Your health record

How do we protect your health record?

Croydon Health Services NHS Trust is the data controller for the information you give us, kept in your health record. 

The Trust is responsible for ensuring that your information is managed according to your data protection rights. The following privacy notice explains how your information is used along with the rights you can exercise in relation to your information.

What information the Trust holds about you

If you are a patient of the Trust as an outpatient (attending a clinic), an inpatient (for an operation or tests), an emergency (attending through accident and emergency) or as a patient visited in your own home we collect information about you to make sure you receive the right treatment and healthcare. The information we hold includes information you have given us, or information provided by other people involved in your care. This personal information includes your contact details your name, date of birth, details of the care and treatment you receive, results of investigations and tests and any other relevant information about your health and healthcare needs, this information is stored in your health record.

How your health record is used and kept secure and confidential

Your health record is used to make sure health professionals involved in your care can provide you with the best possible healthcare and treatment; to check the quality of care you receive (known as clinical audit) and to help investigate any concerns or complaints you or your family have about your healthcare.

Information in your health record may also be used for other NHS purposes not related to your direct healthcare in these situations confidential information (your name and information that identifies you) is not used.  These NHS uses may include; check or audit NHS accounts and services, review and plan services to meet future needs, performance statistics, teach and train healthcare professionals, help inform patient satisfaction surveys and for research into better methods of healthcare. Visit to opt out of the use of your confidential data for NHS planning and research.

Information about you is kept confidential and used by staff involved in your treatment and care. The people involved in your care may include doctors, nurses, therapists, technicians and administrative staff. All staff follow strict rules on confidentiality. There may be occasions where we need to discuss information about you with your partner or family. We limit the information we share to ensure you receive the right care.

The Trust uses a variety of technical measures to keep electronic health records secure with access limited to those who involved in your care and treatment.

Information shared with other organisations and partners

Sometimes your care may be provided by other organisations the Trust is working with in partnership. You can find out more about the partnership working from: or visit the Patient Advice and Liaison Service. We only share information with partners to meet your healthcare needs where you have not objected.  Your hospital health reord will be available to your doctor (at your GP practice) through a secure system known as 'Connecting Your Care' resulting in faster, up to date information that can help to speed up your care and treatment. You can find out more about 'Connecting Your Care' what information is shared or how to opt out here. Where required by law the Trust must share information with other organisations, for example; help prevent or detect crime and safeguard children or vulnerable adults, notify births, deaths and infectious diseases. 

The Trust uses other organisations to help deliver healthcare, these other organisations are known as data processors they work under contract and process patient information under written instruction from the Trust. Any organisation used as a data processor by the Trust has the same legal duties towards patient confidentiality and data protection.

The legal basis for using your data

The Trust uses your information as a provider of health services, to provide healthcare and treatment, to manage healthcare systems and services and for ensuring high standards of quality and safety. Where the use of your information falls outside these areas we will inform you in advance. 

How long your information is kept

Your information is kept according to national guidance and any legal obligations. Guidance published for NHS organisations called the Records Management Code of Practice for Health and Social Care describes how long the Trust keeps health records. The length of time information is kept varies. You can find out more from the retention schedule at:

Your right to have data corrected

We want to make sure your records are accurate and up-to-date.  You have the right to ask us to rectify and correct any information if there is an error in your health record. To correct any information contact PALS to let us know if you have any concerns about the accuracy of your information.

Your right to object to processing

If you believe you have a good reason for wanting to object to the use of your health record and want to object you should contact us using our contact details.  Remember that we only use your health record for your healthcare needs and treatment. You can find out more about your right to object by visiting the ICO right to object

Your right to access your health record

You can ask to see a copy of your health record by completing an application form:

Application Form & Guidance SARs Nov 2018 

Also available from reception at Croydon University Hospital or contact us at:

Subject Access Team
Croydon Health Services
Woodcroft Wing, HQ Offices
530 London Road
Croydon CR7 7YE


Tel: 020 8401 3000 ext. 3475 or 4049

You can only access other people’s medical records with their written consent or if you have proof that you have a legal right of access for example a Power of Attorney or Court Order.

If you are asking to see the health records of someone who has died, under the Access to Health Records Act 1990 you will need to prove that you are the patient’s legal personal representative or that you have a claim arising from the death.

If you are asking to see your child’s records, you can only do so if you have legal parental responsibility.  Depending on the age of your child and their capacity to understand the request, we may also request confirmation that your child has understood and consented to your request.  The best interest of the child is paramount at all times and may, on occasion, mean that we limit or even refuse your request to access your child’s health record.

How to contact us

If you have any questions, comments, concerns about your information rights or want to make a complaint about your health information you can contact the Data Protection Officer who has responsibility to ensure the protection of your information in accordance with your rights. Alternatively you can contact PALS or write to the Caldicott Guardian at: Caldicott Guardian, Medical Director’s Office, Croydon Health Services, Trust HQ,  Woodcroft Wing, 530 London Road, Croydon CR7 7YE.

Our Data Protection Officer can be contacted by email at or by post at: Data Protection Officer, Information Governance, Croydon Health Services, HQ  Woodcroft Wing, 530 London Road, Croydon CR7 7YE.

After contacting us, if you still have concerns about your personal information and want to make a complaint to the supervisory authority or find out about your information rights, contact the Information Commissioners Office at: