Powys Teaching Health Board (the Health Board) is committed to protecting your personal information in accordance with the law. We will ensure that your information is safe and only used for the legal purposes for which we can use it. This privacy notice explains how your personal information is processed and our purpose for processing.
The Health Board holds records about you which will include the following:
NHS records may be held on a computer, on paper or a mixture of both and we use a combination of sound working practices and technology to ensure that your information is kept confidential and secure. We will protect your information through:
To use your personal data appropriately, Powys Teaching Health Board complies with the following Legislation and Standards:
UK General Data Protection Regulation (UK GDPR);
The Health Board processes personal information under the following legal basis:
Article 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Article 9(2)(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
Data Protection Act 2018;
Common Law Duty of Confidentiality;
Health & Social Care Act 2012;
NHS Codes of Confidentiality, Information Security and Records Management; and
European Convention on Human Rights Act 1998
Healthcare professionals who provide you with care maintain records about your health and any treatment or care you receive. These records help our staff to provide you with the best possible health care. This may include your medical records, complaint files, job applicants etc. Where required, we will use your information for Commissioned Services where treatment and services are provided by another health board or organisation, or for service improvement. We will also use your information to help us manage the NHS and for statistical purposes and at times, your information maybe used for research purposes. There will be times when it is appropriate for us to share information about you and your healthcare with others such as, GPs, other healthcare providers, social care and others. The need to share relevant information is to help us work together for your benefit. The health board at this time does not use automated decision making.
If you are a Welsh resident who has received treatment by an NHS care provider in England, your information will be shared back into NHS Wales in order to verify and combine with your information held in Wales. That information will be used by the Health Board/Trust to identify you and validate what care was provided.
Should you wish to know more about how the Health Board uses your information and with whom it is shared please see ‘Your Privacy, Your Rights’ leaflet which is currently available at How the health board processes your personal information - Powys Teaching Health Board (nhs.wales)
Powys Teaching Health Board has a legal obligation to safeguard public funds and we reserve the right to check information you have provided for accuracy, in order to detect fraud. We participate in anti-fraud data matching exercises carried out by other agencies such as the National Fraud Initiative.
We will hold your data in accordance with the law and the Health Board uses national guidelines to determine when your records can be destroyed. Please refer to the: - NHS WALES RECORDS MANAGEMENT CODE OF PRACTICE 2022 (gov.wales)
Under the UK GDPR, you have rights as an individual which you can exercise, and we must consider, in relation to the information we hold about you. These include:
Under the law you have a number of rights about your information including:
If you require further information about your rights please visit the Information Commissioner's website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Information about Subject Access Requests or making a request that your record is amended can be made via our Access to Information page.
Information on how we collect information through visits to our website can be found here
The health board may on occasion use your mobile number to contact you via text message to provide information to you in relation to your direct care from PTHB. This may be to ask you to contact the health board to book an appointment for a particular service that you have been referred to, or to ask for your feedback for a particular service to help with service improvement.
You have the right to let us know that you do not wish to be contacted using this method.
If you have any concerns about how your information is managed within the Health Board please check our website for details on how you can complain or report a concern.
To contact the Health Board’s Data Protection Officer (DPO):
telephone: 07836 505 851
by post: Data Protection Officer - Glasbury House, Bronllys Hospital, Bronllys. Brecon, Powys LD3 0LY
Powys Teaching Health Board is classed as a Data Controller for the purposes of data protection and is required to register with the regulator, the Information Commissioner’s Office (ICO). Our Registration number is Z781546X.
Further details can be on the Information Commissioner's Office website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to escalate your concerns, you should contact the Information Commissioner’s Office at www.ico.gov.uk
Our statement of public task sets out the functions carried out by Powys Teaching Health Board for the purposes of the Re-Use of Public Sector Information Regulations 2015 and General Data Protection Regulation (GDPR).