Privacy Notice

How we use information about you

We are committed at all times to protecting your privacy and will only use information ethically and lawfully in accordance with the Data Protection Act 1998, the Human Rights Act 1998, the common law duty of confidentiality and other relevant legislation. All NHS organisations have to follow the principles and values set out in the NHS Constitution when using and sharing confidential personal information. Local Authorities (which provide Social Care services) have a similar set of values.

Who we are

Connected Care is the name given to a system we are using to share key parts of your health and care records for the purpose of providing a more coordinated service and improved quality of care.

We are a partnership of health and social care organisations that provide care to the residents of Berkshire. Those currently involved are Berkshire Healthcare NHS Foundation Trust, Royal Berkshire NHS Foundation Trust, Frimley Health NHS Foundation Trust, South Central Ambulance NHS Foundation Trust, Bracknell Forest Council, Reading Council, Slough Borough Council, West Berkshire Council, Royal Borough of Windsor & Maidenhead, Wokingham Borough Council, East Berkshire Primary Care Out of Hours, Westcall Out of Hours and the Clinical Commissioning Groups with their constituent GP practices – Windsor, Ascot & Maidenhead; Bracknell & Ascot, Slough, South Reading, North & West Reading, Wokingham and Newbury & District.

Each organisation in the partnership is committed to ensuring that the data it records is used with appropriate regard to privacy.

Sharing and Consent

Your personal information will only be shared in accordance with your rights under the Data Protection Act 1998, the Common Law duty of confidentiality, the NHS Constitution and with professional and NHS Codes of Practice.

Safe and effective care is dependent upon relevant information being shared between all those involved in caring for the individual. When you agree to being treated, it creates a direct care relationship between you the individual and the health and social care professional and their team. In this situation, staff will assume the individual’s agreement to relevant confidential information being shared by the care team. This is referred to as “implied consent”, which means that information may be shared without the individual having to give verbal or written agreement each time and only applies within the context of direct care.

In a few circumstances other duties or obligations to share information outweigh confidentiality, and personal information is shared without consent, for example to ensure the safety of a child or vulnerable adult or to report a notifiable disease.

You have the right to withhold consent or object to your information being shared, but in some circumstances this may delay or affect the care you receive. Always consult your GP or relevant health professional, before deciding to withdraw consent from sharing your information, as they will be able to advise you of the benefits of sharing and potential consequences of not sharing.

How Connected Care uses your information

We copy key parts of your health and social care records, produced by partner organisations, into a single secure system that links these together. This allows users, who are approved and authorised by one of the sharing organisations, to view, with consent, an individual’s care records from all the Connected Care partner organisations. This sharing is solely for the provision of your care.

How long we hold your information

All records held in Connected Care will be kept and destroyed in line with the Records Management Policy of the organisation that provided it.

Your rights and how you can access your information

The information stored in Connected Care is only a copy of parts of your records held by multiple organisations and nothing is changed in the system. There is a list at the end of this page which lists the main groups of data that are shared. Only the source organisation holds the full record and if you wish to know what data is held about you, you should approach the relevant organisation, e.g. your GP practice for Primary Care data, local authority for your social care information, acute hospital if you want to know about treatment there. Further information about your rights and how to request your personal information is available on the Information Commissioner’s website

You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal information we hold about you. You have the right to privacy and to expect the organisations named within this Notice to keep your information confidential and secure. The rights are described in the Data Protection Act and outlined in the guide that is referred to in the endnotes to this notice.

If you do not want information that identifies you to be shared outside your GP practice or your records in other organisations to be shared, please speak to a member of staff at your GP practice to ask how to “opt-out”. The Practice will add the appropriate code to your records to prevent your confidential information from being shared. Please note that these codes can be overridden in special circumstances required by law, such as a civil emergency or public health emergency.

Data Protection Statement

All of the organisations listed at the beginning of this notice are ‘Data Controllers in Common’ under the Data Protection Act 1998. This means we are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles. We must also tell the Information Commissioner about all of our data processing activity. Each organisation holds its own registration and all our registered entries can be found on the Information Commissioner’s website

All of our staff receive training to ensure they remain aware of their responsibilities. They are obliged in their employment contracts to uphold confidentiality and may face disciplinary procedures if they do not do so. A limited number of authorised staff have access to personal data, but only where it is appropriate to their role.

We will not share, sell or distribute any of your personal information to any third party (other person or organisation) without your consent, unless required by law. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with the requirements of the Data Protection Act (Principle 8).

Independent advice may be obtained by contacting the office of the Information Commissioner

Telephone: 0303 123 1113

Main Groups of data shared

Person Details and Demographics; Allergies; Events; Health Promotion; Medications; Preventative Procedures; Problems; Procedures; Referrals Details; Results; Social / Family History; Next of Kin; Risks And Warnings; Alerting; Admissions; Appointments Details; Assessment; Associated People; Care Plan Interventions Details; Care Plan Problems Details; Care Plans Details; Carer Details; Diagnosis Details; Diagnostic Tests; Discharges; DOLs (Deprivation of Liberty); Early Interventions; Electronic Documents; Risk Management plans; Safeguarding; Service Planning.

There are some sensitive Diagnoses that are excluded from sharing to Connected Care specifically those related to IVF, abortion/termination of pregnancy, sexually transmitted diseases and HIV/Aids.