to further limit access; access in an emergency; and what happens when someone cannot make their own decisions.

Everyone who works for the NHS, or for organisations delivering services under contract to the NHS, has to comply with this guarantee. The NHS Care Record Guarantee was first published in 2005 and is regularly reviewed to ensure it remains clear and continues to reflect the law and best practice.