Patients

This notice relates to identifiable personal data, governed by the Data Protection Act 2018.

If you are seeking non-personal or corporate information under the Freedom of Information Act, please click here  

University Hospitals of North Midlands NHS Trust (UHNM) provides high-quality healthcare services across Staffordshire and beyond. We operate two main hospitals, Royal Stoke University Hospital and County Hospital in Stafford, delivering specialist, emergency, and routine care. Our dedicated staff work to improve patient outcomes through innovation, compassion, and excellence in clinical practice, education, and research.

Royal Stoke University Hospital
Newcastle Road
Stoke-on-Trent
Staffordshire
ST4 6QG
Tel: 01782 715444

UHNM is registered to process personal and sensitive information under the Data Protection Act 2018
registration number is Z7476085


Interested in Working at UHNM?
Visit our Vacancy Page to explore current job opportunities.

University Hospitals of North Midlands NHS Trust (UHNM) has appointed a Data Protection Officer (DPO) in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The DPO is responsible for:

  • Overseeing UHNM’s compliance with data protection legislation
  • Advising on the Trust’s legal obligations
  • Acting as a point of contact for individuals regarding their data protection rights

You can contact the Data Protection Officer at: DPO.UHNM@uhnm.nhs.uk

University Hospitals of North Midlands NHS Trust (UHNM) collects and holds personal information in various formats, including paper records, electronic systems, and audio/video files. Information accessed by patients via secure apps on personal devices is also securely stored.

We collect personal and special category data to provide safe, effective care. This includes:

Personal Information:

  • Full name (including preferred or maiden name)
  • Date of birth
  • NHS number
  • Contact details (telephone, email)
  • Next of kin and GP details
  • Power of Attorney status
  • Financial details (for private healthcare)
  • Visual images (e.g. CCTV, drone footage, body-worn cameras for security)
  • Protection orders or safeguarding status
  • Emergency Department appointment data (via NHS Digital’s
  • Emergency Department Digital Integration system here)

Healthcare Records:

  • Notes and reports on treatment and care
  • Appointment history, phone calls, and home visits
  • Medical conditions (physical and mental health)
  • Test results (e.g. x-rays, lab reports)
  • Current and future care needs
  • Involvement of other agencies, professionals, and relatives

Special Category Data:

  • Racial or ethnic origin
  • Sexual orientation
  • Genetic and biometric data
  • Sex life information

Additional Information:

  • Audio/visual files used for training or marketing (only with explicit consent)
  • Geolocation tracking of medical devices (please note that this is location of the device only)
  • Summary Care Record (SCR): Contains key GP information (e.g. medications, allergies) and may be shared with hospital staff unless you’ve opted out. This may also be added to the Integrated Care Record (One Health & Care). Further details of that can be found here
  • Personal Demographic Service (PDS): Helps healthcare professionals match patients to records and communicate via text/email. Further information about PDS can be found here

Alerts on Patient Records:

In some cases, UHNM may place an alert on a patient’s record to inform staff of specific considerations (e.g. access needs). These alerts are subject to a rigorous review process to ensure proportionality and compliance with Article 8 of the Human Rights Act.

Your data may be used for the following purposes:

  • Healthcare delivery – To provide you with appropriate treatment and care.
  • Chaplaincy and pastoral care – To support your spiritual and emotional wellbeing.
  • Financial accountability – To ensure public funds are used appropriately.
    Complaints and incident investigations – To review and respond to concerns or legal claims.
  • Service planning – To help design services that meet future patient needs.
  • Quality assurance – To review and improve the standard of care provided.
  • Specialised service management – To coordinate and deliver targeted healthcare services.
  • Collaborative care – To share information with approved external organisations (e.g. Age UK, Revival, Vast) for specific, justified purposes, authorised by UHNM’s Caldicott Guardian.
  • Regulatory reporting – To demonstrate performance and compliance to oversight bodies.
  • Patient feedback – To gather insights through surveys for service improvement.
  • Research – Only with your explicit consent, your data may be used for ethically approved research.
  • Appointment management – To send reminders and updates via email (where provided).
  • Summary Care Record (SCR) – Hospital staff may access your SCR prior to outpatient appointments, unless you have opted out. This includes key GP information such as medications, allergies, and adverse reactions.

We take the security and confidentiality of your personal information very seriously. When you share your data with us, we ensure it is stored safely and handled in line with data protection laws.

Secure Systems
Your information is stored on secure NHS systems that are protected by strong technical safeguards. These systems are regularly monitored and updated to prevent unauthorised access, loss, or misuse.

Access Controls
Only authorised staff who need access to your information to provide care or support are able to view your records. All staff are trained in data protection and confidentiality.

Retention and Disposal
We keep your data only for as long as necessary, in line with NHS records management policies. When your information is no longer needed, it is securely deleted or destroyed.

Paper Records
If any of your information is held in paper format (e.g. forms or letters), it is stored in locked cabinets or secure areas with restricted access.

Backups and Recovery
We maintain secure backups of your data to ensure it can be recovered in the event of a system failure. These backups are also protected and stored securely.

At UHNM, we are committed to safeguarding your personal data. Your privacy and trust are important to us, and we take every measure to protect your information.

UHNM is committed to safeguarding your data. We ensure:

  • Full compliance with the Data Protection Act 2018 and the Information
  • Commissioner’s Office (ICO) registration requirements.
  • Clear guidance for patients and staff on how we manage identifiable data.

Support from our Data Security & Protection Team, who can be contacted at: DSPuhnm@uhnm.nhs.uk 

University Hospitals of North Midlands NHS Trust (UHNM) processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a public authority, UHNM’s official authority to process data is derived from the National Health Service and Community Care Act 1990.

