Skip to main content

This site is best viewed with a modern browser. You appear to be using an old version of Internet Explorer.

Privacy Notice

Information about you and how we use it

When you come into hospital, information about you, your illness and its treatment is recorded - on paper and/or on computers - to help us care for you. This information is part of your health record and will be kept in case we need to see you again.

Our clinical teams looking after you may share your personal health information with each other. These teams include doctors, nurses, therapists, support staff and students. All NHS staff are bound by law and a strict code of confidentiality, and are monitored by the Trust's Caldicott Guardian, a senior clinician who is responsible for making sure your confidential information is respected. Your information is very important to us, and we have strict controls in place to protect it.

To understand how patient data is used by the NHS and why, you can watch this video from the Understanding Patient Data team.

You can also read more about why your data matters to you and the NHS, how it is protected, and the choices you have.

How your records are used to help you

Accurate, up-to-date information about you:

  • helps our staff assess your health and care for you;
  • will help your future treatment, in hospital or elsewhere;
  • allows us to review and if necessary look into the care you have received.

How your records help us

Accurate, up-to-date information about you helps us:

  • provide high quality care and meet all our patients' needs;
  • train healthcare professionals and support research and development;
  • review (audit) the quality and outcome of NHS services;
  • perform Service Evaluations that assess how well a service is achieving its intended aims;
  • investigate any incidents or issues that arise;
  • ensure the hospital is paid for your treatment;
  • contribute to national NHS statistics.

Using and sharing information about you and your care

We will share information about you with staff in other organisations when it is necessary for your care. These may include your GP practice, other hospitals involved in your care, ambulance services, social services and care homes.

We have partnered with DrDoctor, providing digital communication with our patients for Outpatient appointment letters, appointment management and self-assessment forms.

For more information about Dr Doctor please visit:

Digital communications

We may use your data to assess how well our services are providing care, to suggest improvements and ensure that it is as good as it can be.

Sometimes we have to pass on personal information by law, for example:

  • to notify a birth;
  • when an infectious disease such as meningitis or measles may endanger the safety of others;
  • when required to by a formal court order;
  • when sharing information with the police may prevent a serious crime, or prevent harm to you or other people.

We also by law share summary data about every episode of care with NHS Digital. You can find out how they use this information at:

NHS Digital: How we look after your health and care information

We may also share information about you and your care with other NHS organisations responsible for the organisation and funding of health and social care, for example Clinical Commissioning Groups (CCGs) and their Commissioning Support Units (CSUs). If we have to share information about you, we will remove your personal details when possible.

We are developing a comprehensive list of organisations with whom we share data.

We may share data for approved research projects. In most instances the information will be made anonymous so that you cannot be identified. If this is not possible, we will ask your permission, or if this is not possible, we will request approval from the NHS Health Research Authority's Confidentiality Advisory Group. The Health Research Authority has further details on patient information and health and care research.

Should you not wish information about you to be used for research, please let us know or speak to the clinical team that is treating you.


How the NHS and care services use your information

(Oxford University Hospitals is one of many organisations working in the health and care system to improve care for patients and the public).

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services.

All these uses help to provide better health and care for you, your family and future generations, but will only happen when it is lawful for us to use your personal information in this way.

Most of the time, the data is used for research and planning is anonymous so that you cannot be identified.

If you are happy with this use of information you do not need to do anything. If not, you may choose to opt out.

To find out more, or to register your opt out, please visit:

Your NHS data matters

On this page you will:

  • see what is meant by confidential patient information
  • find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • find out more about the benefits of sharing data
  • understand more about who uses the data
  • find out how your data is protected
  • be able to access the system to view, set or change your opt-out setting
  • find the contact telephone number if you want to know any more or to set/change your opt-out
    by phone
  • see the situations where the opt-out will not apply.

You can also find out more about how patient information is used at:

Patient information and health and care research - HRA

(which covers health and care research); and

Introducing patient data - Understanding Patient Data

(which covers how and why patient information is used, the safeguards and how decisions are made).

You can change your mind about your choice at any time. Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations had until 31 July 2022 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation complies with the National Data Opt-out Policy.

Who may access your clinical records

Your care is provided by a team which typically will comprise a combination of clinical professionals (doctors, nurses, physiotherapists, occupational therapists, pharmacists), clinical support staff (nursing assistants, healthcare assistants, social workers) and administrative staff (medical secretaries, ward clerks). Any of these may have access to your clinical records in order to provide, record and support your care.

In order to access your electronic patient record (EPR) they will have to indicate when accessing that they have a legitimate reason to do so.

As a teaching hospital, we also have medical, nursing and other clinical students and trainees who will access records of patients under the care of the team to which they are attached, as part of their training. Like all healthcare professionals, they are bound by a duty of confidentiality.

Your care team will also have remote access to aspects of your GP record and the national Summary Care Record (SCR) in order to learn about your current medication, allergies and active medical problems and care plans.

Secure email standard DCB1596

Emails sent to and from health and social care organisations must meet the secure email standard (DCB1596) to help ensure that sensitive and confidential information is kept secure.

OUH has achieved accreditation to DCB1596 and is assessed annually to ensure its service continues to meet the standard's requirements.

More details about DCB1596 and a list of accredited organisations can be found on NHS England's website about the secure email standard:

The secure email standard - NHS England Digital

Legal aspects

We take care to ensure that we collect, use and share your information lawfully. The legal bases for doing so are described in:

How we use your information

Your information rights

  • You have the right to know how we will use your personal information;
  • You have the right to see your health record (your medical notes): this is known as Subject Access (see below);
  • You have the right to object to us making use of your information other than for your care;
  • You can ask us to change or restrict the way we use your information and we have to agree if possible;
  • You have the right to ask for the information we hold about you to be corrected or erased if it is incorrect.

If you object to how we are using your information, or wish us to restrict, erase or correct it, please contact our Information Governance team:


Tel: 01865 226912


Requesting copies of your personal information under the General Data Protection Regulation (GDPR) 2018 (pdf)

Accessing your health record (a subject access request)

While you are in hospital, you may ask to look at your health record folder. Your notes will be prepared for you and a qualified member of staff will talk you through the content. Your right to see some information may be limited - for example, if it includes details about other people.

If you require copies of your health record, please complete the forms below:

Access to Health Records

Access to records relating to deceased patients

Due to the Trust's ongoing commitment to reduce our carbon footprint, our preference is to provide disclosure by secure email.

To speak to someone about accessing your health record please call: 01865 223239

OUH IM&T Services - PACS/RIS Team

If you require copies of your Radiology scans, please complete the forms below and email them to the email address on the forms.

Patient Imaging Request (Requesting your own Radiology Studies) (pdf, 83 KB)

Patient Imaging Request (Requesting someone else's Radiology Studies) (pdf, 144 KB)

Foundation Trust membership

We hold information about our members. Further information is available on Foundation Trust Membership.

General enquiries

If you would like further information about how we use your information and your rights, please contact our Information Governance team:


Tel: 01865 226912

Data Protection Officer: Dr Christopher Bunch


Caldicott Guardian: Dr Alastair Moore (interim)


Last reviewed:11 March 2025