Data protection and freedom of information

What's the difference

Both the Data Protection Act 1998 and the Freedom of Information Act 2000 give people rights to see or receive information held by the trust.  

All requests for access to information under either act should be directed to and are dealt with by the Information Governance Department.  However, they often need your assistance to promptly gather or provide information.

Both the acts underline the need for good record management throughout the trust to enable information to be disclosed within a short statutory time limit!

Non compliance with either of these acts could result in adverse publicity, enforcement action or a substantial fine.

The Data Protection Act 1998

The Data Protection Act places responsibilities on organisations that hold your personal information to:

• use it fairly
• keep it secure
• make sure it’s accurate and,
• keep it up to date.

It also allows individuals – such as patients, patients’ representatives or staff to see personal information that is held about them by the trust.  Examples of patient information could be medical records held in all formats. This can include information held on systems, x-rays, photographs, A&E cards, and emails. Staff requests could include requests for access to personnel or disciplinary information.

This provision is called ‘Subject access’.  Each request has a statutory time limit of 40 calendar days. However, if a patient has been treated within the last 40 days, we respond within 21 days. 

Subject access facts

• On average, the trust receives 110 requests for health records each month and it increases every year!  This increase is due in part to the integration with Cheshire East Community Health in April 2011.   Before that date, the Trust was receiving an average of 90 requests a month.
• Although the law states that we 40 calendar days to collate, review, edit and respond to requests, the Department of Health has given an undertaking that we will progress them within 21 days where possible.
• Sometimes information required by law is missing or has been misfiled – please assist us by ensuring documents are promptly filed or updated.

The Freedom of Information Act 2000

The Freedom of Information Act aims to promote openness and accountability in the public sector, which includes government departments, councils, hospitals, schools and the police.

The act helps the public to get a better understanding of how the trust carries out its duties, our decision making and how we spend public money.

In addition to the Freedom of Information Act, the Environmental Information Regulations give you the right to request information about the environment which is held by the trust. A recent request asked about ‘pest control’ in the trust and requested specific numbers of incidents.

The Freedom of Information Act (FOIA) gives you rights to see official information held by the trust.  Recent FOIA requests include:

• access to information relating to expense claims,
• types and costs of contracts,
• swine flu preparation information,
• numbers and reason for cancelling operations,
• access to information about compliance with European Working Time Regulations and,
• how compliant we are in relation to FOIA!

Twenty days - the clock starts when the trust receives a request!

Similar to Subject Access, FOIA requests also have a statutory time limit. The clock starts when the request arrives at the trust and we have 20 working days to provide the information. It is vital that once you identify a request for information, it is promptly forwarded to the Information Governance Department. Please note - it doesn’t have to state ‘freedom of information’. Anything that is outside of ‘business as usual’ may constitute a request and it would be a good idea to phone us to check.

FOI facts!

• In 2010 the trust was receiving an average of 15 freedom of information requests each month however currently this is reaching 30 requests every month and this average increases every year!
• We have a statutory 20 working day limit  to collate, consider and respond to the request.
• Each request normally has multiple questions to respond to that cover various areas within the trust. A recent one had 57 questions!
• It is a criminal offence with personal liability if you alter, damage, erase, destroy or conceal any record you hold once that information has been requested under the provisions of the Freedom of Information Act.