Privacy notice


In the National Health Service (NHS), we aim to provide you with the highest quality healthcare. To do this we must keep information about you, your health and the care we have provided to you or plan to provide to you. This privacy statement provides a summary of how we use your information.

The Data Protection Act and General Data Protection Regulation (GDPR) 2018 controls how your personal information is used by organisations, businesses or the government. Under the Act Lewisham and Greenwich NHS Trust is defined as a ‘data controller’ of your personal information. We collect information to help us provide and manage healthcare to our patients.


Why are we collecting information about you?

Lewisham and Greenwich NHS Trust keeps records about the healthcare and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us.

It helps you because:

  • Accurate and up-to-date information assists us in providing you with the best possible care
  • All information is readily available if you see another doctor or are referred to a specialist or another part of the NHS

It helps the NHS to:

  • Plan and manage the health service
  • Teach and train healthcare professionals
  • Conduct healthcare related research and development
  • Audit NHS services
  • Prepare statistics on NHS performance
  • Monitor how we spend public money


Your rights, and sharing information with NHS and non NHS organisations

Please see the section on Your Rights under GDPR for more information on this.


What kind of Information do we hold about you?

We hold the following information about you:

  • Name, address, date of birth, NHS number and next of kin
  • Contacts we have had with you (such as clinic visits)
  • Details of diagnosis and treatment
  • Allergies and health conditions

Processing Personal and Sensitive Information

The GDPR requires that data controllers and organisations that process personal data demonstrate compliance with its provisions. This involves publishing our basis for lawful processing.

As personal data is processed for the purposes of Trust’s statutory functions, the Trust’s legal bases for the processing of personal data as listed in Article 6 of the GDPR are as follows:

  • 6(1)(b) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • 6(1)(c) – Processing is necessary for compliance with a legal obligation
  • 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Where the Trust processes special categories of personal data, its additional legal bases for processing such data as listed in Article 9 of the GDPR are as follows:

  • 9(2)(f) – Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
  • 9(2)(g) – Processing is necessary for reasons of substantial public interest
  • 9(2)(j) – Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

Special categories of personal data include data relating to racial or ethnic origin, political opinions, religious beliefs, sexual orientation and data concerning health.

Please note that not all of the above legal bases will apply for each type of processing activity that the Trust may undertake. However, when processing any personal data for any particular purpose, one or more of the above legal bases will apply.

How do we keep your records confidential?

Everyone working for the NHS is subject to the common law duty of confidence. Information provided in confidence will only be used for the purposes to which you as the patient have given consent to, unless there are other circumstances covered by the law.

Under the NHS confidentiality code of conduct, all our staff are also required to protect your data, inform you of how your data will be used, and allow you to decide if and how your data can be shared. This will be noted in your records.


How long do we keep information? 

Information is retained in line with the NHS records management code of practice.


Patient National Data Opt-Out

The national data opt-out is a service that allows you to opt out of your confidential patient information being used for research and planning.

You can view or change your national data opt-out choice at any time by using the online service at or by calling 0300 3035678


New Caldicott Principles

The Trust would like to ensure that people's information is kept confidential and used appropriately. The new principle’s purpose is to make clear that patient and service user expectations must be considered and informed when confidential information is used, to ensure ‘no surprises’ about the handling or sharing of their data.


Good information sharing is essential for providing safe and effective care. There are also important uses of information for purposes other than individual care, which contribute to the overall delivery of health and social care or serve wider public interests.

These principles apply to the use of confidential information within health and social care organisations and when such information is shared with other organisations and between individuals, both for individual care and for other purposes.

The principles are intended to apply to all data collected for the provision of health and social care services where patients and service users can be identified and would expect that it will be kept private. This may include for instance, details about symptoms, diagnosis, treatment, names and addresses. In some instances, the principles should also be applied to the processing of staff information.

They are primarily intended to guide organisations and their staff, but it should be remembered that patients, service users and/or their representatives should be included as active partners in the use of confidential information.

Where a novel and/or difficult judgment or decision is required, it is advisable to involve a Caldicott Guardian.

Principle 1: Justify the purpose(s) for using confidential information

Every proposed use or transfer of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian.

