Hospital Privacy Policy

Policy Objectives :

The London Welbeck Hospital uses personal and confidential information for a number of purposes. This Privacy Policy provides a summary of how we use your information. To ensure that we process your personal data fairly and lawfully we are required to inform you:

  • Why we need your data

  • How it will be used and

  • Who it will be shared with


This document also explains what rights you have to control how we use your information. More detailed information about different aspects of our services can be found on our website.

The law determines how organisations can use personal information. The key laws are: The Data Protection Act 2018 (DPA) 1, The Human Rights Act 1998 (HRA) 2, relevant health service legislation, and the common law duty of confidentiality.

The Data Protection Act 2018 (DPA): 1

The Human Rights Act 1998 (HRA) 2


This document describes instances where The London Welbeck Hospital is the “Data Controller”, for the purposes of the Data Protection Act 2018, and where we direct or commission the processing of patient data to help deliver better healthcare, or to assist the management of healthcare services.

General Data Protection [GDPR] :       

The Data Protection Act 2018 sets legislation requirements for all organisations processing personal data. The London Welbeck Hospital has in place an information governance framework to include data protection security procedures. These ensure that all staff are aware of their responsibility in relation to handling and sharing personal data. On 25th May 2018 new legislative changes were introduced (GDPR). These changes reinforce our responsibilities with regard to the protection of personal data. This privacy policy takes accounts of the changes and recognises and strengthens our commitment to ensure that our hospital complies in full with Data Protection Law.

LWH Compliance and Responsibilities Under Data Protection and GDPR     

This privacy policy applies to all staff employed by London Welbeck Hospital, all surgeons and anaesthetists who enjoy practice privileges and all other agencies who undertake business with the hospital. The hospital has nominated a Data Protection Officer to oversee all aspects of data protection and GDPR compliance.

Your Information 

For Employees, Surgeons and Anaesthetists:

This document outlines what personal information we hold, why we use it and how we protect it.

The London Welbeck Hospital will collect personal information in order that we safely recruit appropriately trained staff and ensure that we provide a supportive work enjoinment for all. The information we collect, and hold will include the details

  • Recruitment Process

  • Name / Date of birth / Gender

  • Photograph

  • Marital Status

  • Contact details

  • Training records

  • Employment history

  • Diversity information including racial or ethnic origin, physical or mental health and disability

  • Personal references and referee details

  • Immigration status / Copy of Passport

  • Driving Licences

  • National Insurance Number

  • Health Check details

  • DBS check details

  • Renumeration and pension details

  • Hospital CCTV footage whilst at work

Sharing Your information:         

Your personal data will be protected at all time however we may on occasion be required to share aspect of your personal data with others such as professional and regulatory bodies. All requests to share your personal data are managed by the hospital data protection office and any breach of policy will be investigated and reported by the Data Protection Officer.

Why and how we collect information?

For Patients:

We may ask for or hold personal confidential information about you which will be used to support delivery of high quality and safe care.

These records may include:

  • Name, address, date of birth, NHS numbers and next of kin

  • Contact we have had, such as appointments and consultations

  • Details and records of treatment and care, including notes and reports about your health

  • Results of investigations, blood tests, etc.

  • Information from people who care for you and know you well, such as health professionals and relatives.


It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.

Information is collected in a number of ways, via your healthcare professional, referral details from your Clinic or directly given by you.

How we use information?

  • To help inform decisions that we make about your care.

  • To ensure that your treatment is safe and effective.

  • To work effectively with other organisations who may be involved in your care.

  • To support the health of the general public.

  • To ensure our services can meet future needs.

  • To review care provided to ensure it is of the highest standard possible.

  • To train healthcare professionals.

  • For research and audit.

  • To prepare statistics on hospital performance.

  • To monitor how we spend public money.


There is huge potential to use your information to deliver care and improve health and care services. The information can be used to help:

  • Improve individual care.

  • Understand more about disease risks and causes.

  • Improve diagnosis.

  • Develop new treatments and prevent disease.

  • Plan services.

  • Improve patient safety.

  • Evaluate hospital Care policy.


It helps you because;

  • Accurate and up-to-date information assists us in providing you with the best possible care.

  • If you see another healthcare professional, specialist or NHS organisation, they can readily access the information they need to provide you with the best possible care.

  • Where possible, when using information to inform future services and provision, non-identifiable information will be used.


How information is retained and kept safe?

Information is retained in secure electronic and paper records and access is restricted to only those who need to know.

It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

The Data Protection Act regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. London Welbeck Hospital is registered with the Information Commissioners Office (ICO)3. Details of our registration can be found on 3Data protection register:


Enter our registration number Z2073224 and click ‘search register’.

Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.

How do we keep information confidential?

Everyone working for The London Welbeck Hospital is subject to the Common Law Duty of Confidentiality and the Data Protection Act 2018. Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law.

Under the London Welbeck Hospital information Governance policy and procedures, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.

All hospital staff are required to undertake annual training in data protection, confidentiality, IT/cyber security, with additional training for specialist, such as healthcare records, Data Protection Officer and IT staff.

Who will the information be shared with?

Sharing with PHIN or NHS organisations:

For your benefit, we may also need to share information from your records with third parties, PHIN4 and/or NHS5 organisations, from whom you are also receiving care, such as social services or private healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.


We will obtain your written consent on admission to share as appropriate personal information.

Your right to withdraw consent for us to share your personal information:

You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care.

We are sharing information with following organisation

4Private Healthcare Information Network:

5NHS Digital:


Non-personal information

We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our Web Sites. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Web Sites. We may from time to time supply the owners or operators of third party sites from which it is possible to link to our Web Sites with information relating to the number of users linking to our Web Sites from their sites. You cannot be identified from this information.

Use of cookies for website

Cookies are pieces of information that a Web Site transfers to your hard drive to store and sometimes track information about you. Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that. However, you may not be able to take full advantage of a Web Site if you do so. Cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web. Although they do identify a user's computer, cookies do not personally identify customers or passwords. Credit card information is not stored in cookies.

We may use cookies for the following reasons:

  • To identify who you are and to access your account information;

  • To estimate our audience size and patterns;

  • To control how often visitors, see similar ads;

  • To track preferences and to improve and update our Web Site; and

  • To track the progress and number of entries in some of our promotions and contests.


Security of your information:

We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

We have appointed a Data Protection Officer, who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality.

All staff are required to undertake annual information governance training and are provided with an information governance user handbook that they are required to read, understand and agree to adhere to. The handbook ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.

Under the Confidentiality Code of Conduct, all our staff are required to protect your information and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared. Any deliberate breach of Data Protection will be investigated in line with London Welbeck Hospital’s disciplinary procedures.

GDPR Violation / Data Breaches

All identified data breaches are reported through The London Welbeck Hospital clinical Governance and risk management procedures. Any data breach is logged in the hospital incident reporting system will be fully investigated by the Hospital Data Protection Officer and reported to Information Commission Office (ICO).

Changes to our privacy policy  

We keep our Privacy Policy under regular review, and we will place any updates on this webpage. This policy was last updated on 15/02/2021 and approved by the Medical Advisory Committee and Management Board.

Contacting us about your information

The London Welbeck Hospital has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian. You can contact The London Welbeck Hospital, Caldicott Guardian by using the Contact Us section at the hospital website.


If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact the Data Protection Officer.


Catherine Moran​

Hospital Manager

The London Welbeck Hospital.

27 Welbeck Street



Ph: 02072242242




1 The Data Protection Act 2018 (DPA):

2The Human Rights Act 1998 (HRA)

3Data protection register:

4Private Healthcare Information Network:

5NHS Digital: