Skip to content
Current waiting times (average) Emergency Dept. (A&E): 46 minutes Emergency Dept. (children): 38 minutes Learn more about our waiting times

Data Protection and Confidentiality

Isle of Wight NHS Trust Privacy Notice

Information for patients

What is a privacy notice?

A privacy notice is a statement published by an organisation which explains how personal and confidential information about patients, service users, staff and visitors is collected, used and shared. Under the General Data Protection Regulations the Trust has extensively revised its privacy notice and in addition is also working towards producing a range of specific user notices in conjunction with the Trust’s patient focus groups. These will be listed on this web page once published.

The Isle of Wight NHS Trust is the only integrated acute, community, mental health and ambulance health care provider in England.  Established in April 2012, the Trust provides a full range of health services to an isolated offshore population of 140,000 – which with visitors can almost double at some points of the year.

The Trust employs over 3,000 staff across a wide range of services and aims to provide high quality care to people in their local communities.

The Trust is registered with the Information Commissioner's Office (see separate section at end of this notice) to process personal and special categories of data/ information under the Data Protection Act 2018. Our registration number is Z3116597.

For more information please refer to the about us page
For more details about the Trust’s registration go to

Why do we collect information about you?

The Trust’s staff including those caring for you need to collect information about your health and treatment, so that you can be given the best possible care. This personal information can be held in a variety of formats, including paper records, computer records, and video and sound/audio files.

What is our lawful basis for processing your personal information?

Under the GDPR the Trust must state its lawful basis for processing/using your personal data.

The majority of the Trust’s legal purposes for processing data will be for the performance of a ‘Public Task’ such as providing health or social care or treatment and the management of health or social care systems - we have to process health related information to be able to deliver our services and provide care. There are however several others which could also be applicable and these are:

  • Contractual
  • Legal Obligation
  • Vital Interests (life and death)
  • Legitimate Interests

For more information on these please visit

What personal information do we need to collect from you and how do we obtain it?

Personal information about you is collected in a number of ways. This can be from referral details from your GP or another hospital or service, directly from you or from your authorised representative

We are likely to hold the following basic personal information about you:

  • Your name
  • Address (including correspondence for you)
  • Telephone numbers
  • Date of birth
  • Emergency or preferred contacts/next of kin details
  • Your GP details

We might also hold your email address, partnership or marriage status, occupation, your status (if you are a patient who is an overseas visitor), place of birth and preferred name or maiden name. We may also require bank account or credit card details for patients where relevant (e.g. using private facilities at St. Mary’s).

CCTV is used throughout the hospital, in some other buildings and on some vehicles for the following purposes:

  • To assist in the prevention and detection of crime against both persons and property.
  • To facilitate the identification, apprehension and prosecution of offenders in relation to crime.
  • To ensure the security and safety of our patients, employees and property belonging to the Trust.

In addition to the above, we may hold sensitive or ‘special category data’ and personal information about you which could include:

  • Notes and reports about your health, treatment and care, including:
  • your medical conditions
  • results of investigations, such as x-rays and laboratory tests
  • future care you may need
  • personal information from people who care for and know you, such as relatives and health or social care professionals
  • other personal information such as whether you smoke, or if you have any disabilities
  • Your religion and ethnic origin
  • Whether or not you are subject to any protection orders designed to safeguard your health, wellbeing and human rights. For more information on safeguarding visit the websites for the Isle of Wight Safeguarding Children Board and the Isle of Wight Safeguarding Adults Board.


It is very important for us to have a complete picture of you as this will assist staff to deliver appropriate treatment and care in accordance with your specific needs.

What do we do with your personal information?

Your records are used to directly manage and deliver healthcare to you to ensure that:

  • The staff involved in your care have accurate and up to date information to advise on the most suitable care for you.
  • Our staff members have the information they need to be able to evaluate and improve the quality of care you receive.
  • Appropriate information is available if you see another healthcare professional, or are referred to a specialist or another part of the NHS, social care or health provider.

The personal information we collect about you may also be used to:

  • remind you about your appointments and send you relevant information – including text alert and voicemail reminders
  • review the care we provide
  • support the funding of your care
  • prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory organisations
  • help to train and educate our staff
  • report and investigate complaints, claims and unexpected incidents
  • report events to the appropriate authorities when we are required to do so by law or guidance from the Department of Health and other regulatory bodies review your suitability to take part for research studies or clinical trials.
  • contact you with regards to patient satisfaction surveys relating to Trust services you have used to improve our services to patients

Where possible, we will remove your personal details (such as your name or date of birth) when sharing information with other organisations unless there is a legal reason that permits us to use it and we will only use/ share the minimum information necessary. We will always aim to protect your personal information.

Who do we share your information with and why?

Providing healthcare to you and in order to support your healthcare needs, we may need to share relevant personal information with other NHS organisations such as NHS England, Public Health England, other NHS Trusts, General Practitioners (GPs), other ambulance services, primary care agencies and those contracted to provide services to the NHS.

We may need to share information from your health records with other non-NHS organisations from which you are also receiving care, such as Social Services or private care homes. However, we will not share any health information with third parties without your consent unless there are circumstances, such as when the health or safety of others is at risk or where the law permits or requires it.