Principle 2: Use confidential information only when it is necessary

Confidential information should not be included unless it is necessary for the specified purpose(s) for which the information is used or accessed. The need to identify individuals should be considered at each stage of satisfying the purpose(s) and alternatives used where possible.

Principle 3: Use the minimum necessary confidential information

Where use of confidential information is considered to be necessary, each item of information must be justified so that only the minimum amount of confidential information is included as necessary for a given function.

Principle 4: Access to confidential information should be on a strict need-to-know basis

Only those who need access to confidential information should have access to it, and then only to the items that they need to see. This may mean introducing access controls or splitting information flows where one flow is used for several purposes.

Principle 5: Everyone with access to confidential information should be aware of their responsibilities

Action should be taken to ensure that all those handling confidential information understand their responsibilities and obligations to respect the confidentiality of patient and service users.

Principle 6: Comply with the law

Every use of confidential information must be lawful. All those handling confidential information are responsible for ensuring that their use of and access to that information complies with legal requirements set out in statute and under the common law.

Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.

Principle 8: Inform patients and service users about how their confidential information is used

A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, greater engagement will be required.


Appointment reminders

Lewisham and Greenwich NHS Trust work with a company called Netcall to send appointment reminders by text or automated phone call for all outpatient services. This reminder service is to help ensure that you attend your appointment.   

If you are a patient and we have your mobile number, you will be opted-in automatically to be reminded of your appointment via text message or an automated phone call. You will receive two reminders before your appointment.

An automated reminder (via text or phone call depending on clinic) will be delivered 7 days before the appointment, with details of the appointment time, date and location. Patients will also receive a text reminder 2 days before your appointment with the appointment details.

Please read our Text reminder opt out policy below for details of the information that we share with Netcall and how you can opt out from this service if you would prefer to.

PRIVACY NOTICE - Text reminder opt out 10 Oct 19 [pdf] 259KB

Opting-out of the reminders will not affect the care offered to patients (appointment or admission). It just means no text or voice message reminders will be sent to patients about appointments at Lewisham and Greenwich NHS Trust.

Patient Portal

Please see the Privacy Notice for the Patient Portal:

Patient Portal Privacy Notice April 2019 [pdf] 286KB


Connect Care

At the moment, health and social care workers from different organisations in Lewisham and Greenwich do not have a system in place to share important information about your care automatically.  This means that GPs, hospital staff, district nurses, occupational therapists and social workers don’t always have immediate access to all the information they need to provide the most timely and efficient care.

To address this problem we are launching a new system of local electronic records.  The new system is called Connect Care.

You can find out more via the link below.

Connect Care >>

Joining up electronic health and care records in Lewisham

NHS and social care services in Lewisham are developing ways of working together more closely to better support the needs of local residents, and make best use of the resources available. 

One of the things that will help this to happen is bringing records about people’s health and social care into a single system using a common and consistent electronic care record. This will have the following benefits for patients:

  • Reducing delays in care and treatment
  • Staff able to spend more time on care, rather doing than administrative tasks
  • Better quality and safety of care
  • Care and treatment can be given earlier and closer to home – to stop conditions getting any worse and avoiding hospital admissions
  • Care is more joined up so patients won’t have to tell their story to lots of different professionals
  • Transfer of care between services is smoother
  • Reducing unnecessary appointments, tests and associated costs
  • Confidential care records are available to care professionals via a secure online portal rather than relying on post, fax and email


As well as making things better for patients and enabling staff across the health and care system to provide better care, this system will also mean that we have much more information to enable us to plan future services based on the needs of our population.

From 20 August 2018 we will be testing this system of joined up records. Records from patients who live in Lewisham and have used our hospital or community health services will be linked to records from six of the GP Practices in the borough. Information will be secure and will not be shared with people who aren’t involved in the testing.

Records have been successfully shared across organisations electronically for some time in Lewisham through the Connect Care system. This new system will build on the success of Connect Care.

If you have any questions or wish to discuss this further please speak to your care professional or call the Patient Advice and Liaison Service (PALS) at Lewisham Hospital on 020 8333 3355.