Privacy notice

Introduction

This privacy notice, sometimes referred to as a fair processing notice, tells you what you can expect us to do with your personal information. 

In this privacy notice we use the terms ‘we, ‘the Trust’ or ‘SABP’ to refer to Surrey and Borders Partnership NHS Foundation Trust. It has been written to describe how we collect, use, retain and disclose the personal information which we hold (how we ‘process’ personal data) of the people who access our services, visitors, carers, the public and staff.

Based on current data protection legislation, which includes the Data Protection Act 2018 and UK General Data Protection Regulation 2016 (UK-GDPR) as well as Access to Health Records 1990, SABP has a legal duty to inform what data we may collect and how we may use that data. 

This privacy notice is part of our communication to ensure that SABP (which is a statutory public benefit corporation established under the National Health Service Act 2006 (as amended)) processes your personal information fairly and lawfully.

Who we are and what we do

Surrey and Borders Partnership NHS Foundation Trust is the leading NHS provider of mental health, well-being and drug and alcohol services across Surrey and north east Hampshire. It is also the main provider of learning and neurodevelopmental disability services. 

Our services are provided in community settings, hospitals and residential homes with an emphasis on providing local treatment and support close to people's homes wherever possible.

We process personal information in order to support healthcare activities as set out in the National Health Service and Community Care Act 1990. This is the Trust’s source of “official authority.”

Additionally, we are a data controller under the terms detailed in UK-GDPR, which means we have a lawful basis to process personal data under Article 6, and Special Category data under Article 9. (refer to the 'Lawful basis for processing personal data' section for details)

We are registered with the Information Commissioner’s Office: Z9052683.

Our contact details

Post: Surrey & Borders Partnership NHS Foundation Trust, 
Unit 18, Mole Business Park, Randalls Road, LEATHERHEAD, Surrey, KT22 7AD

Telephone: 0300 5555 222

Website: https://www.sabp.nhs.uk/   

Data Protection Officer: dpo@sabp.nhs.uk 
​​​​Charles Sant is our SABP Data Protection Officer.

Caldicott Guardian: caldicottguardian@sabp.nhs.uk 
Jo Lynch is our SABP Caldicott Guardian.

Senior Information Risk Owner (SIRO): sally.heath@sabp.nhs.uk 
Sally Heath is the SABP Senior Information Risk Owner.

Data rights/record requests: records.team@sabp.nhs.uk 
SABP Records team for records access and data rights.

SABP Formal complaints:
Whether you are a person who uses our services, a relative or carer of someone who does, or a member of the public, there may be times when you need information, help, advice and support. 

  • Emailrxx.palsandcomplaintssabp@nhs.net, or
  • Post: Surrey & Borders Partnership NHS Foundation Trust, PALS and Complaints
    Unit 18 Mole Business Park, Randalls Road, Leatherhead, Surrey, KT22 7AD

Lawful basis for processing personal data

Surrey and Borders Partnership NHS Foundation Trust: Privacy Notice:

The basis for the Trust processing your information is described in Article 6 (Lawfulness of processing) and Article 9 (processing of special categories of personal data) of the UK-GDPR.

Our guiding principle is that we hold your records in strict confidence.

The legal basis for using your data will depend on the use of the data but includes:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…' 
  • Article 6(1)(a) '...the data subject has given consent to the processing of .. personal data for one or more specific purposes...'
  • Article 6(1)(c) ‘...necessary for compliance with a legal obligation to which the controller is subject..'
  • Article 6(1)(d) ‘…necessary in order to protect the vital interests of the data subject or of another natural person...’ 

Article 9 lawful basis used:

  • Article 9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’

To make sure we comply with data protection legislation we complete Data Protection Impact Assessments (DPIA) for all new activities that involve using or sharing personal information at the initial stages. We do this is to assess the legal basis for data collection and use; data privacy risks and the disclosure of information.

In addition, under specific requirements SABP will also use the following lawful conditions for:

Safeguarding:

SABP is committed to actively promote the health and wellbeing of children and adults and to prevent harm wherever possible through effective risk assessment, risk management, staff training and supervision processes. We work in partnership with other agencies through the use of approved multi-agency procedures to refer and investigate known or suspected abuse

  • Article 9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject..’

