Information we hold about you

Personal data is information that relates to living individuals. It does not include information relating to dead people, groups or communities of people, organisations or businesses.

The Data Protection Act 1998 regulates the management of personal information. We need to handle personal information about you so that we can provide services for you.

This is how we look after that information.

When we ask you for personal information we promise to:

  • make sure you know why we need it; ask only for what we need and not collect too much or irrelevant information;
  • protect it and make sure no unauthorised person has access to it;
  • let you know if we share it with other organisations to give you better public services, and if you can say no;
  • make sure we don’t keep it longer than is necessary;
  • not make your personal information available for commercial use without your consent; and
  • consider your request to stop processing data about you.

In return we ask you to:

  • give us accurate information; and
  • tell us as soon as possible if there are any changes to your personal circumstances such as your address. This helps us to keep your information reliable and up to date.

Subject Access Requests

Anyone can make a request to see the information that Brighton & Sussex University Hospitals NHS Trust holds about them; this is referred to as a Subject Access Request.

To access a copy of your health records or your children’s records, if they are under the age of 16, or you are a relative of a deceased patient and require access, please complete the subject access request form and send to one of the following addresses:

Patients with surname A-G
Information Governance Office
Royal Sussex County Hospital
Sussex House
1 Abbey Road
Tel: 01273 696955 Ext: 4186 (lines are open from 10am to 3pm)

Patients with surname H-Q
Information Governance Office
Princess Royal Hospital
Lewes Road
Haywards Heath
West Sussex
RH16 4EX
Tel: 01444 441881 Ext: 5620 (lines are open from 10am to 3pm)

Patients with surname R-Z
Information Governance Office
Princess Royal Hospital
Lewes Road
Haywards Heath
West Sussex
RH16 4EX
Tel: 01444 441881 Ext: 8013 (lines are open from 10am to 3pm)

The Trust is obliged to comply with our obligations promptly and within 40 days of receiving a valid request and payment. If clarification of your request is needed, the 40 day period does not start until that is received.

Charges may be applied for requests under the Data Protection Act 1998 (for live persons) and under the Access to Health Records Act 1990 (for deceased persons).

The following indicative charges are provided for your information; you will be informed of the actual cost based on the volume of records requested and the format in which these are to be provided, along with payment methods, when your application and the relevant case notes have been retrieved from the Trust’s Medical Records Library:

Type of record Cost (Inclusive of non-refundable initial payment which should accompany your application)
Electronic records (including X-rays) – copy of £10 flat rate
Manual Health Records (living individual) – copy of Less than 75 sheets £35

More than 75 sheets maximum of £50

Both electronic and manual (living individual) – copy of Less than 75 sheets £35

More than 75 sheets maximum of £50

Viewing only £10
Viewing request which subsequently changes to viewing and copying As per copy of records
Viewing of manual records that have been added to in the last 40 days preceding the application Free of charge
Both electronic and manual records for deceased patients – copy of There is no maximum that the Trust can charge – fee will be based on volume of records

All charges are payable prior to you receiving the information requested.

You can be refused access to your records or part of them:

  • if your doctor thinks you or someone else could be harmed as a result
  • the information relates to, or was provided by, an identified individual apart from yourself or a health professional
  • you are applying on behalf of someone who has died or who is no longer capable of managing their own affairs, but who originally gave the information on the understanding that it wouldn’t be revealed later.
Under the DPA, we are not obliged to comply with a follow–up request unless a reasonable period of time has elapsed since we responded to the previous request. In deciding what constitutes a reasonable period of time, we will take into account the nature of the personal information, the purpose for which it is being processed and the frequency of its alteration.  As a general rule 12 months is considered to be a reasonable period of time between requests.

Complaints about the handling of your request

Should you be unhappy with the outcome of your request, you should in the first instance contact the named individual at Brighton & Sussex University Hospitals NHS Trust who responded to your request or, if you prefer, the Trust’s Data Protection Lead or contact the Trust’s complaints team.

If you are still unhappy with the response you receive, you can contact the Information Commissioner’s Office (ICO) who regulates the Data Protection Act 1998. Their contact details are:

Information Commissioners Office
Wycliffe House
Water Lane

Brighton and Sussex University Hospitals NHS Trust is registered with the Information Commissioner’s Office as a Data Controller under the Data Protection Act 1998. To see details of our registration, please go to the Information Commissioner’s Office website.