Information we hold about you

Personal data is information that relates to living individuals. It does not include information relating to dead people, groups or communities of people, organisations or businesses.

The Data Protection Act 2018 and EU General Data Protection Regulations govern the management of personal information held by all organisations in the UK. We need to handle personal information about you so that we can provide services for you.

This is how we look after that information.

When we ask you for personal information we promise:

  • To make sure you know why we need it; ask only for what we need and not collect too much or irrelevant information;
  • To protect it and make sure no unauthorised person has access to it;
  • To let you know if we share it with other organisations to give you better public services, and if you can say no;
  • To make sure we don’t keep any data longer than is necessary;
  • To not make your personal information available for commercial use without your consent; and;
  • To consider your request to stop processing data about you.

In return we ask you:

  • To give us accurate information; and
  • To notify us as soon as possible if there are any changes to your personal circumstances such as your address. This helps us to keep your information reliable and up to date.


Subject Access Requests

Anyone can make a request to see the information that Brighton & Sussex University Hospitals NHS Trust holds about them; this is referred to as a Subject Access Request.

To access a copy of your health records or your children’s records, if they are under the age of 13, or you are a relative of a deceased patient and require access, please complete the subject access request form and send to one of the following addresses:

Patients with surname A-G
Information Governance Office
Royal Sussex County Hospital
Sussex House
1 Abbey Road
Tel: 01273 696955 Ext: 4186 (lines are open from 10am to 3pm)

Patients with surname H-Q
Information Governance Office
Princess Royal Hospital
Lewes Road
Haywards Heath
West Sussex
RH16 4EX
Tel: 01444 441881 Ext: 5620 (lines are open from 10am to 3pm)

Patients with surname R-Z
Information Governance Office
Princess Royal Hospital
Lewes Road
Haywards Heath
West Sussex
RH16 4EX
Tel: 01444 441881 Ext: 8013 (lines are open from 10am to 3pm)

The Trust is under obligation to comply with requests for living patients promptly and within 1 calendar month of receiving a valid request. For deceased patients, the Trust has 40 days to respond. If clarification of your request is needed, these time periods do not start until that is received.

  • From May 25 2018, charges are no longer applied for requests under the Data Protection Act 2018 or EU GDPR (for live persons), and under the Access to Health Records Act 1990 (for deceased persons).

Under the DPA and GDPR, we are not obliged to comply with a follow–up request unless a reasonable period of time has elapsed since we responded to the previous request. In deciding what constitutes a reasonable period of time, we will take into account the nature of the personal information, the purpose for which it is being processed and the frequency of its alteration. As a general rule 12 months is considered to be a reasonable period of time between requests.

You can be refused access to your records or part of them:

  • if your doctor thinks you or someone else could be harmed as a result
  • the information relates to, or was provided by, an identified individual apart from yourself or a health professional
  • you are applying on behalf of someone who has died or who is no longer capable of managing their own affairs, but who originally gave the information on the understanding that it wouldn’t be revealed later.
Complaints about the handling of your request

Should you be unhappy with the outcome of your request, you should in the first instance contact the named individual at Brighton & Sussex University Hospitals NHS Trust who responded to your request or, if you prefer, the Trust’s Data Protection Lead or contact the Trust’s complaints team.

If you are still unhappy with the response you receive, you can contact the Information Commissioner’s Office (ICO) who regulates the Data Protection Act 1998. Their contact details are:

Information Commissioners Office
Wycliffe House
Water Lane

Brighton and Sussex University Hospitals NHS Trust is registered with the Information Commissioner’s Office as a Data Controller under the DPA and GDPR. To see details of our registration, please go to the ICO’s website, here.