Staff, volunteers and job applicants and others

SABP also processes information on those who are not patients such as Employees, job applicants, apprentices,  complainants, enquirers, survey respondents, suppliers, professional experts, consultants, cctv.

The legal basis for the Trust as a public authority for processing this personal information under UK-GDPR is as follows:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
  • Article 9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject...’

Individual contractors providing services to the Trust

SABP may collect this information in a variety of ways, such as data might be collected through application forms, CVs or resumes; identity documents ; forms completed at the start of or during employment; from correspondence with you; or through interviews, meetings or other assessments.
In some cases, SABP may collect personal data about you from third parties references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.

The legal basis for the Trust as a contract for processing this personal information under UK-GDPR is as follows:

  • Article 6(1)(b) '... processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract...'

Visitors, relatives, friends, next of kin, etc.

It is possible that the Trust holds information on you as part of someone else’s record. Under GDPR you may still be entitled to receive a copy of this information, so long as it would not breach the confidentiality of the person whose records hold the information, or there is another reason not to provide it.

The legal basis for the Trust as a public authority for processing information for your individual care under GDPR is as follows:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’

Staff Resilience Hub

Your details will be recorded on a secure and confidential system developed by SABP Digital service. We only require your email address or telephone number in order to contact you whilst you may wish to provide a pseudonym to maintain some anonymity or have the option to provide a real name if you prefer. 

SABP will report uptake figures to NHS England and our health and social care partners, so your information on the system will be used completely anonymously to produce these reports on figures only. 

We will use your information in accordance with the data protection legislation and we can assure you that no person-identifiable information (PII) will be disclosed. In line with UK-GDPR legislation we need to gain your consent to collect and store this data.

We will store your personal details securely for 7 years and then these will be deleted from the system records. You may request these to be deleted at any time by contacting our team via the following email address: covidstaffsupport@sabp.nhs.uk

Employment Records

During the course of its employment activities, SABP collects stores and processes personal information about prospective, current and former staff. This Privacy Notice includes applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience. We recognise the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met. 

What types of personal data do we handle?

In order to carry out our activities and obligations as an employer we handle data in relation to:

  • Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
  • Contact details such as names, addresses, telephone numbers and Emergency contact(s)
  • Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks)
  • Bank details
  • Pension details
  • Medical information including physical health or mental condition (occupational health information)
  • Information relating to health and safety
  • Trade union membership
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment Tribunal applications, complaints, accidents, and incident details

Our staff are trained to handle your information correctly and protect your confidentiality and privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes. Your information is not processed overseas.

What is the purpose of processing data?
  • Staff administration and management (including payroll and performance)
  • Pensions administration
  • Business management and planning
  • Accounting and Auditing
  • Accounts and records
  • Crime prevention and prosecution of offenders
  • Education
  • Health administration and services
  • Information and databank administration
  • Sharing and matching of personal information for national fraud initiative

The legal basis for the processing of personal data is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health and Social Care and data protection law. We have a legal basis to process this as part of your employment (either permanent or temporary) or as part of our recruitment processes following data protection and employment legislation. 

Sharing your information

There are a number of reasons why we share information. This can be due to:

  • Our obligations to comply with legislation
  • Our duty to comply any Court Orders which may be imposed

Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the disclosure of your personal data to such persons.

Use of Third Party Companies

To enable effective staff administration SABP may share your information with external companies to process your data on our behalf In order to comply with our obligations as an employer 

Employee Records; Contracts Administration (NHS Business Services Authority)

The information which you provide during the course of your employment (including the recruitment process) will be shared with the NHS Business Services Authority for maintaining your employment records, held on the national NHS Electronic Staff Record (ESR) system.

Prevention and Detection of Crime and Fraud

We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds. We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation.

