[Skip to content]

Mid Cheshire Hospitals - NHS Foundation Trust
Departments and services How To Find Us
Search our Site

Your Data and Research

Who we are

Mid Cheshire Hospitals NHS Foundation Trust is the ‘Controller’ of the personal data that you provide us with, and is registered with the Information Commissioner’s Office (ICO) for the purposes of UK data protection legislation.

What research information we collect from you and why

Mid Cheshire Hospitals NHS Foundation is a research-active Trust.  We use personally-identifiable information to conduct health and social care research so we can improve healthcare and its services. The type of personal data we collect will be whatever is relevant to the objectives of the research project and will therefore depend on the particular type of project. This means that when you agree to take part in a research study we will use your data in the ways needed to conduct and analyse that study.

We will collect information in many ways, which include from your healthcare professional, referrals, medical records and from you directly.

Our research is approved by external regulators such as the Health Research Authority (HRA) and the National Research Ethics Service (NRES) where it is necessary to ensure you as a patient are protected.

In order to fulfil our duty under the NHS Constitution (link opens in new window) ‘to inform you of research studies in which you may be eligible to participate’ we may collect and enter data onto clinical research systems to help us manage and track your research journey. These systems are like any other healthcare system, recording only essential information and accessible only by staff involved in supporting the research.

We will not collect non-relevant personal data about you, and we will not share identifiable data outside the hospital without your consent.

Health and care research should serve the public interest, which means that we have to demonstrate that our research serves the interests of society as a whole. We do this by following the UK Policy Framework for Health and Social Care Research.

What is our legal status for collecting research data?

As a publicly-funded organisation we have to ensure that it is a task in the public interest when we use personally-identifiable information from people who take part in one of our research projects. This is known as our “legal basis” for the collection and processing of personal data under current data protection regulations (Article 6 GPDR).

Due to the sensitive nature of healthcare information it is further categorised, under current data protection regulations, as special category data. Where we collect this type of data we do so when “the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes...” (Article 9 GDPR)

The Trust is one of many organisations working in the health and care system to improve care for patients and the public.  The Information collected about you when you are using NHS services can be provided to other approved organisations, where there is a legal basis, to help with planning services, improving care provided, research into developing new treatments and preventing illness.  All of these help to provide better health care for you, your family and future generations.  Confidential personal information about your health and care is only used in this way where allowed by law and would never be used for insurance or marketing purposes without your explicit consent.

You have a choice about whether you want your confidential patient information to be used in this way. 

You can find out more about the wider use of confidential personal information and to register your choice to opt out by visiting www.nhs.uk/your-nhs-data-matters.  

How do we keep your data safe?

We must ensure there are safeguards in place when we use your personal and or sensitive date in our research projects. These include:

Policies and procedures for our researchers and staff on how to design studies and how to collect and manage your data appropriately       

  • Training to ensure our researchers and staff understand the importance of data protection and integrity

  • Ensuring we have effective, safe and secure physical locations to store and archive research data

  • Ensuring all research undertaken is appropriately scrutinised by an ethics and or regulatory body in accordance with the UK Policy Framework for Health and Social Care Research.

  • Ensuring we have contractual arrangements in place with any 3rd  party organisations (within or outside the EU) responsible for managing and or processing research data.

Who we share your information with

If you agree to take part in a research study, the information about your health and care may be provided to researchers running research studies in this organisation and in other organisations.  These organisations may be universities, hospitals or companies involved in health and care research in this country or abroad. As part of the consent process you will be given an information sheet which will have more information about how that particular study will use your data.

Your information will only be used by organisations and researchers to conduct research in accordance with the UK Policy Framework for Health and Social Care Research.

When we share information we will take every step to ensure your data is protected by either de-identifying/de-linking it to you and or by ensuring our data “processors” (3rd parties) are contractually responsible for maintaining confidentiality and data integrity.

Where we publish the results of any research it will contain no identifiable information.

How long we keep your information for

Research data must be kept for long enough to meet the legal and/or ethical requirements under regulations governing clinical research. The retention schedule for each study may be different and this will be outlined to you within the participant information sheet.

It is important for us to retain research data so that we are able to refer back to it to ensure the integrity of the project, and safety of the participants, is maintained.

What your rights are

If you consent to participate in a research study your rights to access, object, change, move and or delete/erase your information may be limited. This is because we need to manage the data in specific ways to ensure the research we conduct is reliable and accurate, and that we are accountable.  If you withdraw your consent to participate in a research project we may not remove all your data. We may keep the information about you that we have already obtained to ensure research integrity is maintained in the public’s interest, and that publicly funded research meets its goals. To safeguard your rights, we will strive to use the minimum personally-identifiable information possible.

Additional information on the nature of the research project and specifics of how your data will be managed if you participate will be contained within the participant/patient information sheet and or supplementary research transparency information sheet you are provided with. Please feel free to ask the researchers for any clarification you may require.

For more information about the general use of patient data in research in the health service please visit: https://www.hra.nhs.uk/information-about-patients

How to make a complaint

If you are unhappy with the way in which your personal data is being processed you may, in the first instance, lodge a complaint with the Trust’s Data Protection Officer using the contact details below.

If you continue to have concerns thereafter you have the right to contact the Information Commissioner for a decision. The Information Commissioner can be contacted as below:

Helpline:                0303 123 1113

Website:                https://ico.org.uk/for-the-public/raising-concerns/

ICO Registration number:   Z4846564

How to contact us

Should you wish to lodge a complaint about the use of your information, please contact the Trust’s Data Protection Officer: 

Cora Suckley
Head of Information Governance, IT Security and Data Protection Officer Mid Cheshire Hospitals NHS Foundation Trust
MD39 Residences
Leighton Hospital
CW1 4QJ 

Email: DPO@mcht.nhs.uk     

Telephone: 01270 273812 (Internal Extension 3812)

Latest news