Information governance

In this section, you can find information on our Information Governance procedures including how to obtain information held about you (subject access request) or the organisation (freedom of information requests) and our privacy notice explaining what information we gather, why and how we use it.

Information governance is a term used to describe how we manage information legally, securely, and effectively. Because of the range and complexity of the standards and legal rules, NHS Digital developed standards to allow NHS and partner organisations to measure their compliance via the NHS information governance toolkit.

Privacy notice

The purpose of this notice is to inform you of the types of information (including personal information) that NHS Kernow hold, how that information is used, who the information may be shared with, how it is kept secure and confidential and what your rights are in relation to this. View our privacy notice (PDF, 415 KB). 

NHS Kernow abides by the Data Protection Act 2018 and questions regarding our approach to using and maintaining the confidentiality and security of personal information can be made to our Data Protection Officer.

Supplementary privacy note on COVID-19 

This notice describes how we may use your information to protect you and others during the COVID-19 outbreak. It supplements our main privacy notice (PDF, 415 KB).

The health and social care system is facing significant pressures due to the COVID-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; arms length bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the COVID-19 outbreak. Any information used or shared during the COVID-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk and FAQs on this law are available here.

During this period of emergency, opt-outs will not generally apply to the data used to support the COVID-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to subject access requests, freedom of information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email. Cornwall and Isles of Scilly Health and Care Partnership are responding to the COVID-19 pandemic to provide real-time, live reporting functionality across public health, adult social care, primary care, community and acute services, together with support and voluntary services. 

During this period of emergency we may offer you a consultation via telephone or video-conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation. 

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Get further information here about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the COVID-19 response. 

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the COVID-19 response. This includes data already collected by NHS England and Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and emergency department capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing COVID-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards. 

Visitors to our website

When someone visits NHS Kernow’s website, we collect standard internet log information and details of behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. This information is held securely and only used for the purposes provided. It will not be sold or given to another organisation without consent

We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personal identifiable information through our website, we will make it clear when we collect the personal information and will explain what we intend to do with it. 

What do you know about cyber security?

Cyber security refers to technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorised access.

Contact the data protection officer (DPO)

Deputy director of corporate governance
Sedgemoor Centre
Priory Road
St Austell
PL25 5AS 

Telephone: 01726 627800 
Email: kccg.corporategovernance.nhs.net