Your personal information as a user of our services

National Data Opt-out Programme

NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how identifiable health and care information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. To find out more click here or use the NHS app.

Keeping information about you

Any personal information we hold about you is processed in carrying out the public task of providing healthcare and for the purposes of “…provision of health or social care of treatment or the management of health or social care systems and services…” in accordance with the EU and UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

We keep records about your health and any treatment and care you receive. This helps us ensure you get the best treatment and management of your healthcare. The records may be written down, or held on a computer.

We use digital solutions for recording the care and treatment we provide to users of our services. Depending on the service an individual is receiving, the information will be recorded in an appropriate system tailored to that service's needs.

Records held will include both personal information and 'special category' information, which is how the law defines more sensitive information about your healthcare.

We are likely to hold:

  • Your personal details including, name, address, email address, date of birth, NHS number and next-of-kin contacts and details of your GP
  • We may also hold details of your marital status, occupation, overseas status, place of birth and preferred name or former name(s).

Sensitive personal information we may hold will include:

  • Details of contact we have had with you, such as clinic visits and appointments
  • Notes, correspondence and reports about your health and your treatment and care
  • Details of your medical conditions and diagnoses, results of investigations
  • Details of care and treatment received and any future care you may need
  •  Relevant information from other health or social care professionals, relatives or those who care for you and know you well
  • Other personal information such as smoking status and any disabilities including any learning disability
  • Your religion and ethnic origin
  • Whether or not you are, or have been, subject to any protection orders for example under the Mental Health Act or Court of Protection or are or have been the subject of any safeguarding procedures.
  • Information extracted from the National Care Record Service (NCRS) to support the organisation making clinical decision about your care.

Using your records to help you and support your care

We use the records to help plan and guide your care.  They help to ensure:

  • All staff involved in your care have accurate and up to date information to assess and advise on the most appropriate care and support for you.
  • Staff have the information they need to be able to assess and improve the quality and type of care you receive
  • A single electronic care record enables your care team to work more effectively. Doctors, nurses and other health professionals working with you have accurate and up-to-date information
  • Appropriate information is available if you see another health professional, or are referred to a specialist or another part of the NHS, or other health or social care provider.
  • We can investigate your concerns, if you need to complain.
  • We can remind you about appointments and send you correspondence and information about your care.
  • Support the funding of your care for example with commissioning organisations.

Other ways in which we may use your information

Your information may also be used to help:

  • Look after the health of the general public and support health research and development
  • Review NHS accounts and services
  • Investigate complaints, legal claims and other incidents and report any such events when we are required to do so by law
  • Develop  and improve services  and the overall performance of the Trust
  • Prepare statistics on NHS performance to meet the needs of the population or for the Department of Health or other regulatory bodies
  • Review the care we provide by way of ensuring it is of the highest standard and quality
  • Teach and train health professionals
  • Review your suitability for research study or clinical trial so that we can tell you about health research opportunities you might be interested in
  • Work with other organisation such as universities, community safety units and research institutions.

Information used for statistical purposes is anonymous. We take stringent measures to ensure individuals cannot be identified. Where information is used for purposes such as service improvement we will anonymise or pseudonymise your personal information wherever possible to protect your confidentiality unless there is a legal basis that permits or requires us to use it.  We will only use or share the minimum information necessary.

Where appropriate, we will utilise digital solutions to allow our clinical staff to make decision on how we support our service users. One of these systems is a Management and Supervision Tool (MaST). This assists our clinical services to manage resources and identify if individuals require additional support. The solution does not involve any automated decision making about your care, it presents information to allow our clinical team to make an informed decision based on your profile. Please see the leaflet in the side bar for more information.

How we share your data with third parties

We work in close partnership with a number of organisations in order to provide the best support and care possible.

We may need to share relevant personal information with other NHS organisations and other non-NHS organisations contracted to provide health or social care services in order to support your healthcare needs. For example we may share information with NHS England, General Practitioners (GPs), ambulance or transport services or private care homes or social care providers you have a legitimate relationship with you. We are required by law to share information with other bodies such as with the Care Quality Commission for inspection purposes.

