Privacy notice

Supplementary privacy notice for patients during the COVID-19 (coronavirus) pandemic – 14 April 2020

Download this page here.

What we do

In the National Health Service (NHS), we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

The Data Protection Act and General Data Protection Regulation controls how your personal information is used by organisations, businesses or the government. Under the Act the Royal Free London NHS Foundation Trust is defined as a ‘data controller’ of personal information. We collect information to help us provide and manage healthcare to our patients. The trust is registered with the Information Commissioners Office (registration number Z6460180).

If you are looking for information about privacy while using our website, please read our terms and conditions.

What kind of personal information does the trust collect?

  • Name, address, date of birth, NHS number and next of kin
  • Details of diagnosis, treatment and hospital visits
  • Allergies and health conditions

The trust also records CCTV images for the prevention and detection of crime; this may include body worn video and audio recordings.

Why we collect information about you and your choices

The people who care for you use your information and records to:

  • provide a good basis for all health decisions made by you and your care professionals
  • allow you to work with those providing care
  • make sure your care is safe and effective
  • work effectively with those providing you with care

Others in the NHS may also need to use records about you to:

  • check the quality of care (called clinical audit)
  • collect data regarding public health matters
  • ensure NHS funding is being allocated appropriately
  • help investigate any concerns or complaints you may have about your health care
  • teach healthcare workers and help with research and planning

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit the Your NHS Data Matters website or call the national helpline on 0300 303 5678. You can change your mind about your choice at any time.

Find out how we collect information about how you use our website.

How long do we hold information for?

Records are retained in accordance with national guidance from the Department of Health and Social Care and the Records Management Code of Practice for Health and Social Care 2016. Records including confidential information are securely destroyed in line with this code of practice.

Information sharing with non-NHS organisations

For your benefit we may need to share information from your health records with non-NHS organisations from whom you are also receiving direct care, such as social services or private healthcare organisations. We may also need to share your information, such as blood test results, for direct care processing purposes by a non-NHS organisation under an agreement with the Trust. We will always seek your permission to share your information with organisations for purposes other than your direct care. However, in exceptional situations we may need to share information without your permission if:

  • it is in the public interest – for example, there is a risk of death or serious harm
  • there is a legal need to share it – for example, to protect a child under the Children Act 1989
  • a court order tells us that we must share it
  • there is a legitimate enquiry from the police under the Data Protection Act for information related to a serious crime.

We do not share, send or transfer person identifiable information outside of the European Union. 

Where processing is likely to result in a high risk to individuals' privacy interests, the trust will conduct a Data Protection Impact Assessment (DPIA). The aim of a DPIA is to identify and minimise the data protection risks of a project. A copy of the trust’s DPIAs can be requested from the Data Protection Officer, see contact details below.

For further information please see the 'How we use patient information' page of our website.

What are your rights?

You have the right to object to information sharing at any time, but note that not sharing your information may affect the quality and safety of the care you receive. 

Where information from which you can be identified is held, you also have the right to:

  • request that your information is corrected
  • have your information updated where it is no longer accurate.

For further information please contact the data protection officer or Caldicott Guardian using the details below.

How do I access information recorded about me?

Under the Data Protection Act individuals have a right to access information that is held about them by an organisation. If you have undergone medical treatment at Barnet Hospital, Chase Farm Hospital or the Royal Free Hospital, find out about accessing your health records.

For further information please contact:

Data Protection Officer
Mr Kevin Winter
Royal Free London NHS Foundation Trust
Royal Free Hospital
Pond Street
London, NW3 2QG

Tel: 020 3758 2000

Caldicott Guardian
Dr Kilian Hynes
Royal Free London NHS Foundation Trust
Barnet Hospital
Wellhouse Lane 
Barnet, EN5 3DJ


How do I raise a concern?

To raise a concern with us, please contact the patient advice and liaison service (PALS) at:

Barnet Hospital Chase Farm Hospital Royal Free Hospital

Royal Free London NHS Foundation Trust
Barnet Hospital
Wellhouse Lane
Barnet, EN5 3DJ

Royal Free London NHS Foundation Trust
Barnet Hospital
Wellhouse Lane
Barnet, EN5 3DJ

Royal Free London NHS Foundation Trust
Royal Free Hospital
Pond Street
London, NW3 2QG

Tel: 020 8216 4924
Fax: 020 8216 4697 

Tel: 020 8216 4924
Fax: 020 8216 4697 
Tel: 020 7472 6446/6447; (020 7472 6445 - 24 hour answer phone)
Fax: 020 7472 6463
SMS: 447860023323 (Deaf, hard of hearing and hearing impaired patients only)

You can also contact the Information Commissioner’s Office, the UK's independent body set up to uphold information rights. 

Information Commissioner’s Office 
Wycliffe House
Water Lane
Wilmslow, Cheshire

Helpline: 0303 123 1113 (local rate) or 01625 545 745