This site
+A+A+A background: Change background to yellow Change background to white
Home > Privacy Notice

Privacy Notice

Who we are

We are a unique Trust delivering acute and community services, coupled with integrated community health and social care that is organised around primary care.  Northern Devon Healthcare NHS Trust provide health and social care services to make a real difference to people’s lives.  Our aim is to deliver excellent, safe, high-quality and sustainable services that support your health and wellbeing.  We employ over 3,000 staff with half working in community settings.

We provide acute care based from North Devon District Hospital in Barnstaple.  In our community hospitals across north Devon we provide community inpatient care and rehabilitation with a mix of GP and consultant-led beds.  Our community health and social teams of care professionals support people to live healthily and independently in their homes. We do this by responding to avoid hospital admissions and providing support to enable patients to leave hospital as soon as is safe.

We also offer a range of pan-Devon specialist community services such as health promotion, sexual health and podiatry.  This means we are very different to other NHS Trusts in the region.

What is a privacy notice?

A Privacy Notice is a statement by the Trust to patients, service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose personal information which we hold.  It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy.  This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.

Why issue a privacy notice?

Northern Devon Healthcare NHS Trust recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties.  This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open, and commitment to our values of Respecting Diversity, Acting with Integrity, Demonstrating Compassion, Striving for Excellence and Listening and Supporting Others.

This notice also explains what rights you have to control how we use your information.

What are we governed by?

The key pieces of legislation/guidance we are governed by are:

Data Protection Act 1998

Human Rights Act 1998 (Article 8)

Access to Health Records Act 1990

Freedom of Information Act 2000

Health and Social Care Act 2012, 2015

Public Records Act 1958

Copyright Design and Patents Act 1988

The Re-Use of Public Sector Information Regulations 2015

The Environmental Information Regulations 2004

Computer Misuse Act 1990

The Common Law Duty of Confidentiality

The Care Record Guarantee for England

The Social Care Record Guarantee for England

International Organisation for Standardisation (ISO) – Information Security Management Standards (ISMS)

Information Security Management – NHS Code of Practice

Records Management – Code of Practice for Health and Social Care 2016

Accessible Information Standards (AIS)

General Data Protection Regulations (GDPR) – post 25th May 2018

Who are we governed by?

Department of Health –

Information Commissioner’s Office –

Care Quality Commission –

NHS England –

Our consultants, doctors, nurses, healthcare professionals and registered support staff are also regulated and governed by professional bodies including numerous royal colleges.

Why and how we collect information

We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment.  This is to support the provision of high quality care.

These records may include:

  • Basic details, such as name, address, date of birth, next of kin.
  • Contact we have had, such as appointments and home visits.
  • Details and records of treatment and care, including notes and reports about your health
  • Results of x-rays, blood tests, etc.
  • Information from people who care for you and know you well, such as health professionals and relatives.

It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions.  It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.

Information is collected in a number of ways, via your healthcare professional, referral details from your GP or directly given by you.

How we use information

  • To help inform decisions that we make about your care.
  • To ensure that your treatment is safe and effective.
  • To work effectively with other organisations who may be involved in your care.
  • To support the health of the general public.
  • To ensure our services can meet future needs.
  • To review care provided to ensure it is of the highest standard possible.
  • To train healthcare professionals.
  • For research and audit.
  • To prepare statistics on NHS performance.
  • To monitor how we spend public money.

There is huge potential to use your information to deliver care and improve health and care services across the NHS and social care.  The information can be used to help:

  • Improve individual care.
  • Understand more about disease risks and causes.
  • Improve diagnosis.
  • Develop new treatments and prevent disease.
  • Plan services.
  • Improve patient safety.
  • Evaluate Government, NHS and Social Care policy.

It helps you because;

  • Accurate and up-to-date information assists us in providing you with the best possible care.
  • If you see another healthcare professional, specialist or another part of the NHS, they can readily access the information they need to provide you with the best possible care.
  • Where possible, when using information to inform future services and provision, non-identifiable information will be used.

How information is retained and kept safe?

Information is retained in secure electronic and paper records and access is restricted to only those who need to know.

It is important that information is kept safe and secure, to protect your confidentiality.  There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

The Data Protection Act 1998 regulates the processing of personal information.  Strict principles govern our use of information and our duty to ensure it is kept safe and secure.  Northern Devon Healthcare NHS Trust is registered with the Information Commissioners Office (ICO).  Details of our registration can be found on Enter our registration number (Z7485161) and click ‘search register’.

Technology allows us to protect information in a number of ways, in the main by restricting access.  Our guiding principle is that we are holding your information in strict confidence.

How do we keep information confidential?

Everyone working for the Trust is subject to the Common Law Duty of Confidentiality and the Data Protection Act 1998.  Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law.

Under the NHS Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared.  This will be noted in your records.