Individuals Rights

Data Protection laws gives individuals rights in respect of the personal information that we hold about you. These rights are essential for us to have functionality within our staff records system. The data rights, as detailed in the section below, are in accordance with existing data legislation and UK-GDPR.

The legal basis for the Trust as a public authority for processing this personal information under UK-GDPR is as follows:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
  • Article 9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject...’

Should you have any further queries OR wish to lodge a complaint about the use of your informationon the uses of your information, please speak to the SABP Employment Services, Human Resources Department, email: Employment.Services@sabp.nhs.uk  or call 01372 216187.

The Community Mental Health Transformation Programme (CMHTP): 
GP Integrated Mental Health Service (GPimhs) 
Frimley Mental Health Integrated Community Service (MHICS)

If you go to your GP because your symptoms or negative thoughts/feelings are getting in the way of functioning in your daily life, you may be referred to a new primary care mental health service known as  MHICS (Mental Health Integrated Community Service) if you live in Surrey Heath, Farnham, or north east Hampshire. The same service is known as GPimhs (GP Integrated Mental Health Service) if you live in the rest of Surrey. 

The Community Mental Health Transformation Programme (CMHTP) with GPimhs and MHICS are designed to deliver support closer to communities by providing services focussed on Primary Care Network (PCN) populations, building on community assets and involving voluntary sector, housing & social care partners.

Managing Emotions Programme: MEP

Only the people who are working in the SABP Managing Emotions Programme and Staff delivering courses will see or update your record. 

We keep your information so we (and you) can see what courses you have booked and attended as well as any additional needs you may require to gain the most out of your learning at the Managing Emotions Programme. This data includes demographic data (contact details, date of birth) and relevant healthcare information.

The legal basis for the Trust as a public authority for processing this personal information under UK-GDPR is as follows:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
  • Article 9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject...’

Here for You: 

For People accessing Individual Psychological Support in order to enable Here for You to provide safe and effective clinical care, we need to hold information on our secure electronic patient record system. Access to the information you provide will be restricted only to the staff in Here for You service (psychologists, CBT Therapists and assistant psychologists). Our electronic patient record system cannot be accessed by any other staff within Surrey & Borders Trust.

The legal basis for the Trust as a public authority for processing this personal information under UK-GDPR is as follows:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
  • Article 9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject...’
External partner privacy notice links

A&E services provided by acute hospitals in Surrey and North East Hampshire

Surrey and Borders Partnership NHS Foundation Trust has joined with acute hospitals to participate in a quality improvement project to improve services for people in Surrey and north east Hampshire with mental health needs who present to Accident and Emergency (A&E). 

What information are we capturing?

Below are some of the data that you will share with your consent:

Patient demographic and identifying details including:

  • NHS number 
  • Patient name 
  • Patient address 
  • Date of Birth
  • Gender

Relevant health and social care records for the individual professional meetings, mental health problems/current and past issues. Your joint care plan developed by the multi-disciplinary teams

How are we doing this?

Only the minimum amount of information necessary to provide appropriate care and support will be shared. We will seek your consent before we share your information with the multi-agency disciplinary teams and for the development of the joint care plan. The joint care plan will be stored on a secure information system hosted by South East Coast Ambulance Service, and local systems of the relevant individual organisations.

All local systems have adequate security measures and each organisation have attained adequate information governance assurance. 

Who can access your information?

We will view and use your information in accordance with the principles of the Data Protection Act 2018 and current data protection legislation, and the NHS Caldicott Principles. Your information will only be shared with those who have a legitimate 
need to see it. The following are some of the potential organisations that we would share your information with. It will depend on your care and support requirements. 

  • Emergency Departments at acute hospitals in Surrey and NE Hampshire 
    • Ashford And St. Peter's Hospitals NHS Foundation Trust
    • Royal Surrey Hospital NHS Foundation Trust
    • Frimley Health NHS Foundation Trust
    • Epsom and St Helier University Hospitals NHS Trust
    • Surrey and Sussex Healthcare NHS Trust
  • Surrey and Borders Partnership NHS Foundations Trust
  • South East Coast Ambulance Service
  • Your GP
  • Surrey County Council (Social Services)
  • Hampshire County Council (Social Services)
  • CSH Surrey – Community Health
  • Surrey Police
  • Hampshire Police
  • Housing Associations 
  • Catalyst (working with people who are dealing with issues stemming from drug and alcohol misuse and mental health)
How long will we keep your information for?

