The Dudley Group NHS Foundation Trust (The Trust) is the main provider of hospital and adult community services to the populations of Dudley, significant parts of the Sandwell borough and smaller, but growing, communities in South Staffordshire and Wyre Forest.
The Trust covers provides a full range of secondary care services and some specialist services for the wider populations of the Black Country and West Midlands region. The Trust also provides specialist adult community-based care in patients’ homes and in more than 40 centres in the Dudley Metropolitan Borough Council community.
The Trust has responsibility for ensuring that the information processed across these sites and services, which includes your personal and sensitive (special category) data is processed in accordance with the principles of Data Protection Legislation.
Supporting our highly motivated investigators from both internal and external organisations, our Research and Innovation (R&I) Directorate provides a comprehensive service ensuring that all research and innovation activity is undertaken safely, ethically, legally and efficiently. Our researchers are engaged in broad areas of research activity, often crossing between different specialities.
We are committed to protecting the privacy and security of your personal information at all times.
We are registered with the Information Commissioner’s Office (ICO) to process personal and special category information under the following registration number: Z8909702.
Definitions
General Data Protection Regulation (2016/679).
Data controller means the organisation that determines or decides the purposes, conditions and means of the processing of personal data. The Trust is a Data Controller.
Personal data means information relating to a living person, which can be used to identify the person either directly or indirectly when put together with other information likely to be available. This provides for a wide range of information to constitute personal data, for example:
– Name
– Identification number
– Social media posts
– Location data
– Online identifiers
- Special category of personal data
Special category of personal data means information which is thought to be extra sensitive, such as ethnicity, data concerning health, biometric data, sexual orientation and religious or philosophical belief.
Processing means anything that is done with the personal data we hold including storing it.
Pseudonymisation is the processing of personal data in such a way that the data can no longer be attributed to a specific person without the use of additional information (key).
- Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under data protection and freedom of information legislation.
Why do we process your data?
Clinical research is a core part of the NHS service and aims to improve the health and wealth of the nation by producing better methods of disease diagnosis, prevention and treatment that are both safe and effective. This can only be achieved by patients participating in research studies and trials to allow existing and new methods to be investigated.
We may use your personal information to carry out health and social care research in the public interest. This means that we have to demonstrate that our research serves the society as a whole, for example by improving existing services or introducing new treatments. We may also feed into wider national research.
Our lawful basis for processing
The way in which we use your information is governed by law. The principal legislation that applies is the EU General Data Protection Regulation (GDPR) 2016/679 which is supplemented by the UKs Data Protection Act 2018.
When we use are using your information for research, we rely on:
‘Article 6.1 (a): “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”);’
‘Article 6.1 (e): “processing is necessary for the performance of a task carried out in the public interest”)’
Due to the sensitive nature healthcare information is further categorised, under data protection regulations, as special category data. Where we collect this type of data we do so using the following additional legal basis:
‘Article 9.2 (a): “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited”);’
‘Article 9.2 (j): “processing is necessary for archiving purposes in the public interest, scientific or historical research purposes”) of the General Data Protection Regulation (GDPR) in combination with Schedule 1, Part 1, Article 4 Data Protection Act (DPA) 2018.’
Patient recruitment to research studies is carried out by an ‘informed consent’ process which means that we advise you about the benefits and risks associated with a particular research study so as to enable you to decide whether you wish to participate in (consent to) the research study or not. You have the right to withdraw your consent at any time.
Where you have formally consented to take part in research, this consent process will also satisfy the common law duty of confidentiality. In situations where it has been impracticable to obtain your consent, we will have sought approval from the Secretary of State by means of the Confidentiality Advisory Group (CAG) under section 251 of the National Health Service Act 2006.The Confidentiality Advisory Group (CAG) provides independent advice on specific research projects which will use confidential medical information.
You may also have a right to ‘opt-out’. The national data opt-out right emanates from the Caldicott principles and entitles you to object to be contacted about new research for which it was not possible to obtain your ‘informed consent’, unless this right been waived by the Secretary of State for Health and Social Care or the Health Research Authority. Further information about the national data opt-out can be found here: National data opt-out programme.
Certain research studies also have to be approved by the Research Ethics Committees (REC) which is another independent group which ensures that all our research is ethical.
We may use other legal bases to identify patients for a study or for anonymised research such as legitimate interests or where we are required to by law.