All Trust staff are required to undertake annual training in data protection, confidentiality, IT/cyber security, with additional training for specialist, such as healthcare records, data protection officers and IT staff.

Teaching clinicians – Some medical files are needed to teach student clinicians about rare cases. Without such materials, new doctors and nurses would not be properly prepared to treat you.

Clinical placements – Clinical placements for students commonly take place within the NHS. Students, such as student nurses, medical students, social work students or health care cadets, could be receiving training in the service that is caring for you. This may be when you are an inpatient, in a community setting such as a day hospital, or when you are being visited by health or social care staff at home.

If staff would like a student to be present they will always ask for your permission before that meeting or episode of care.  The treatment or care you receive will not be affected if you refuse to have a student present during your episode of care.

Occasionally, for assessment purposes, students may request that their supervisor be present.  You may refuse this if it makes you feel uncomfortable.

Who will the information be shared with?

To provide best care possible, sometimes we will need to share information about you with others.  We may share your information with a range of Health and Social Care organisations and regulatory bodies.  You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you.  Information sharing is governed by specific rules and law.

Sharing with non-NHS organisations

For your benefit, we may also need to share information from your records with non-NHS organisations, from whom you are also receiving care, such as social services or private healthcare organisations.  However, we will not disclose any health information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.

We may also be asked to share basic information about you, such as your name and parts of your address, which does not include sensitive information from your health records. Generally, we would only do this to assist them to carry out their statutory duties (such as usages of healthcare services, public health or national audits). In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this notice, which is referred to as a Privacy Notice, under the Data Protection Act.

Where patient information is shared with other non-NHS organisations, an information sharing agreement is drawn up to ensure information is shared in a way that complies with relevant legislation.

Non-NHS organisations may include, but are not restricted to: social services, education services, local authorities, the police, voluntary sector providers and private sector providers.

Your right to withdraw consent for us to share your personal information

You have the right to refuse/withdraw consent to information sharing at any time.  We will fully explain the possible consequences to you, which could include delays in you receiving care.

Contacting us about your information

Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing.  This person is known as the Caldicott Guardian.  You can contact Northern Devon Healthcare NHS Trust’s Caldicott Guardian by using the Contact Us section of this website.

If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact the Information Governance team.

Information Governance Team
Northern Devon Healthcare NHS Trust
12 Boutport Street
EX31 1RW

Phone: 01271 318 723

Can I access my information?

Under the Data Protection Act 1998 a person may request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please refer to:

Your NHS number, keep it safe

Every person registered with the NHS in England and Wales has their own unique NHS number. It is made up of 10 digits for example 123 456 7890.

Your NHS Number is used by healthcare staff and service providers to identify you correctly. It is an important step towards improving the safety of your healthcare.

Always bring your NHS number with you to all hospital appointments or quote it if you need to telephone the hospital for any enquires.  This will allow staff to check that they have the right patient details by checking this against your NHS number.

To improve safety and accuracy always check your NHS number on correspondence the NHS sends to you.

How to find out your NHS number

If you do not know your NHS number, contact your GP.  You may be asked for proof of identity, for example a passport or other form of identity.  This is to protect your privacy.

Once you have obtained your NHS Number, write it down and keep it safe

Further information

NHS Choices –

NHS Chaplaincy –

Contacting us if you have a complaint or concern

We try to meet the highest standards when collecting and using personal information.  We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.  You can submit a complaint through the Trust’s Complaints Procedure, which is available on our web site, or you can write to:

The Complaints Department

Suite 2, Munro House
North Devon District Hospital
Raleigh Park
EX31 4JB

If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:

Information Commissioner’s Office

Wycliffe House
Water Lane

Their web site is at  The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to the Trust.


Our copyright and database right material is licensed for use and re-use under the Open Government Licence (OGL).  To view this license, visit or write to:

Information Policy Team
The National Archives
Kew, Richmond

Use of information expressly made available under this license indicates your acceptance of the terms and conditions as set out in the OGL.  When you use our information under the OGL, you should include the following attribution: [Insert name of information resource, Northern Devon Healthcare NHS Trust, date of publication], licensed under the Open Government License  For information where the copyright is owned by another person or organisation, you must apply to the copyright owner to obtain their permission to use/re-use.

The information supplied to you continues to be protected by the Copyright, Designs and Patents Act 1988. You are free to use it for your own purposes, including any non-commercial research you are doing and for the purposes of news reporting.  Any other re-use, for example commercial publication and subscription charge, would require the permission of the copyright holder.  In accordance with the Re-Use of Public Sector Information Regulations 2005, information provided to you may not be used for commercial publication, subscription charge or sold on to a third party, without the permission of Northern Devon Healthcare NHS Trust.

If you need further clarification, please contact the Information Governance team on 01271 318 723 or email

Where any contact details are given for members of Trust staff, notice is hereby given, under Section 11 of the Data Protection Act 1998, on behalf of the individual or individuals that this personal information may not be used for the purposes of direct marketing.