For information on how long we keep personal information, see our retention schedule at Records Management Code of Practice: https://transform.england.nhs.uk/information-governance/guidance/records-management-code/

Summary Care Record: July 2020

The NHS in England (NHS E) uses a national electronic record called the Summary Care Record (SCR) a national database that holds electronic records of important patient information such as current medication, allergies and details of any previous bad reactions to medicines, created from GP medical records. It can be seen and used by authorised staff in other areas of the health and care system involved in the patient's direct care.

All patients registered with a GP have a Summary Care Record, unless they have chosen not to have one (opted-out).

Vulnerable People Reporting Service 

Organisations that are classified as Category One Responders have a legal duty under the Civil Contingencies Act (2004) to maintain plans (and arrangements) to ensure that in an emergency, they can perform their functions so far as necessary or desirable for the purpose of preventing the emergency, reducing or mitigating its effects or taking other action in connection with it. Category 1 (and 2) Responders also have a legal duty to share information with one another and to co-operate with each other.
We collect the data from you so that we can share information with other Category One (and Two) responders, facilitate planning, facilitate response and recovery during incidents, and other activities in relation to Civil Contingencies work.

Placed-based partnerships 

Your Data rights

Which lawful basis we use when processing personal data (see above section for details) may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access: You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with.
    There are some exemptions which means you may not receive all the information you ask for. Alternatively, SABP may remove (or edit out) the other individual’s information (known as 'third-party' information) before sending your information to you. This is commonly known as ‘redaction’. This could mean you only receive information - such as copies of documents showing blanked-out text or missing sections.
    To request your SABP records, further information is available on our webpage: https://www.sabp.nhs.uk/contact/freedom-of-info/accessing-your-records
  • Your right to rectification: You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Please discuss any changes with your healthcare contact, or contact our Records team, their email is listed in the 'Our Contact details' section above.
  • Your right to erasure: You have the right to ask us to delete your personal information. However, this depends on the lawful basis used, as there are situations where we can not delete personal information.
  • Your right to restriction of processing: You have the right to ask us to limit how we can use your personal information. 
  • Your right to object to processing: You have the right to object to the processing of your personal data. 
  • Your right to data portability: You have the right to ask that we transfer the personal information to you in a transferrable electronic format. However, this has to be in a technically feasible manner.
  • Your right to withdraw consent:  When we use explict consent as our lawful basis, you have the right to withdraw your consent at any time.
  • Your rights related to automated decision making including profiling: We do use electronic systems that assist clinicians to make decisions relating to your care. However, the decisions are not currently taken automatically, as a clinician will always review the information before deciding the outcome.

Under the Data Protection Act 2018, we are obliged to respond to all legitimate requests within one calendar month unless your request is considered complex, or you have made a number of requests.

  • With complex cases, we can extend our response time by a further two months. If this is the case, we will notify you and keep you updated.

To make a data rights request, please contact our Records team, their details are listed in the 'Our Contact details' section above. 

Keeping our data records safe and secure

We have a duty under UK data protection legislation and NHS codes of practices to keep data records in a confidential and secure manner, and only for as long as they are required. This applies to our electronic records as well as any archived historic paper records held.

SABP maintains healthcare and staff records within secure and accredited databases, with access strictly controlled and managed.

Confidentiality and Consent

We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:

  • you’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses). Where you have provided explict consent to use information, you have the right to withdraw that consent at any time;
  • It is appropriate to rely on implied consent for confidentiality purposes when contacting individual patients and service users about their individual care or requesting they complete a friends and family test survey. For further information visit: Email and text message communications - NHS Transformation Directorate (england.nhs.uk);
  • we have a legal requirement (including court orders) to collect, share or use the data;
  • on a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime);
  • the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied.

