This Charter is for anyone who has dealings with the Department of Health whether through correspondence, involvement in public policy consultations or if for any other reason we hold personal information about you.
The Charter sets out the standards you can expect when we ask for or hold your personal information and what we ask of you, to help us keep information up to date.
We hope the Notes that follow the Charter will answer any questions you may have about what information the Department holds and how we look after it. If you have further questions, we will answer them within 20 working days.
We need to handle personal information about you so that we can provide better services for you. This is how we look after that information.
When we ask you for personal information, we promise:
- to make sure you know why we need it;
- to ask only for what we need, and not to collect too much or irrelevant information;
- to protect it and make sure nobody has access to it who shouldn’t;
- to let you know if we share it with other organisations to give you better public services – and if you can say no;
- to make sure we don’t keep it longer than necessary; and
- not to make your personal information available for commercial use without your permission. [The Department of Health does not sell personal information about patients or correspondents to commercial organisations.]
In dealing with your personal information, we will also:
- value the personal information entrusted to us and make sure we respect that trust;
- abide by the law when it comes to handling personal information;
- consider the privacy risks when we are planning to use or hold personal information in new ways, such as when introducing new systems;
- provide training to staff who handle personal information and respond appropriately if personal information is not used or protected properly
In return, we ask you to:
- give us accurate information; and
- tell us as soon as possible if there are any changes, such as a new address.
This helps us to keep your information reliable and up to date.
- How to find out what information we hold about you and how to ask us to correct any mistakes
- Making a complaint
If you would like information about
- agreements we have with other organisations for sharing information;
- circumstances where we can pass on your personal information without telling you, for example, to prevent and detect crime or to produce anonymised statistics;
- our instructions to staff on how to collect, use and delete your personal information;
- how we check the information we hold is accurate and up to date;
or to obtain a hard copy of this charter, contact:
Address:Head of Data Protection
80 London Road
London SE1 6LH
When we ask you for information, we will keep to the law, including the Data Protection Act 1998.
For independent advice about data protection, privacy and data-sharing issues, you can contact
Contact:The Information Commissioner
Cheshire, SK9 5AF
Phone:08456 30 60 60
01625 54 57 45
Personal information relating to health and social care
Information about the care you receive from health or social care services is held in most cases by the local providers of those services, for example, your GP, social services or the hospital where you last received treatment. The Department supports local providers by centrally contracting for some services that enable information to be held securely and be made available to those who need it, e.g. the Summary Care Record. Only a small number of technical staff have access to this confidential information under strictly controlled circumstances. The NHS Care Records Guarantee sets out how this information may be used and should be read alongside the DH Information Charter (see link on the right hand side).
How the Department uses personal data
The Department of Health uses personal data for official correspondence, and to keep in contact with people and groups it is working with to develop policy. It holds contact details for those who have requested information about the Department’s work. It also holds personal data in connection with its responsibilities towards its own employees, The Department does not normally hold patient information on its own account, except where information about a personal case is mentioned in correspondence. More information on the Department’s use of personal data may be found on the Information Commissioner’s Register of Data Controllers.
The Department of Health does not sell personal information about patients or correspondents to commercial organisations.
How we store personal information
We store personal information for as long as we need it for the purpose for which it was obtained, then destroy it securely.
- You may give us contact information to allow us to keep you updated on developments in an area of policy or personal interest. This may be held by DH or its agents and will be updated like any mailing list, in response to information you provide, including a wish to end your subscription, or if we are advised that mail cannot be delivered. The Department does not make personal information available to others for commercial use.
- Information we receive from you in the course of correspondence will be retained as needed to ensure that the Department and its Ministers can respond effectively to further issues you wish to raise. This kind of information will only be shared if we need to share it with other departments in order to respond to you.
- Business contact information for senior departmental employees is published regularly in the Civil Service Yearbook, and in some related publications such as the Hospital and Health Service Yearbook, Whitaker’s Almanac and Dods’ Civil Service.
Departmental information, including personal information, is stored on a secure network that is accredited by CESG, the National Technical Authority for Information Assurance. Information transferred to laptops or removable media is automatically encrypted. By implementing the Cabinet Office information security requirements the Department’s agencies and arm’s length bodies and NHS organisations have achieved or will achieve a similar standard of protection.
Agencies and arm’s length bodies
Most of the Department’s agencies and arm’s length bodies hold personal data for specific purposes that are set out in their own Information Charters. For example, the UK Transplant Authority holds information on patients requiring transplants so that a match can be arranged efficiently once an organ becomes available. The Department of Health’s website includes information about agencies and arm’s length bodies that work with the Department.
We notify the Information Commissioner about our use of personal data
The Department and each of its arm’s length bodies must notify the Information Commissioner of the uses they make of personal data, what data it holds and how that data may be disclosed; these uses are fully detailed on the relevant entries in the Information Commissioner’s Register of data controllers.
Improving the protection of personal data
No organisation handling information can guarantee that it will never experience losses. We know that people have a right to expect their public services to achieve and maintain high standards in protecting information , especially personal information, from loss or misuse.
The Department of Health, its agencies and arm’s length bodies, and health and care services, are working together to ensure that all meet the “Mandatory Minimum Standards” set out by the Cabinet Office, and improve further so that we achieve and maintain the high standards you have a right to expect