top banner image

Privacy and Confidentiality

What do we do?

NHS Trusts and independent healthcare providers employ Patient Perspective to carry out surveys of patients on their behalf. Surveys are carried out by post, SMS (text message) and via email.

Some of the surveys are part of the CQC National Patient Survey Programme which NHS Trusts have to take part in.  Other surveys are carried out voluntarily by healthcare providers.

We are provided with personal information to enable us to send the surveys to patients.

What information are we provided with?

For postal surveys, we are provided with the name and address of patients.  For SMS (text message) surveys we are provided with the mobile phone numbers of patients and for email surveys we are provided with the email address of patients.

What other information are we provided with?

For some surveys we may also be provided with other background information about patients which allows us to a) check the accuracy of the data provided and b) provide more useful results by, for example, the ward, clinic or specialty.

Other types of personal information we may be provided with include:  Age, gender, ethnic group, date of admission and discharge, ward name, clinic, hospital site, type of admission (planned or urgent), specialty and diagnosis chapter code.

How do healthcare organisations send us the patient data?

We only accept patient data via our secure encrypted link.  Healthcare organisations are given a login and password and can upload data directly and securely to our server.

Where is the data stored?

Data provided to us about patients is stored on an encrypted disk drive in our Oxford main offices.

How secure is the data?

We take data security very seriously and have written policies and procedures to protect all the data we hold.  This includes physical security (for example locked servers with limited access) and hardware and software firewalls to protect unauthorised access to data.

Who has access to the personal data stored?

Access to the personal data is strictly controlled.  Only members of staff that are involved with printing letters or sending out SMS surveys or email surveys have access to the personal data and this is permitted via their login and password.

Whether or not they have access to personal data, all of our staff have NHS approved annual training in Information Governance, security and confidentiality.

How long is the data stored for?

For national CQC surveys we are required to store the names and addresses for a fixed period, at which point we delete them.

For voluntary surveys we store the personal data for 4 weeks after we have sent out the survey and then delete them – this ensures that soon after the survey is sent out, if a patient has a query about the survey we still have a record of having sent them a questionnaire.

If I complete a questionnaire will my response be linked to my name and address?

Our questionnaires don’t have your name and address on them – they have a Unique Reference Number (URN)  that links to your name and address.  This allows us to track who has responded and send out reminder letters.  Your questionnaire responses include the URN only and this will never be linked to your name and address.

When we report results back to healthcare providers we do so in a way that would not allow for individual patients to be identified.

The only circumstances in which we pass on the name of a patient to the healthcare provider are: a) if the patient has written their name in one of the free-text comments boxes;  b) if a patient has specifically asked us contact the provider on their behalf or c) where we have safeguarding concerns about a patient.

Is it legal for healthcare organisations to provide Patient Perspective with information about me?

Under the new General Data Protection Regulation (GDPR), healthcare providers share data with us on the basis that the carrying out of a survey is  “a task carried out in the public interest” and that this provides a legal basis (under paragraph 1(e) of Article 6 of the GDPR) for the transfer of people’s mailing information to a third party data processor for the purpose of carrying out the survey only.

Your rights under the GDPR

If we store any personal information about you, you have various rights under the GDPR:

  • The right to be informed – why we have your data, who provided it to us, what it will be used for, when it will be deleted
  • The right of access – to be provided with a copy of the information we hold
  • The right to rectification – to correct any information that is wrongly recorded
  • The right to erasure – to have your data deleted
  • The right to restrict processing – to prevent us from using the data for particular purposes
  • The right to data portability – to be given the data in an easily accessible format
  • The right to object – to object to the storage and use of the data

Does Patient Perspective have any certification or accreditation?

We are registered under the Data Protection Act.

We complete the NHS Information Governance Toolkit each year.  Our most recent submission was reviewed as satisfactory on 17th July 2018 with a score of 100%.

We have ISO 27001 Information Security certification.

Any queries

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to privacy policies. If you have any queries about privacy or confidentiality, please call us on 01865 205100, email info@patientperspective.org, or click on this link to fill in our contact form:

Contact Us