Who we are
Sussex Premier Health is owned by East Sussex Healthcare NHS Trust. When you use our services, this page explains the information we hold and how we use it.
When you use our services, we use information about you so that we are able to treat you appropriately and effectively.
We must keep records about you, your health and the care we have provided or plan to provide to you. If we do not have up-to-date and accurate information about you, we may not be able to provide you with appropriate healthcare.
Types of personal information
Information such as your name, data of birth and address is referred to as personal data (information that relates to a specific individual). Some categories of information are referred to as special categories of personal data, including:
- Ethnic origin
- Sex life
- Sexual orientation
How long do we hold your personal information
East Sussex Healthcare NHS Trust has a Health Records Destruction and Retention policy and procedure that states that most records are held for eight years after the last date that treatment was provided. There are some exceptions which include:
- If a patient is under 25 years of age
- If Health Records are marked as permanent preservation
- Patient has had a diagnosis/treatment for cancer (includes chemotherapy codes)
- Patient has taken part in a clinical trial. Patients to be marked as ‘Permanent Preservation’
- Patient has had a hip or knee, shoulder or elbow replacement
- Patient has a diagnosis of CJD or HIV
- People who have undergone organ transplantation
- Patient has been treated under the Cardiothoracic Surgery speciality
- Patient has undergone a CABG, Angioplasty, Cardiac Valve replacement or had a pacemaker fitted
Using your information
We use your information to provide you with healthcare and to support the administration of the Trust. We, and occasionally, our partner organisations, may also use your information for the evaluation, monitoring and/or redesign of healthcare services. If you have given us your contact details, we may also send you newsletters, invitations to complete short surveys as part of our work to improve our services and information of services (“Marketing”) that may be of interest to you.
The hospital may also need to process your information in order to:
- Ensure that the information we hold about you is valid and up to date
- Prevent, detect and prosecute fraud and other crime
- Provide translation and interpreter services to you
- To settle your account and ensure that your account and billing is fully accurate and up-to-date.
- Providing improved quality, training and security by monitoring or recording phone calls
In addition, we may also contact you to invite you to participate in on-line surveys regarding the clinical outcomes of your care called Patient Reported Outcome Measures (“PROMs”). These are not a form of marketing. If you are a private patient your PROMs results are shared with PHIN (see the next section), and if you are an NHS patient your PROMs results are shared with NHS England. We may send you an initial invitation asking you to participate before you receive your care, by post, SMS, email or in person when you attend the hospital for your care. If you choose to complete a PROMs survey you will also receive subsequent surveys after your care to help establish the benefit you have gained from treatment.
Sussex Premier Health is required to Disclose information to Private Health Care Information Network (“PHIN”). Under the Competition and Markets Authority Private Healthcare Market Investigation Order 2014, we are required to provide PHIN with personal data related to your care, including your NHS Number and postcode, the nature of your procedure, the length of your stay in hospital, whether there were any complications, your recovery and improvement post-treatment, and any feedback you gave us as part of the PROMS survey.
PHIN is an organisation who will monitor outcomes of patients who receive private healthcare services, as part of a UK-wide programme to improve the public’s access to information on the quality and outcome of private healthcare.
Sussex Premier Health complies with the National Data Opt-Out Policy. For example, we remove data that identifies individuals such as name and address when we are planning what services we will provide. The best place to find out more about out the opt-out is to follow this link to the national website:
Sussex Premier Health is required to record details of adverse incidents. If you have been involved in an adverse incident, some information about you may be reported on our internal database. We will inform you of this where practicably possible.
We have produced a leaflet that you can download: Your personal information and how we use it
Legal bases for processing your information
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves i
To use information about you the Trust must be compliant with the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA18) and establish the legal bases for using information.
