How CNWL Addictions services use your information

CNWL’s Addictions Directorate provides the following services: 

Drugs and Alcohol

• Hillingdon
• Hounslow 
• Milton Keynes
• Ealing / Southall
• Brent
• Kensington and Chelsea
• Hammersmith & Fulham
• Westminster

Behavioural Addictions

• National Centre for Gaming
• National Centre for Gambling
• East of England Gambling Service

Smoking Cessation

• Hillingdon
• Camden and Islington 

We want you to have confidence in the way we handle your information.  

We will manage your personal information fairly, lawfully and transparently. You’ll know how we use your information and we’ll tell you about your rights too.  

We want to make sure that you have confidence in CNWL Addictions services and feel comfortable about giving us your information. 

Safely looking after your information is a key part of our relationship with you.  

If you have questions or concerns, please get in touch with the relevant service (a link to each service is in the table above, if you are looking at this electronically). You can also find our contact information on our Addictions website (or search ‘CNWL Addictions’). It is important to us that you are happy with the arrangements that we have made for your care, so please ask us if you aren’t quite sure.  

CNWL have a Data Protection Officer (known as a ‘DPO’) and a dedicated team that looks after data privacy rights across the organisation. If you have a complaint about the way your data is handled, you can contact them by emailing cnwl.dpo@nhs.net or our Information Governance team on healthrecords.cnwl@nhs.net. 

You can also write to the team at Data Protection Officer Central and North West London NHS Foundation Trust, Gordon Hospital, Bloomburg Street London SW1V 2RH. 

If after speaking with them you are still not happy, you can contact the data protection supervisory authority, the Information Commissioner’s Office on www.ico.co.uk. 

In addition to basic details such as your address, date of birth, ethnicity, NHS number and next of kin, we keep contact information for you and others involved in your care, information about your background, assessments, results of questionnaires and investigations tests, details of the care we give you, correspondence related to your care and our plans for your future care.

It is important that you tell us as soon as is practically possible if you change your contact details, to ensure that we can contact you.

When you use our services, we will record relevant personal and clinical information you provide to us. We may also receive relevant information about you from different people such as a parent, guardian or representative you have appointed.  

We will only share your clinical health information with NHS care professionals and other care providers involved in your care when it is appropriate, fair and lawful to do so. Other clinical providers and partners involved in your care may share your information with us.  

We will collect and share personal information that is relevant to your care. We will meet our obligations to you under the General Data Protection Regulations and Health and Social Care Act 2012, which include:  

• Providing your healthcare  
• Working with other agencies and partners involved in your healthcare  
• Telling you about CNWL services  
• Updating, consolidating and improving the accuracy of our records  
• Maintaining and improving our health services, making sure your care is safe and effective  
• Responding to your enquiries and complaints  
• Managing your relationship with us  
• Assisting regulatory authorities with their functions  
• Safeguarding  
• Crime detection, prevention and prosecution.  
• Clerical staff, receptionists and secretarial staff will need to use information in your records to carry out administrative tasks, such as booking appointments and communicating with you and other parts of the NHS. (For instance, with your consent, we may use your mobile phone details to provide a text messaging reminder service to notify you in advance of your appointment).  

We will never share information with your friends, colleagues or neighbours without your consent and we will not pass on information to your family if you do not want us to.  

NHS staff who provide care should always:  

• Discuss and agree with you what they are going to record about you  
• Give you a copy of letters they are writing about you, if you ask  
• Show you what they have recorded about you, if you ask  

Ask for your consent to share information with other healthcare professionals.

• Information is recorded on paper and computer systems. 
• Core healthcare records are kept in computer form within secure and approved database systems. These systems meet strict security standards and cannot be accessed by anyone without permission. The Trust will on occasion collate, analyse or transfer your clinical or administrative data using approved digital automation processes in order to provide efficient and clinically safe services. 
• Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality.  

The primary purposes for collecting information is for the provision of healthcare services, and our statutory duty to maintain an accurate, complete and contemporaneous record in respect of each service user, including a record of the care and treatment provided and of decisions taken in relation to the care and treatment provided.  

Clinical care 

We obtain, record, share and use your information as part of CNWL’s responsibility to provide your clinical treatment. This includes:  

• Healthcare provision/Clinical Audits  
• Diagnosis  
• Treatment  
• Social care  
• Management of our care record systems  
• Maintaining and improving health services  

Our healthcare professionals and employees are under obligation maintain professional secrecy and are required to maintain confidentiality as part of their employment contract. Everyone working for CNWL is subject to the common law duty of confidentiality.  

Protection of life and vital interests  

CNWL may use your information to protect you or someone else’s life when this is absolutely necessary.  

Legal obligations  

Sometimes we are required by law to pass on certain information about you. Legal obligations to share information include:  

• Notifying officials of infectious diseases which present significant risk to human health and the wider public under the Public Health (Control of Disease) Act 1984 and the Health Protection (Notification) Regulations 2010  
• Where a court orders us to share your information  
• When it’s required by us or others to detect, investigate or prevent serious crime
• Assisting third parties with regulatory responsibilities such as the Care Quality Commission and Information Commissioner’s Office

When determining how long we keep your information, we consider any legal requirements, the expectations of the data protection regulator and the amount of time we need to hold your personal information to provide safe clinical care.  

The Record Management Code of Practice for Health and Social Care 2021 sets out what people working at CNWL need to do to manage records correctly. We follow a retention schedule which makes sure that information we no longer need is destroyed. 

Cookies are small text files that are held on your computer. We use cookies to gather information to help us improve the website. We have a dedicated Cookies Policy for inspection.  

Store personal data – data will only be held for as long as it's required and for the reason it was collected. After this it will be stored in line with the Records Management Code of Practice for Health and Social Care 2016 and be disposed of securely after this time.  

Keep data secure and confidential – the Trust must ensure that your personal data is kept secure at all times. This includes technical security such as firewalls and anti-virus software, along with physical security to protect against theft or loss of data, either on computer systems or paper-based. We also carry out Data Protection Impact Assessments (DPIAs) where required, to identify and minimise data protection risks. A DPIA may be made available on request by completing this form   

Pass on your data – we may need to provide your personal information to another organisation to comply with our legal obligations, to carry out a public task, or for reasons of public interest. We may also need to share your information if this is within your best interests, for example, if you require urgent care or there are safeguarding concerns.  

Reporting data breaches – The GDPR states that organisations must have suitable controls in place to detect personal breaches as well as reporting them to a relevant authority within 72 hours, if they are deemed to be of a significant risk. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, the Trust will inform those individuals without undue delay.  CNWL Addictions services have a robust breach detection, investigation and internal reporting procedures in place to ensure your data is kept safe.  

You have certain rights over your personal information. These include:  

• A right to access a copy of your personal information  
• A right to object to the way we use your personal information as described above. 

And in certain circumstances:

• A right to ask for your personal information to be corrected and updated
• A right to ask for your personal information to be destroyed
• A right to restrict CNWL in how we can use your personal information

We may have to confirm your identity and for further requests for the same information, a reasonable fee may be charged to cover CNWL administration costs where the request is deemed to be 'manifestly unfounded' or ‘excessive ' under the Access to Health Records Act 1990.  

If you request to have your records amended, and we are unable to make the amendment, we will attach a statement of your views to your records.  

For concerns about your information rights, contact our Data Protection Officer via cnwl.dpo@nhs.net