How we use your personal information
Patient and personal information
Information we record about you
The London Ambulance Service NHS Trust provides emergency pre-hospital care and an non-emergency transport service throughout Greater London as well as an urgent care 111 service in North East London and South East London.
When you contact us as a patient, we collect information about you and keep records about the service we provide you. We may also record information about you if you contact us for any other reason. This guidance explains the type of information we record about you, why this is necessary, and the ways in which this information may be used by the Service.
Covid-19 and your information - updated 14 April 2020
Supplementary privacy note on Covid-19 for LAS Patients and Staff
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available here.
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential person identifiable information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential person identifiable information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and / or care needs we may share your confidential person identifiable information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text, email or any other means available at our disposal.
During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Confidential person identifiable information will be safeguarded in the same way it would with any other consultation.
We will also be required to share confidential person identifiable information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public, monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients or staff themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
During this outbreak, the London Ambulance Service will also work with other public and private organisations as part of the Covid-19 response.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we or our partners need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
What is the legal basis for processing my information?
Under the EU General Data Protection Regulation and the Data Protection Act 2018, the legal basis for the processing of your data is:
- the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health
- Data protection legislation states that it is appropriate to do so for the health and social care treatment of patients, and the management of health or social care systems and services.
If we need to use your personal information for any reason beyond those stated above and below, we will discuss this with you. You have the right to ask us not to use your information for certain purposes but there are exceptions to this which are listed below under ‘Disclosure to third parties’.
What type of information will we record about you?
We log details electronically when we receive a call for help at our emergency control centres or 111 service, or book a non-emergency transport service that we operate.
If one of our ambulances attends you, or you are transferred between hospitals by ambulance, we will collect information about you to help us identify and treat you. This will be written on a patient clinical record along with details of your symptoms, condition, and any treatment we give you. We are also required to record details of your ethnicity and other information to help us monitor the equality of the services we provide.
If you speak to one of our 111 call handlers or clinical advisors we will record your details and access your clinical information in order to provide the advice or care you need, which may include transferring you to the out-of-hours service, requesting an ambulance or, if it is in hours, putting you in touch with your dentist or GP.
If you receive non-emergency transport services, we will record details about where you live, where we will be taking you and some details about your circumstances.
If you make a complaint or an enquiry about the service we have provided, or have contact with us on another matter, we will keep a record of all the relevant details in a file for case management purposes. In some cases, we may need to obtain information from the hospital we took you to in order to investigate a complaint or deal with an enquiry.
Update: In conjunction with London’s Air Ambulance we are exploring the use of a facility to obtain a secure live-stream video from callers’ mobile phones at certain incidents, to help our control room clinicians more accurately and rapidly assess patient injuries. This will only be done when clinically necessary with patient and caller consent, or when a patient is unable to consent it will be done in a patient’s best interests. No footage is stored and privacy controls and protocols are in place in connection with this tool.
What happens to your clinical records?
If an ambulance takes you to hospital, we will give the hospital staff a copy of the written patient clinical record so that they have details of your condition and the treatment we have provided.
Where necessary, we use a limited number of private contractors to supplement our emergency and non-emergency transport services. In these cases, they are under contract to us and must comply with data protection legislation in the same way we do. Their performance is monitored and all the information they collect about you is transferred securely to us.
Other health and social care professionals involved in your treatment or care may ask us for information about your use of our services or the treatment you received. Provided we are satisfied that they need this information for your care, or you have given your permission, we will provide this to them.
In some circumstances we may share information or clinical records with other healthcare professionals – most commonly your GP but also specialist healthcare teams such as social service – even if we have not taken you to hospital or provided 111 advice. We do this to help them assess whether they can offer you support that may help to prevent a similar situation arising again.
We are sometimes also asked by the Clinical Commissioning Groups (CCGs) that fund our services to provide information about incidents attended so they can identify and provide more appropriate care pathways for patients. The information we provide will not identify you.
Where another NHS organisation is funding a non-emergency transport service journey, we have to confirm personal information – although we will provide only the details that are needed.
Where necessary, we use a limited number of private contractors to supplement our emergency and non-emergency transport services. Where this happens they are under contract to us to comply with Data Protection legislation in the same way as we do their performance in this respect is monitored and all the information they collect about you is transferred securely to us.
