Skip to main content
Oxford University Hospitals NHS Foundation Trust

This site is best viewed with a modern browser. You appear to be using an old version of Internet Explorer.

Privacy Notice

How we use your information - legal aspects

The ways in which we use your information are governed by law. The principal legislation that applies is the EU General Data Protection Regulation (GDPR), which come into force on 25 May 2018 and is being incorporated into a new Data Protection Bill currently going through parliament (May 2018).

In addition, confidential information about you that you give to our staff to enable them to provide your care is governed by the common law duty of confidentiality, as described in:

Confidentiality: the NHS Code of Practice (pdf).

Clinical (direct) care

When your information is used for your care and administrative purposes related to your care, we rely on Article 6(1)e and Article 9(2)h of the GDPR.

Secondary (indirect care) purposes

When there is a legal requirement that we provide specified data to NHS Digital for example, we rely on Article 6(1)c of the GDPR. In cases where the common duty of confidentiality cannot be satisfied through consent we seek approval from the Secretary of State via the Confidentiality Advisory Group under Section 251 of the National Health Service Act 2006.

Research

Im most instances we will rely on Article 6(1)e and Article 9(2)j of the GDPR if and when we use your information for research. If you have formally consented to take part in research, this will satisfy the common law duty of confidentiality. Where it has been impracticable to obtain your consent we will seek approval from the Secretary of State via the Confidentiality Advisory Group under Section 251 of the National Health Service Act 2006.

Back to main privacy notice

DEPARTMENTS AND SERVICES