There are times when the Trust is required by law to share information provided to us with other official organisations. This also includes, but is not limited to, the release of information under a court order, sharing with the Care Quality Commission for inspection purposes, the police for the prevention or detection of crime or where there is a clear public interest to prevent abuse or serious harm to others and other public organisations (e.g. Her Majesty’s Revenue and Customs (HMRC) for the misuse of public funds in order to prevent and detect fraud). Where there is cause to do this, the Trust will always try to inform you of the sharing of any information.

For any request to transfer your data internationally outside the UK/EU, we are legally required to make sure that an adequate level of protection is guaranteed before any transfer takes place.

The Trust is required to protect your personal information, inform you of how your personal information will be used, and allow you to decide if and how your personal information can be shared. Personal information you provide to the Trust in confidence will only be used for the purposes explained to you and for which you have given permission.

How do we maintain your records?

Your personal information is held in both paper and electronic forms and retained for specified legal periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.

We hold and process your information in agreement with the Data Protection Act 2018. In addition, everyone working for the NHS must follow the Common Law Duty of Confidentiality and various other national standards.

We have a duty to:

  • maintain full and accurate records of the care we provide for you
  • keep records about you confidential and secure
  • provide information in a format that is accessible to you

How do we keep your records confidential?

Any personal information we hold about you is held in accordance with the Data Protection Act 2018. Everyone working for the Isle of Wight NHS Trust is required to comply with the Data Protection Act.  Our staff know they are required to protect patients’ personal information, inform patients how it will be used, and allow patients to decide whether, and how their information can be shared.

We have training, systems and procedures in place and comply with the Information Governance Toolkit, which means that our arrangements for protecting your information are reviewed annually by specialist staff and our internal auditors. Information which you provide to us in confidence will only be used for the purposes explained to you.  For most purposes we will obtain your consent, unless there are specific circumstances covered by the law.

Use of Email and SMS text

Some services in the Trust now provide the option to communicate with patients via email and SMS text. Please be aware that the Trust cannot guarantee the security of this information whilst in transit, and by using this service you are accepting this additional risk.

Any e-mails sent by Trust staff for the purpose of your healthcare which contain your personal information are appropriately protected by NHS Security Standards including encryption where required.  More information can be found at:

What are your rights?

If we need to use your personal information for any reason apart from those mentioned above, we are required by law to ask for your consent. The Data Protection Act gives you certain rights, including the right to:

  • Request access to the personal data we hold about you, e.g. health records. The way in which you can access your own health records is explained in more detail in our ‘access to records’ section -
  • Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. This is also explained in our 'Access to records’ section.
  • Withdraw consent to the sharing of your health records: Under the Data Protection Act 2018, we are legally entitled to share your health records 'for the management of healthcare systems and services'. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (for example for research). Any consent form you will be asked to sign will give you the option to 'refuse' consent and will explain how you can remove any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal.
  • Request your personal information to be transferred to other providers on certain occasions.
  • Object to the use of your personal information: The NHS uses patient data for research, to find ways to improve treatments and identify causes of and cures for illnesses, and for planning purposes, to improve and enable the efficient and safe provision of health and care services. For more information, or if you do not want your data used for research and planning purposes, please visit the NHS Digital national data opt-out programme web site.

We are legally required to keep your information confidential and only share information when absolutely necessary.

If you have a concern or complaint about how we have handled your personal data, please contact our Data Protection Officer who will address your concerns and investigate the matter further.

Cookies and other Tracking Technologies

Our analytics provider uses technologies such as cookies, beacons, tags and scripts, to analyze trends, administer the website, track users’ movements around the website, and gather demographic information about our website visitors as a whole. A cookie is a small file stored on your computer by a website which gives you a numeric user ID and stores certain information about your activity on the site. We use cookies to let us know that you are a returning visitor and to provide certain features to you. Most web browsers automatically accept cookies, but most allow you to instruct your browser to prevent the use of cookies. If you disable this feature, you will not experience any functionality problems with our website.

Who is the Data Protection Officer?

Please contact the Information Governance Lead Officer:

Information Governance Department
Lower Ground Floor
Maternity Department
St Mary’s Hospital
Isle of Wight


How to contact the Information Commissioner's Office

The Information Commissioner's Office (ICO) is the organisation that controls the Trust under Data Protection and Freedom of Information laws and legislation. If you are not satisfied with our response or believe we are not processing your personal data in a correct and lawful way you can complain to the ICO at:

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire SK9 5AF


Tel:      0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax:     01625 524 510

And finally…..

Whilst Privacy Notices have been a requirement under the current Data Protection Act 1998, to comply with GDPR and the new Data Protection Act 2018 the Trust now has to ensure that we provide greater detail and transparency about the use of your information. It is essential to the Trust that this detail is both comprehensive and understandable.

As stated earlier by working together with our patient focus groups we will be able to produce a range of Privacy Notices to ensure that we meet the needs of all diversities for both the Island population and everyone who uses those services. We would therefore ask that if you feel that we have missed any key information or have any questions or suggestions for improving this Privacy Notice then please contact our Information Governance Team who will be more than happy to listen/receive your views and make any necessary changes resulting from the dialogue.

Keep up to date with the latest news

Find out what is happening in our services.

Tell Us Your Views

Please feedback to us about your experiences, along with how to raise any concerns, complaints or questions.