Date Protection Notice About NHS Lothian
NHS Lothian is a public organisation created in Scotland under section 1 of the National Health Service (Scotland) Act 1978 (the 1978 Act). It is one of the organisations which form part of NHS Scotland (NHSS).
About the Personal Information we Use
- Complainants, enquirers,
- Survey respondents,
- Professional experts and consultants,
- Individuals captured by CCTV.
Our Legal Basis for Using Personal Information
- For the provision of health or social care or treatment or the management of health or social care systems and services; or,
- For reasons of public interest in the area of public health; or,
- For reasons of substantial public interest for aims that are proportionate and respect people’s rights, for example research; or
- In order to protect the vital interests of an individual; or,
- For the establishment, exercise or defence of legal claims or in the case of a court order.
On rare occasions we may rely on your explicit consent as our legal basis for using your personal information. When we do this we will explain what it means, and the rights that are available, to you. You should be aware that we will continue to ask for your consent for other things like taking part in a drug trial, or when you are having an operation.
Who Provides the Personal Information
When you do not provide information directly to us, we receive it from other individuals and organisations involved in the delivery of health and care services in Scotland. These include other NHS Boards and primary care contractors such as GPs, dentists, pharmacists and opticians; other public bodies e.g. Local Authorities and suppliers of goods and services.
Sharing Personal Information With Others
- Our patients and their chosen representatives or carers.
- Current, past and potential employers.
- Healthcare social and welfare organisations.
- Suppliers, service providers, legal representatives.
- Auditors and audit bodies
- Educators and examining bodies.
- Research organisations.
- People making an enquiry or complaint.
- Financial organisations.
- Professional bodies.
- Trade Unions.
- Business associates.
- Police forces..
- Security organisations.
- Central and local government.
- Voluntary and charitable organisations.
Transferring Personal Information Abroad
It is sometimes necessary to transfer personal health information overseas for example if you require urgent medical treatment abroad. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with NHSScotland Information Security Policy.
How we Protect Personal Information
- All staff undertake mandatory training in Data Protection and IT Security.
- Compliance with NHS Scotland Information Security Policy.
- Organisational policy and procedures on the safe handling of personal information.
- Access controls and audits of electronic systems.