Legal Grounds for Processing

To process personal data, UHNM must have a valid legal basis. The appropriate basis depends on the nature and purpose of the processing.

These include:

  • Consent – Where required, we will seek your explicit consent. You have the right to withdraw your consent at any time.
  • Contract – Necessary for fulfilling contractual obligations, such as employment contracts.
  • Legal Obligation – Required to comply with legal duties.
    Vital Interests – Necessary to protect someone’s life.
  • Public Task – Necessary for performing a task in the public interest or under official authority.
  • Safeguarding – Where there is a safeguarding concern, data may be shared to protect individuals at risk.

Healthcare Provision
For the delivery of healthcare services, UHNM relies on the following legal bases:

  • Article 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or under official authority.
  • Article 9(2)(h) – Processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, and the provision of health or social care.

Purpose of Processing

University Hospitals of North Midlands NHS Trust (UHNM) has a legal and ethical duty to safeguard children, young people, and adults at risk. To fulfil this duty, we may need to collect, use, and share personal information to identify and respond to safeguarding concerns.

What Information We Collect
Safeguarding information may include:

  • Personal details (e.g. name, date of birth, contact information)
  • Health and social care records
  • Details of safeguarding concerns or incidents
  • Information about family members or carers
  • Risk assessments and professional opinions
  • Outcomes of safeguarding investigations

Lawful Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing safeguarding information are:

  • Article 6(1)(c) – Processing is necessary for compliance with a legal obligation
  • Article 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
  • Article 9(2)(b) – Processing is necessary for carrying out obligations and exercising specific rights in the field of social protection law
  • Article 9(2)(g) – Processing is necessary for reasons of substantial public interest (safeguarding of individuals at risk)

How We Use and Share Your Information

We use safeguarding information to:

  • Assess and manage risks to individuals
  • Make referrals to appropriate safeguarding bodies
  • Support multi-agency safeguarding investigations
  • Fulfil our statutory duties under the Children Act 1989, Care Act 2014, and other relevant legislation

We may share safeguarding information with:

  • Local authorities (e.g. social services)
  • Police and other law enforcement agencies
  • NHS organisations and healthcare professionals
  • Education providers
  • Regulatory bodies (e.g. CQC)
  • Other safeguarding partners as appropriate

We only share information where it is lawful, proportionate, and necessary to protect individuals from harm.

Retention of Data
Safeguarding records are retained in accordance with UHNM’s Policy DSP16 Information Lifecycle & Records Management and the Records Management: NHS Code of Practice. Retention periods vary depending on the nature of the safeguarding concern and the individual’s circumstances.

Your Rights
You have rights under UK GDPR, including the right to access your personal data. However, in safeguarding cases, some rights may be restricted to protect individuals or prevent harm.


For more information or to exercise your rights, please contact the DSP Team DSPUHNM@UHNM.nhs.uk 

University Hospitals of North Midlands NHS Trust (UHNM) uses a range of secure communication methods to ensure patients receive timely and appropriate information. All communication channels are reviewed and approved by the Data Security & Protection Team, and patients will be informed of the method being used before contact is made.

Approved Communication Methods

  • Written correspondence – Letters sent to your registered address.
  • Text messages – Used for urgent updates, such as rescheduling clinic appointments.
  • Telephone calls – For direct communication with patients or their representatives.
  • Email – May be used for appointment letters or updates, including communications related to the One Health and Care project.
  • Video conferencing – Used for remote consultations or when staff are working off-site.
  • Video diagnosis – Enables clinicians to assess patients remotely when in-person attendance is not possible.
  • Secure apps – Patients may be invited to provide updated information via a secure digital platform.
  • Patient Portal - UHNM is pleased to offer patients access to Patients Know Best (PKB) – a secure, online patient information portal that allows you to view and manage your health information from any smartphone, tablet, or computer. Further information can be found under the Specific Projects section of this privacy notice.

UHNM may send electronic appointment letters, offer video consultations, or invite patients to update their details through a secure app. All methods are selected to ensure confidentiality, security, and convenience.

To provide you with safe, effective, and coordinated care, University Hospitals of North Midlands NHS Trust (UHNM) may share your personal information with a range of organisations. All sharing is governed by strict legal, ethical, and security standards.

1. NHS Organisations
Other NHS Trusts, Ambulance Services, GPs, and NHS bodies involved in your care.

Collaborative NHS services such as:

  • Wayfinder App (via NHSE) – allows patients to view outpatient appointments through the NHS App.
  • Integrated Care Record (One Health & Care) – a regional initiative involving GP practices, local authorities, hospital trusts (acute, community, mental health), and commissioning groups. This provides clinicians with a snapshot of relevant patient data to support care.
  • West Midlands Digital Pathology Network
  • Stoke CCG Homeless Healthcare Initiative

2. Non-NHS Organisations Involved in Your Care

  • Social Services, Local Councils, Private Care Homes, Charities, Community Pharmacies, and other voluntary or private sector providers.


3. Non-NHS Organisations Providing Services on UHNM’s Behalf

  • Organisations contracted to deliver direct healthcare services, such as remote patient monitoring.

4. Mandated Sharing with National Bodies

  • Cancer Registries, Renal Disease Registries, Public Health England, Infected Blood Compensation Authority, and other statutory bodies.

5. Non-NHS Organisations Offering Support Services

  • Where UHNM believes you may benefit from external services, we may share your information with relevant organisations. You are under no obligation to engage, and refusal will not affect your care by UHNM e.g. Keep Well Keep Warm initiative and further details for this initiative are included in the One Health & Care Privacy Notice here