Text Only|Accessibility|Browse Aloud||Print Page|Sitemap|Text: A A

Data Protection, Subject Access & Freedom of Information

What's the difference

Both the General Data Protection Regulation 2018 and the Freedom of Information Act 2000 give individuals the right to see or receive information held by the trust.  Both underline the need for good records management throughout the trust to enable information to be disclosed within the statutory time limit allowed.

Non-compliance with the provisions of the Acts could result in adverse publicity, enforcement action and/or a substantial fine.

The General Data Protection Regulation (GDPR)

The GDPR places responsibilities on organisations that hold your personal information to ensure that :

• it is processed lawfully and fairly
• it is collected for specified, explicit and legitimate purposes
• make sure it is accurate and up-to-date
• it is protected against unauthorised processing or accidental loss

Subject Access

The GDPR allows patients, patients’ representatives or staff to see personal information that is held about them by the trust.  This includes records in all formats. Whether paper or electronic, held on systems or databases, x-rays, photographs, A&E cards, and emails. Staff requests could include access to personnel or disciplinary information.

The timescale for a response to a request for the provision of records is one month (30 days)

Subject access facts

• On average, the trust receives 110 requests for health records each month and it increases every year!  This increase is due in part to the integration with Cheshire East Community Health in April 2011.   Before that date, the Trust was receiving an average of 90 requests a month.
• Although the law states that we 40 calendar days to collate, review, edit and respond to requests, the Department of Health has given an undertaking that we will progress them within 21 days where possible.
• Sometimes information required by law is missing or has been misfiled – please assist us by ensuring documents are promptly filed or updated.

The Freedom of Information Act 2000

The Freedom of Information Act aims to promote openness and accountability in the public sector, which includes government departments, councils, hospitals, schools and the police. The Act gives the public the right to see official information held by the trust which hopefully provides a better understanding of how it performs its functions, its decision making processes and how public money is spent.

In addition to the Freedom of Information Act, the Environmental Information Regulations give you the right to request information about the environment which is held by the trust. One request concerned ‘pest control’ in the trust, and requested the specific number of incidences.

Examples of other Freedom of Information requests received:-

• access to information relating to expense claims
• types and costs of contracts
• numbers and reason for cancelling operations
• access to information about compliance with European Working Time Regulations
• how compliant we are in relation to Freedom of Information requests

Some requests can more unusual : questions about pest control, and redheads having anaesthetics have been received!

Twenty days - the clock starts when the trust receives a request

In common with subject access requests, Freedom of Information requests also have a statutory time limit. The clock starts when the request arrives at the trust and we have 20 working days to provide the information. It is vital that once a request for information is identified, it is forwarded promptly to the Freedom of Information team. Please note - a request does not have to state use the words ‘freedom of information’ to be a valid request. If you are unsure, telephone the Freedom of Information team for advice on 01625 661184 or email ecn-tr.foirequests@nhs.net

FOI facts

• In 2017 the trust was receiving an average of 39 freedom of information requests each month and the average number increases every year.
• We have a statutory 20 working day limit to collate, consider and respond to the request.
• Each request normally has multiple questions to respond to that cover various areas in the trust. One request contained 57 questions.
• It is a criminal offence with personal liability if you alter, damage, erase, destroy or conceal any record you hold once that information has been requested under the provisions of the Freedom of Information Act.