Policies and procedures relating to the conduct of business and
the provision of services
The following policies and procedures relate to the conduct of
business and the provision of services at the University Hospitals
Bristol NHS Foundation Trust:
- Data protection policy
- Confidential waste policy
- IT security policy
- Use of computing equipment policy
- Email policy
- Internet policy
- Outpatient and inpatient policy
- Consent policy
- Retention and destruction of documents policy
- Incident report policy
- Health and safety policy
- Protection of adults policy
- Waiting list policy
- How to apply for your own medical records
- Use of mobile communication equipment (mobile phones) in
To obtain a copy of these please visit http://foi.avon.nhs.uk and search
for the appropriate policy.
Please note that the above list is not a complete list of the
policies and procedures which are in place at the Trust.
Alternatively, please contact the Legal Services
Department for more information. Please note that the above
list is not a complete list of the human resources policies and
procedures at the Trust.
Standing financial procedures
The Trust's standing financial procedures can be found on the publications
page of this website.
The Trust's standing orders are available through the Trust's
constitution. This can be found on the publications
page of this website.
Complaints and other customer services policies and
The Trust operates a complaints policy. More details
on how the Complaints team operate can be found at the link
The Complaints team - an
The Trust holds information regarding complaints, however the
information will not normally be available to the public as it may
contain references to patients or treatment received. This is
classified as personal dtat under section 40 of the Freedom of
Information Act 2000.
Data protection/Information Governance/Caldicott Guardian
Fair Processing Notice
Confidentiality affects everyone: University Hospitals Bristol
NHS Foundation Trust collects, stores and uses large amounts of
personal data every day, such as medical records, personnel records
and computerised information. This data is used by many people in
the course of their work.
We take our duty to protect your personal information and
confidentiality very seriously and we are committed to taking all
reasonable measures to ensure the confidentiality and security of
personal data for which we are responsible, whether computerised or
At Trust Board level, we have appointed a Senior Information
Risk Owner who is accountable for the management of all information
assets and any associated risks and incidents, and a Caldicott
Guardian, who is responsible for the management of patient
information and patient confidentiality.
Why do we collect information about you?
The doctors, nurses and teams of healthcare professionals caring
for you keep records about your health and any treatment and care
you receive from the NHS. These records help to ensure that you
receive the best possible care. They may be written down in paper
records or held on computer. These records may include:
- Basic details about you such as name, address, date of birth,
next of kin etc.;
- Contact we have had with you such as appointments or clinic
- Notes and reports about your health, treatment and care;
- Results of x-rays, scans and laboratory tests; and
- Relevant information from people who care for you and know you
well, such as health professionals and relatives.
It is essential that your details are accurate and up to date.
Always check that your personal details are correct when you visit
us and please inform us of any changes as soon as possible.
How is your personal information used?
Your records are used to direct, manage and deliver care you
receive to ensure that:
- The doctors, nurses and other healthcare professionals involved
in your care have accurate and up to date information to assess
your health and decide on the most appropriate care for you;
- Healthcare professionals have the information they need to be
able to assess and improve the quality and type of care you
- Your concerns can be properly investigated if a complaint is
- Appropriate information is available if you see another doctor,
or are referred to a specialist or another part of the NHS, Social
Care or health provider.
Who do we share personal information with?
Everyone working within the NHS has a legal duty to keep
information about you confidential. Similarly, anyone who receives
information from us has a legal duty to keep it confidential.
We will share information with the following main partner
- Other NHS Trusts and hospitals that are involved in your
- General Practitioners (GPs); and
- Ambulance Services
You may be receiving care from other people as well as the NHS,
for example, Social Care Services. We may need to share some
information about you with them so we can all work together for
your benefit if they have a genuine need for it or we have your
permission. Therefore, we may also share your information, subject
to strict agreement about how it will be used, with:
- Social Care Services;
- Education Services;
- Local Authorities; and
- Voluntary and private sector providers working with the
We will not disclose your information to any other parties
without your express permission, unless there are exceptional
circumstances, such as if the health and safety of others is at
risk or if the law requires us to pass on information.
Disclosure of information
You have the right to restrict how and with whom we share the
personal information in your records that identifies you. This must
be noted explicitly within your records in order that all
healthcare professionals and staff treating you are aware of your
decision. By choosing this option, it may make the provision of
treatment of care most difficult or unavailable. You can also
change your mind at any time about a disclosure decision.
How is your personal information used to improve the
Your information will also be used to help us manage the NHS and
protect the health of the public by being used to:
- Review the care we provide to ensure it is of the highest
standard and quality;
- Contribute to service development (the Trust may contact
patients to raise awareness of the Trust's designated charity,but
will not share personal data of any kind)
- Ensure our services can meet patient needs in the future;
- Investigate patient queries, complaints and legal claims;
- Ensure the hospital receives payment for the care you
- Prepare statistics on NHS performance;
- Internal and External Audit of NHS Accounts and Services;
- Undertaking health research and development; and
- Helping to train and educate healthcare professionals.
How can you access your records?
The Data Protection Act 1998 gives you the right to access the
information we hold about you on our records. Requests must be made
in writing to the Medical Records Department. The Trust will
provide the information to you 40 calendar days from receipt
- A completed application form, containing adequate supporting
information (such as your full name, address, date of birth, NHS
number etc.) to enable us to verify your identity and locate your
- The fee up to £50.00 to be paid in advance; and
- An indication of what information you are requesting to enable
the Trust to locate the information in an efficient manner.
Dr Sean O'Kelly (Medical Director) is the Senior Information
Responsible Officer, Dr Jane Luker (Deputy Medical Director) is the
Caldicott Guardian and Pam Wenger (Trust Secretary) is the Data
Please contact Trust.Secretariat@UHBristol.nhs.uk for any
queries relating to Data Protection, Information Governance or
The Data Protection Act 1998 requires organisations to lodge a
notification with the Information Commissioner to describe the
purposes for which they process personal information. These details
are publicly available from:
Information Commissioners Office
Wilmslow SK9 5AF
The NHS Care Record Guarantee describes how patient information
will be used and protected within the National Systems.
Access the NHS Care Record Guarantee
The NHS Code of Confidentiality is based on legal requirements
and best practice. It sets out the required standards of practice
concerning confidentiality in the NHS and patients' consent to use
their health records.
Access the NHS Code of Confidentiality
The management of estates and facilities falls under the
Directorate of Trust Services, which is the responsibility of the
Chief Operating Officer. Daily responsibility is undertaken by the
Director of Estates and Facilities.
Facilities oversee the following areas of the Trusts day to day
- Linen laundry
- Health and safety in respect of facilities
- Facilities purchasing
- Waste management
- Pest control
- Monitoring cleaning standards
- Car parking
- Green travel
- Skills training
Estates oversee the following areas of the Trusts day to day
- Planned maintenance
- Breakdowns and repairs
- Grounds and gardens
- Minor works
- Backlog maintenance implementation
- Quality control and systems
- Strategic and backlog maintenance
- Risk management
- Environment and energy
- Strategic project integration
- Ordering invoices and payment
- Capital projects
- Feasibility studies
- Project management
- Estate management
- Leases and property
Charging regimes and policies
To obtain copies of the Trust's charging regimes and policies,
please contact the Legal Services Department