Other health and social care professionals involved in your treatment or care may ask us for information about your use of our services or the treatment you received. Provided we are satisfied that they do need this information for your care, or you have given permission, we will provide this to them.
In some circumstances, particularly if we do not take you to hospital or provide 111 advice, we may share information or clinical records with other healthcare professionals. Most commonly, this will be to your GP, but we may also pass your details to other specialist healthcare teams which might include people from other organisations, such as social services, to assess whether they can offer you support that may help to prevent a similar situation arising again.
We are sometimes also asked by the Clinical Commissioning Groups (CCGs) that fund our services to provide information about incidents attended so they can identify and provide more appropriate care pathways for patients but the information we provide will not identify you.
Where another NHS organisation is funding a non-emergency transport service journey, we have to confirm this information – although we will provide only the details that are needed.
Helping us to train our staff and monitor their work
Clinicians may need to copy patient clinical records they have completed for their training, but they will blank out information which could identify you before they do this.
Monitoring the standard of care we provide and undertaking research
Anonymised information from patient clinical records is used for internal audit purposes and details of the emergency treatment and care we provide is sometimes used for research. We make sure ethical approval has been obtained in accordance with NHS guidelines before we release any information outside the organisation for research purposes and do not release information that could identify patients unless there is a legal basis for doing so.
On occasion we may need to view records that contain personal information and use this information to link records to allow us to get a full picture of the care provided to you. If you do not wish for us to use your data for research in this way please contact the Clinical Audit & Research Unit at [email protected]
Monitoring the standard of care provided within the NHS overall
We pass information to other NHS organisations as part of national initiatives to monitor the standard of care provided within the NHS as a whole. In all cases, we supply only the details that are needed for these purposes and, wherever possible, the information will be anonymised.
Disclosure to third parties
We will not disclose your information to third parties outside the NHS without your permission unless it is required for your direct care or there are exceptional circumstances, such as when it is justified in the public interest; for example:
- When a serious crime has been committed
- if there are risks to the public or NHS staff
- to protect vulnerable children or adults who are not able to decide for themselves whether their information should be shared.
- We have a legal duty, for example reporting some infectious diseases, wounding by firearms and court orders
- We need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority)
or where the law requires information to be passed on; for example-
- Where a formal court order has been issued.
We will seek your consent before we release information that identifies you to any third party for any other reason than direct patient care and those set out in this guidance and the regulations.
Your information is never collected for direct marketing purposes, and is not sold on to any other third parties. Your information is not processed overseas.
How do you know your records will be kept confidential?
All NHS organisations have a legal duty of confidence to their patients and Data Protection legislation further defines how we can collect and handle personal information. The NHS also has an additional set of guidelines, known as the Caldicott principles, which apply to the use of patient information. All NHS organisations are required to appoint a Caldicott Guardian to ensure patient information is handled in accordance with legal and NHS regulations and the Caldicott Guardian for the London Ambulance Service is the Medical Director.
When we pass on any information we will ensure that the recipient is aware that it must be kept confidential and secure.
How long do we keep your records?
Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care 2016.
We retain medical records for 25 years and clinical details of 999 and 111 calls made by adults for 10 years. Other records that may contain information about you are kept for varying lengths of time, up to ten years.
Your rights over your information
Data Protection legislation gives individuals rights in respect of the personal information that we hold about you. These are:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure (does not apply to medical records) or restriction of processing, such as for research purposes.
- Right of portability – you have the right to have the data we hold about you transferred from one IT system to another in a safe and secure way, without impacting the quality of the information.
- To ask us to restrict the use of your information.
- To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to any decisions made without human intervention (automated decision making).
Complaints and enquiries about the use of your personal information
Should you wish to make an enquiry or complaint about the use of your personal information, please contact our Patient Experiences Team:
Tel: 020 3069 0240
Email: [email protected]
Patient Experiences Department
London Ambulance Service NHS Trust
Units 1&2 Datapoint Business Centre
6 South Crescent
If you are still unhappy with the outcome of your enquiry you can write to: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF – Telephone: 01625 545700.