Common law duty of confidence (confidentiality) is not affected by Consent as a lawful basis.

Who we share our personal data with

We may share your information with other organisations and individuals where it may benefit you or we are required to do so, for example with:

  • Hospitals and Health care organisations
  • Social services
  • Community services
  • General Practitioners (GP)
  • NHS Integrated Care Systems (ICS) 
  • Education Services, including research at universities and examining bodies
  • Ambulance services and patient transfer services
  • Companies and supplier providers that provide services on behalf of SABP.
  • Family, associates and representatives (with your consent or under Lasting Power of Attorney/Deputyship under Mental Capacity Act – Personal Welfare)
  • Staff
  • Healthcare social and welfare organisations
  • Auditors and audit bodies
  • Police, Prison/Probation and Security organisations
  • Voluntary sector providers, such as patient groups or health charities
  • Care homes, including private sector care homes
  • Private health care providers
  • Regulatory bodies, including The Health and Safety Executive, The Information Commissioner's Office (ICO)
Trust membership records

Our members help us shape the future direction of our services.

What information do you hold about me?

The information we collect and hold on our Public members is your name, address, email, contact number and date of birth. You can also choose to tell us about your ethnicity, religion, and sexual orientation.

We ask for this information as our membership should represent the community we serve and this information helps us determine if we are achieving this.

The legal basis for the Trust as a public task and legal obligation for processing this personal information under GDPR is as follows:

  • Article 6(1)(d) ‘…necessary in order to protect the vital interests of the data subject or of another natural person...’
  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’

Processing data is necessary for the management of health care systems and services and reasons of substantial public interest. For example we request information on ethnicity, religion and sexual orientation to ensure compliance with the Equalities Act 2010.

Why do we collect information about you?

We use the information to send you our newsletter, ‘Partnership People’; invite you to our Members’ events and meetings; and send you information about upcoming governor elections.

New members are asked to select which constituency they would like to join – either our public constituency or our service user and carer constituency. To join the latter constituency you or someone you care for must have used Trust services in the past 5 years. Your postcode allocates our Public geographical members to the appropriate local constituency. 

How do we keep your records?

Your records may be on paper, but usually they will be held electronically. 

Who can see and update my records? 

Your personal information will only ever be shared with an approved supplier. We will not sell your information, nor will it be used for marketing purposes.

How do I know my privacy will be kept? 

We want you to feel your information is secure and that we are committed to maintaining your privacy. The membership database and online registration form are protected against the loss, theft, misuse, or alteration of information through physical security and also different layers of security implemented throughout the database platform, for example hardware and application firewalls; intrusion detection systems; and SSL encryption.

  • We work strictly within the guidelines set out by data protection legislation and the NHS, such as the NHS Caldicott Principles
  • If any of our partners are not in the UK, we will tell you.
  • We will not share or sell your health records for marketing purposes or shared them with third parties. 

We ask our members to let us know of any changes to their information as and when they arise. Members can resign at any time, and if they do, we will remove and permanently delete their membership record. This is entirely separate from any patient or employment record we might hold.

How long will you keep my records?

Your membership information will only be held for as long as you are a member of the Trust. You may request that your information is removed, which would mean you would no longer be a member.

OxeHealth

Oxehealth: Privacy Notice:

SABP use of Oxeheath's Oxevision is designed specifically for mental health care and includes a regulated medical device which operates with an infrared-sensitive sensor improving the care and safety of in-patients wards. It supports the prevention of self-harm incidents and reduces the intrusiveness of night-time observations with contact-free vital sign spot checks.

The legal basis for using your data in accordance with UK-GDPR and the Data Protection 2018 Act:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…' 

Article 9 lawful basis used:

  • Article 9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’

Data is only held for 24 -hours before being overwritten, unless required for clinical incident reporting which is retained in accordance with our retention schedule as detailed in the NHS Records Management Code of Practice.

 

National Data-Opt Out

The national data opt-out allows you to choose if you do not want your confidential patient information to be used for purposes beyond their individual care and treatment - for research and planning. The information we collect about you when you use our services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments preventing illness and diseases
  • monitoring safety
  • planning services

All these uses help to provide better health and care for you, your family and future generations. 