The fibasis or article that the Trust will rely upon for processing or using personal information is Article 6(1)(e) “… for the performance of a task carried out in the public interest or in the exercise of official authority …”
A second basis is required because information about health is categorised as ‘special information’. Most of the functions carried out by staff are covered by Article 9(2)(h) “… medical diagnosis, the provision of health or social care or treatment or treatment or the management of health or social care systems …”
As required by the law, the Trust is registered with the Information Commissioner’s Office (ICO) under the organisation name of ‘East Sussex Healthcare Trust’ with registration number ‘Z2917271’. The register and our entry can be found here: ICO – Data protection public register
Some uses or processing of information will be covered by different articles, so if in doubt contact our Information Governance department firstname.lastname@example.org
Sharing your information
The Trust does share information with other organisations, for both direct and indirect patient care, for example to ensure that your GP is kept aware of any care provided by the Trust, or to ensure that the Trust is paid the correct amount of money for providing healthcare services.
We may also share your information with:
- NHS managers and the Department of Health for the purposes of planning, commissioning, managing and auditing healthcare services
- Social care and other external council departments where they are aware of your situation
- Organisations with statutory investigative powers such as the Care Quality Commission, the General Medical Council, the Audit Commission or the Health Service Ombudsman
- Department of Health and Social Care, Home Office and registered charities
- Solicitors, the police, the courts (including a Coroner’s court), debt recovery agencies, clinical commissioning groups and to tribunals and enquiries
- Government agencies or public bodies within your home country if not in the UK
- Companies that provide translation services and with whom we have a contract
- third parties who assist in the administration of your care, or may be responsible for paying for the cost of your care, such as insurance companies
- third parties acting on your behalf in connection with legal proceedings (including potential medico-legal claims)
- Private Healthcare Information Network (PHIN)
- our insurers
- credit referencing agencies
Accessing your Information
You have the right to access your information. This is referred to as a subject access request (the patient being the ‘subject’). If you wish to either see a copy of your record or receive a copy, then please see the complete the subject access request form and email to: email@example.com
Security of your Information
We do not sell your information to third parties, and only share it with organisations involved in the delivery of your healthcare or supporting the delivery of your healthcare. Information is kept on our secure network and our emails are encrypted.
is kept on our secure network and our emails are encrypted.
is kept on our secure network and our emails are encrypted.
Data Protection Impact Assessments
In line with Data Protection legislation, the Trust carries out Data Protection Impact Assessments (also referred to as Privacy Impact Assessments) before new systems are implemented. These are based upon the Information Commissioner’s DPIA template and allow the Trust to identify potential data protection risks of new systems or projects. Privacy Impact Assessments
We may share your information with selected third parties including:
- Analytics and search engine providers that assist us in the improvement and optimisation of the Site.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.
- In the usual course of our business, we may use third parties to process your personal information on our behalf. Where a third party data processor is used, we will ensure that they operate under subject to contractual restrictions with regard to confidentiality and security in addition to obligations imposed by data protection legislation.
How do we protect your personal information?
We take appropriate organisational and technical security measures to protect the data that we hold against unauthorised disclosure or unlawful processing.
What are cookies?
There are different types of cookies which are used to do different things such as allowing you to navigate between pages on a website efficiently, remembering your preferences on a certain web pages, or improving your overall experience. Other cookies can provide you with advertising which is more tailored to your interests, or measure the number of site visits and the most popular pages users visit.
How to reject or delete cookies
What cookies does the Sussex Premier Health website use?
Below is a list of the different types of cookies used across the Site, and a description of what they are used for.
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Are third party websites covered by this policy?
The Site contains links to other websites. This policy only applies to the Site so when you visit external websites please read their privacy policies carefully. Sussex Premier Health accepts no responsibility for external websites.
We occasionally offer products or services for external companies. These organisations may also allocate cookies to your PC. The types of cookies they use and how they use this information will be governed by their privacy policies.
Use of CCTV
The Trust has CCTV on some sites. This is to provide a safe and secure environment for patients, staff, visitors and to safeguard Trust property. CCTV images may be used to assist in the prevention and detection of crime. Images may be shared with the Police for the investigation of crimes.
Further queries or complaints
If you have further questions, then please contact the Trust’s Data Protection Officer by Email: firstname.lastname@example.org
If you have concerns that you do not wish to raise with the Trust, then please contact the Information Commissioner’s Office (ICO):
Information Commissioner’s Office (ICO)
Helpline: 0303 123 1113 (between 9.00am and 5.00pm)
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF