As a member of the public, you have the right to know how public services, such as the NHS, make their operational decisions and how public money is used.
We provide a great deal of information about us on our website. Our freedom of information section sets out your rights to ask for information and how to go about it.
The data protection section explains how we keep your personal details confidential and secure. It also explains how you can apply for access to your records.
Kent Community Health NHS Foundation Trust (KCHFT) needs to collect and use information about people to provide a healthcare service. Information is held on past, current, and prospective patients, employees, clients/customers, suppliers, and others with whom we communicate. KCHFT holds and records personal confidential data for a variety of reasons e.g. looking after the health of the general public, managing and planning services and helping staff review the care that they provide to improve services. All staff must handle this information properly no matter how it is collected, recorded, used, or disseminated: on paper, in a computer, or recorded in other ways.
The Data Protection Act provides a framework to ensure that this data is handled safely and securely and in accordance with the eight Data Protection Principles which states that all personal data should be:
- Principle 1 – Fairly and Lawfully Processed
Personal data can only be processed fairly and lawfully if the individual concerned (data subject) gives their permission, or the processing is necessary for legal or contractual reasons.
- Principle 2 – Processed for limited purposes
Personal data should not be used except for the purpose in which it was given. Data should not be disclosed to a third party, without the prior consent of the data subject, unless legally or contractually obliged to do so.
- Principle 3 – Adequate, relevant and not excessive
Only data relevant to the purpose should be collected.
- Principle 4 – Accurate and up to date
All reasonable steps should be taken to ensure that data held is accurate and up to date. For example a change of address or telephone number etc.
- Principle 5 – Not kept for longer than is necessary
All out of date or redundant data should be destroyed in a secure and confidential manner.
- Principle 6 – Processed in accordance with the rights of the data subject.
Data subjects can access personal information held about them through the Subject Access Request procedure under the Data Protection Act. Data Subjects also have the right to request changes to their data and to prevent processing which is likely to cause damage or distress to themselves or anyone else. There are exceptions to these rights such as in the prevention and detection of a crime.
- Principle 7 – Be protected
Security and confidentiality measures should be in place to protect personal data.
- Principle 8 – Not be transferred outside the European Economic Area (EEA).
Data should not be transferred outside of the EEA unless the data subject has consented or adequate protection is in place.
To find out what happens to personal information held about you please see our leaflet.