Confidentiality affects everyone. Here at Lancashire Hospitals NHS Trust we take our duty to protect the confidentiality and security of personal information very seriously and are committed to ensuring that there are appropriate measures in place to secure this. Every day, the Trust processes vast amount of personal data for the administration of our patients and business needs. 

Why we collect personal information

All health professionals at the Trust need to keep patient records in order to deliver the best possible service and care outcomes. These records may be manual (i.e. physical paper records) or electronic (i.e. records held on a computer system or database) and may include:

  • Basic details, such as your address, next of kin contacts, status etc.
  • Details about the treatment care and support that you need and receive
  • Investigation results, such as x-rays and laboratory tests
  • Relevant information from other health and social care professionals, relatives or those who care for you and know you well.

We need your information because it helps us to:

  • Confirm who you are and when we can contact you
  • Make decisions about your ongoing care and treatment
  • Check your care is the right type and is safe and effective
  • Ensure we have accurate and up to date information to assess your needs
  • Allows us to investigate any concerns or complaints you may make.

Please contact us to ensure we have your correct name and address details. It is imperative that our records are updated frequently so we have the correct information to send future correspondence to the right address.


This Fair Processing Notice does not give a full explanation of the Law. Should you wish to find out further information about your rights then please contact the Information Commissioner’s Office for further details at

Should you wish to know more about any information that is held about you as a patient, please contact your local health care provider or Trust Team.

The Data Controller

For the purpose of this fair processing notice the data controller for all data processing is:

East Lancashire Hospital NHS Trust
Royal Blackburn Teaching Hospital
Information Governance Department
Haslingden Road

Related documents

Access to records

The Data Protection Act gives individuals a right of access to information about themselves subject to certain conditions and exemptions of the Act. This is known as a subject access request (SAR).

All requests require:

  • Proof of ID (passport, birth certificate, driving license, etc.)
  • A clear explanation of the information required to help us locate your records quickly
  • Full contact details
  • A possible £10-£50 fee (this will be advised accordingly)

The law does not give any individual a right to:

  • Third party information
  • Access information which may cause serious physical, mental or emotional harm to an individual or other person.

All requests are processed within the statutory timescale of 40 calendar working days or sooner, where possible

Access to Records of Deceased Patients

The Access to Health Records Act 1990 now only applies to health records of the deceased and refers only to records created since 1 November 1991. The Act gives access only to:

  • The deceased's personal representatives (both executors or administrators) to enable them to carry out their duties
  • Anyone who has a claim resulting from the death

The Act however, does not give a general right of access. It may be restricted where:

  • There is evidence that the deceased did not wish for any or part of their information to be disclosed
  • Disclosure of the information would cause serious harm to the physical or mental health of any person
  • Disclosure would identify a third party (i.e. not the patient or a healthcare professional) who has not consented to that disclosure

As with the Data Protection Act, a medical professional will be required to screen all medical records before they are released.

Under this Act, if the record has not been updated during the 40 calendar days preceding the access request, access must be given within 21 days of the request. If the record concerns information which was recorded more than 40 calendars days before the application, access must be given within 40 calendar days. However, the Trust will endeavour to supply the information within 21 days.


The maximum fee the Trust can charge for providing copies of health records is £10 for computer records and £50 for copies of manual records or a mixture of manual and computer records. Patients are also entitled to apply to see their records on site for an access charge of £10. Where an ongoing complaint is being managed within the organisation, consideration will be given to providing the records at no cost. 

If you would like to access your medical records then please submit a written request to:

Access and Request Department,
Health Records Department,
Burnley General Teaching Hospital,
Casterton Avenue,
BB10 2PQ

Or contact us by phone on: 01282 80303/803032

Retention of Records

All Trust records are destroyed in accordance with NHS retention Guidelines which set out appropriate time scales for how long an appropriate record should be kept.  It is the Trusts intention to not keep records for longer than necessary. All records are destroyed confidentially onsite once retention periods have been met and the Trust has made the decision to no longer keep the record.

Please note this policy may affect individuals who submit information requests, particularly those who submit requests for access to files where the patient care ended many years previously.

Fair Processing

Whenever personal information is collected by the Trust we promise to inform you:

  • Why we need to collect your data
  • How we intend to use your data
  • How your data will be kept secure
  • Who the data will be shared with
  • How you can access your own records

The Trust will always act transparently so that all service users know at the outset what their information is being used for. This will help you to make better informed decisions as to whether you want to enter into a relationship with the Trust or to renegotiate more acceptable terms.

The Trust will never collect information under duress or in a deceiving or misleading manner.

If you do not wish to enter into a relationship with the Trust, service users will be advised in due course of the consequences and delays this may have on any future care or treatment. Any patient opt outs will need to be advised in writing to the appropriate service.  

SMS texting and call recording

When attending the Trust for an outpatient appointment or a procedure you may be asked to confirm that the Trust has an accurate contact number and mobile telephone number for you. This will be used to provide appointment details via SMS text messages and automated calls to advise you of appointment times.

Telephone calls to East Lancashire Hospital NHS Trust are routinely recorded for the following purposes:

  • To prevent crime or misuse.
  • To make sure that staff act in compliance with the Trusts policies and procedures.
  • To ensure quality control. 