There may be occasions when we are required by law or a specific court order to share information. This includes exceptional circumstances where we may be required to share information to the police for the purposes of prevention, investigation and detection of crime or with appropriate authorities where there is an overriding public interest to prevent abuse or serious harm to you or to others. Where there is cause to do this the Trust will always do its best to notify you of sharing information and share only the minimum information required for the purpose.

We work closely with other organisations to support the health and safety of people who use our services and members of the public. We also support initiatives and studies to better understand healthcare demands in Devon  by working in collaboration with these organisations. In the Resources section to the right you will find a list of partners with which we have agreements. We only share information if there is a legal basis to do so or when the information is anonymised so individuals cannot be identified. All agreements are subject to checks and appropriate sign-off by Devon Partnership NHS Trust.

We will hold your information in confidence and it will only be used for the purposes explained to you. We will only share information where current legislation permits or requires it and will ensure so far as we are able to that any information will be shared  securely and  held securely  and will ensure so far as possible that any such third party will hold information in accordance with current legislation and protect your confidentiality.

When we share your information, Devon Partnership NHS Trust will ensure there is an appropriate basis to do so. These lawful basis’s can vary depending on the processing but will be covered under appropriate legislation such as the Data Protection Act (2018), UK General Data Protection Regulation (UKGDPR), The Common Law duty of Confidentiality and other applicable laws. An example of this would be that we rely on Schedule two of the Common Law duty of confidentiality when we share information with a service user's GP via the sharing modules in SystmOne. The information after sharing is then processed for the provision of healthcare under UKGDPR.

If you would like more information on how and whom the trust shares your information with or would like to know your rights as a data subject including to dissent from sharing, please contact

For more information on sharing information with NHS England in relation to Flu and COVID-19 please click here.

Devon and Cornwall Shared Care Record

It is crucial for clinical services across Devon, to have access to the right information at the right time to provide safe healthcare to those who need it. Healthcare services provided in Devon fall under different trusts who process the information and ensure it is secure and protected. This means that this information is readily available to services provided by other NHS trusts, unless it is requested or there are approved sharing mechanisms in place. 
As part of the NHS long-term plan, organisations are encouraged to utilise technology and work together collaboratively. The Devon and Cornwall Shared Care record will allow clinicians where appropriate, to access the patient information and care plans wherever they are working to optimise the care they are providing. 
Devon Partnership NHS Trust as part of an Integrated Care System in Devon is contributing to a Devon and Cornwall Care Record so information is available at the point of care. The trust has been involved and followed best practices to ensure the information is safe, secure, and only accessed on a need to know basis. More information is available on the Devon and Cornwall Care record website.

How we protect your personal data

Devon Partnership NHS Trust takes all necessary measures to protect your information. Data security measures are in place for all the Trust’s existing services and at the heart of all new initiatives going forward. Our processes are robust and we will continue to improve and maintain our security to protect the information of the people who use our services and staff and keep up with evolving information standards.

Everyone working for the NHS has a legal duty to keep sensitive information secure and confidential. This extends to any suppliers working with Devon Partnership Trust who may come into contact with our information. Before engaging with any supplier, they must demonstrate the same high standard of security expected for our organisation before engaging in any services. Devon Partnership on process information in relation to our users of trust service’s within the UK.

We will also from time to time ask you to confirm the information about you is up-to-date.

The information we secure is generated from:

  • Visitors to our website
  • People who receive health and/or social care from the Trust
  • People who make a Subject Access Request
  • People who raise a concern or make a complaint
  • People who want to receive general information and contact from the Trust or make a Freedom of Information request
  • Job applicants and our current and former employees
  • People who email us or send a letter
  • Charity and membership involvement.

How long we keep your personal data

All of Devon Partnership NHS Trust records are maintained and destroyed in accordance with the NHS Retention Schedule. The schedule sets out the appropriate length of time the type of record is retained for. We do not keep records for any longer than is necessary.

Once the retention period is met, or the Trust has decided the record is no longer required, it is confidentially shredded and destroyed.