You have a choice about whether you want your confidential patient information to be used in this way. 

  • If you are happy with this use of information you do not need to do anything.
  • If you do choose to opt-out, your confidential patient information will still be used to support your individual care.

Find out more or to register your choice to opt-out here. 

Please note:

  • The national data opt-out policy does not apply where information is being used or shared for an individual patient's care. It only applies to the use or disclosure of data for purposes beyond individual care such as research and planning.
  • When there is a legal requirement to disclose information that sets aside the common law duty of confidentiality, the national data opt-out policy does not apply. 
  • The national data opt-out does not apply to disclosure of confidential patient information if it is being used to protect public health, for example to:

    • diagnose communicable diseases
    • control or prevent their spread
    • deliver and monitor vaccination programmes
    • manage risks of infection from food or water supplies or the environment
Closed-Circuit TV (CCTV)

Closed-circuit television: CCTV: 

Our Trust is compliant with current data protection legislation and CCTV codes of practice.

  • CCTV cameras are installed around the Trust to assist in the prevention, investigation and detection of crime and anti-social activity.
  • CCTV recording and equipment are securely stored, with all images are deleted after a set period, unless the images are required as part of an investigation.
Regional Shared Care Records

Shared Care Records

A Shared Care Record is a way we can access information about a person’s health and social care records across different organisations in one place.

  • Surrey Care Record is the name of the system bringing together information from across the Surrey Heartlands Integrated Care System (ICS)
  • Connected Care is the name of the system bringing together information from across the Frimley ICS.

The local shared care record reduces the need for you to repeat your story in each different setting, thereby saving you time and frustration. It also makes the services themselves more efficient by enabling health and care professionals involved in your care to view the relevant records as and when appropriate.

The Health and Social Care Act 2012 places a legal requirement on health and social care organisations to share data with other health and social care organisations involved in your care or likely to be involved in your care. There are also occasions where we have a legal duty to pass patient information to external organisations such as NHS Digital and NHS England that either provide national shared care records such as the NHS Summary Care Record or that have a responsibility to oversee and address issues relating to the management of the NHS as a whole.

  • We currently share information such as demographics, referrals, diagnosis, CPA details and Mental Health Act.  

For data sharing and privacy notice information:

Regional Shared Care Records

Regional shared care record is used by SABP to share some key information from your records with other organisations and  health and social care professionals who may be involved in your care.

The Thames Valley and Surrey (TVS) Local Health and Care Record (LHCR) covers all of Surrey and North East Hampshire. It will supersede Connected Care and the Surrey Care Record. It operates over a wider region, helping to ensure that the right services are available wherever and whenever someone needs care. TVS will use the same data for the same purposes whenever you receive treatment across the region, allowing patient health and care information to be shared across Berkshire, Buckinghamshire, Milton Keynes, Oxfordshire, and Surrey.

Role based access controls are implemented within the local shared care record systems and these controls make certain that only those roles that have a legitimate reason to access your data can do so. In addition to the technical access controls, all organisations that have been granted access to the local shared care record have committed to perform regular audits to ensure that the controls are properly applied.

Text messaging

If your record has a mobile phone number, and you have not indicated it can not be used for texting, you may recieve reminders and information in relation to your careplan. It will not be used to send confidential health record data

If you do not wish to receive text messages

To opt-out contact your SABP healthcare professional:

Please include the following information:

  • Your name
  • Date of birth
  • Postcode
  • NHS number (if known)
The Information Commissioner's Office: (ICO)

If you have any concerns about our use of your personal data, we encourage you to discuss your concerns informally with the Matron or Ward/Service Manager who is close to the source of your concerns

If you wish to make a formal complaint, please contact our Complaints team, their contact details are detailed in the 'Our Contacts' section of this page.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

Post: Information Commissioner’s Office, 
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint

Privacy notice updates

Privacy notice updates

September 2024:

Update of Trust privacy notice details, to provide more transparency and accessibility requirements.