How we keep your information confidential

Everyone working in the NHS is subject to the Common Law Duty of Confidentiality. Our guiding principle is that we hold your records in the strictest confidence. Any information provided to the Trust in confidence will only be used for the purposes it was consented to unless there is an overriding piece of legislation that permits disclosure for e.g. when the health and safety of others is put at risk or there is a need for disclosure for safeguarding purposes etc.

All employees of East Lancashire Hospitals NHS Trust (ELHT) are responsible for maintaining patient and staff confidentiality and are bound by the NHS Confidentiality Code of Conduct. A duty of confidentiality is also written into employment contracts and a breach of confidentiality, whether directly or indirectly, is a disciplinary offence that could result in dismissal and/or prosecution under the Data Protection Act.

Only authorised staff are given access to patient records.

Information Sharing

The Trust works in partnership with other NHS or Non NHS organisations/professionals to deliver more joined up services for the benefit of service users. The Trust will only routinely pass information onto third parties where there is a genuine need for it and where we have your explicit consent in writing to do so unless there are exceptional circumstances in law that does not require this.

Where we do share information with other organisations, this will always be done under a formal agreement about how it will be used and kept confidential. When the information is no longer required, all partner agencies will ensure that all personal information is destroyed securely.

The Trust will always, where possible, share data in an anonymised format which is free from personal identifiers.

Anyone who receives information from us is under a legal duty to keep it confidential. 

We may share information with:

  • Other NHS Trusts that are involved in your care
  • General Practitioners (GPs)
  • Ambulance Services

We may also share your information, subject to a more strict agreement to:

  • Adult or children's social services
  • Private sector providers working with the NHS
  • Education services
  • Local authorities
  • Voluntary sector providers working with the NHS

We may also share anonymised data with Clinical Commissioning Groups for performance and commissioning purposes.

Under the Data Protection Act we are also under a legal duty to share information:

  • Where a formal court order has been served on us.
  • To third parties such as the Police, the Department of Work and Pensions and anti-fraud agencies for the purpose of prevention and detection of crime and fraud.
  • Where there is a need to protect a public interest.
  • Where there is a need for the safeguarding of vulnerable children and adults.
  • Health and safety purposes, for example infectious diseases such as meningitis or measles.


Research plays a vital role in the development and delivery of health care services. If we wish to use your personal data for research purposes then this will be done in an anonymised manner (free from personal identifiers) or in other cases we will simply ask for your permission first. 

How your personal information improves the NHS

Your information is very useful to us and helps us to protect the health of the public, and to help manage the NHS more effectively, by being used to:

  • Audit NHS services
  • Prepare statistics on NHS performance
  • Review the care we provide to ensure it is of the highest standards
  • Investigate patient queries, incidents, complaints and legal claims
  • Make sure our services can meet patients' needs in the future

The following will always be with your consent:-

  • To help in health research and development
  • To help teach healthcare professionals

Raising an Information Concern

If you believe that the Trust has not complied with the Law, either in responding to an information request or in the general processing of your personal information then you can raise a complaint. Please note in the first instance all complaints should be directed to the team who are overseeing your treatment. If you still remain dissatisfied with the outcome then you should direct all information governance issues to the Trust’s Information Governance and Information Security Lead

Information Governance and Information Security Lead
East Lancashire Hospital NHS Trust
Royal Blackburn Teaching Hospital 
Haslingden Road

If you still remain unhappy then you can pursue your complaint with the Information Commissioner’s Office, who is the UK’s independent body that oversees the Data Protection Act 1998 and the Freedom of Information Act 2000.

Information Commissioners Office
Wycliffe House
Water Lane

Enquiry Line Tel. No. 0303 123 1113 or 01625 545745
Web address:

If you have any concerns about any aspect of your treatment then your complaint should be redirected to the Complaints Team.

All patient complaints and litigation enquiries should be sent to:
Tel: 01254 733700

Or you can write to the Customer Relations Team at the following address:

Customer Relations Team 
Park View Offices
Royal Blackburn Teaching Hospital
Haslingden Road

Caldicott Guardian

The Trust has a nominated Caldicott Guardian to oversee all patient confidentiality and safeguarding issues. The Caldicott Guardian ensures that all seven principles highlighted in the Caldicott Review are implemented effectively across the Trust with respect to the handling of patient confidential data. These principles are as follows:

  1. Justify the purpose(s) of using or transferring patient confidential information
  2. Use patient data when absolutely necessary
  3. Only use the minimum amount of data necessary 
  4. Allow access to data on a strict need to know basis
  5. Ensure that everyone is aware of their responsibilities in processing patient data
  6. Understand and comply with the law
  7. Understand that the duty to share information can be just as important as the duty to protect patient confidentiality

The Caldicott Guardian is readily available to give advice on any concerns you may have about your case or activity. Our Caldicott Guardian is:

Rineke Schram
Chief Medical Officer
East Lancashire Hospital NHS Trust
Trust Headquarters
Royal Blackburn Teaching Hospital
Haslingden Road

Tel. No. 01254 732845

At Trust Board level, we have an appointed Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents. The appointed Caldicott Guardian oversees the management of patient information and patient confidentiality.