Privacy Policy

Yorkshire Ambulance Service (YAS) NHS Trust is committed to protecting your personal data and privacy. We recognise that ensuring the accuracy and security of your personal data is essential to retaining your confidence and trust. The information you provide to us will only be used for the purposes that you provide it for and will never be used for third party marketing.

To ensure fairness and transparency, when we collect your personal data we will tell you what your information will be used for and who it will be shared with.

We take our data protection responsibilities extremely seriously and understand how valuable your personal data is. Any personal information you give to us will be processed in accordance with the Data Protection Act 2018, the General Data Protection Regulation (GDPR), Human Rights Act 1998, the relevant health service legislation, and the Common Law Duty of Confidentiality.

YAS provides an emergency ambulance and non-emergency patient transport service throughout the Yorkshire region as well as an urgent (non-emergency) medical help and advice line (NHS 111).

When you contact us as a patient, we collect information about you and keep records about the service we provide. We may also record information about you if you contact us for any other reason. We are a data controller and process your personal data in accordance with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR).

Information collected about you to deliver your healthcare is also used to assist with:

  • Making sure your care is of a high standard;
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care;
  • Supporting the funding of your care;
  • Helping train staff and support research;
  • Using statistical information to look after the health and wellbeing of the general public and planning services to meet the needs of the population;
  • Preparing statistics on our performance for the Department of Health and other regulatory bodies;
  • Reporting and investigating complaints, claims and untoward incidents;
  • Reporting events to the appropriate authorities when we are required to do so by law;
  • The auditing of NHS accounts and clinical audit of the quality of services provided.

The lawful basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health. Data protection law says it is appropriate to do so for health and social care treatment of patients, and the management of health or social care systems and services.

We may also process information when it is necessary for your legitimate interests or the legitimate interests of a third party (such as the health and safety of our staff), unless there is a good reason to protect your personal data which overrides those legitimate interests.

If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us not to use your information in this way.

From time to time we may contact you and ask you to tell us about your experience of our service. We do this as part of our commitment to providing a service that is responsive to the needs of the patients and their families and carers. We may send you a paper survey in the post or call you on the telephone and ask if you would be willing to answer some questions. You can choose whether or not you want to take part in these surveys, and if you decide that you do not want to then this will not affect your care in any way.

We may share your information for health purposes and for your benefit with other organisations such as other NHS Trusts, General Practitioners, and other partner organisations who could be providing specialist services on our behalf. We will not disclose any health information without an appropriate lawful basis.

YAS is signed up to the Leeds Care Record and the Yorkshire and Humber Care Record, virtual systems designed to give health and social care professionals access to the most up to date information about you.

You may be receiving care from other service providers as well as the NHS. If we have your permission, we may also share information about you so that you receive the best possible care with:

  • Social Care Services;
  • Education Services;
  • Local Authorities;
  • Voluntary and private sector providers working with the NHS.

Unless the sharing is specifically related to the direct provision of healthcare we will not share your information with anyone without your explicit consent. However, there are exceptions, which are listed below:

  • The public interest is thought to be of greater importance, for example:
    • If a serious crime has been committed;
    • If there are risks to the public or our staff;
    • To protect vulnerable children or adults.
  • We have a legal duty, for example registering births, notification of death, reporting infectious diseases, wounding by firearms, road traffic collisions and court orders;
  • We need to use the information for medical research; we have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority).

The other instances when we may use your data are below:

  • Support future improvements in health and social care nationally;
  • Help teach health and social care professionals;
  • Aid health research and developments*;
  • Monitor and audit the care we provide to ensure it is of the highest standard;
  • Investigate complaints, untoward incidents or legal claims;
  • Prepare reports on NHS and social care performance;
  • To ask you to complete a patient survey regarding your care; this is optional.

*If you do not want your personal information to be shared and used for research and planning, then you should contact the online service at www.nhs.uk/your-nhs-data-matters or call 0300 3035678. For further information please see National Data Opt Out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise. We are legally obliged to provide this information and do not require your consent. For further information, please see our Privacy Notice – NFI.

We have a duty to protect your personal information and confidentiality and we take our responsibilities very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data, whether it is in electronic or paper format.

Everyone working for YAS must comply with data protection legislation and the Common Law Duty of Confidentiality. Information provided to us will be used in confidence and only for the purposes explained to you and to which you consented, unless there are other circumstances covered by the law.

All staff are required to undertake annual data security and protection training and be aware of their information governance.

At Board level, we have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of information across the Trust and any associated risks and incidents. The SIRO for the Trust is our Executive Director of Quality, Governance and Performance Assurance.

The NHS also has an additional set of guidelines, known as the Caldicott Principles, which apply to the use of patient information. All NHS organisations are required to appoint a Caldicott Guardian to ensure patient information is handled in accordance with legal and NHS regulations. We have appointed our Executive Medical Director as Caldicott Guardian in acknowledgement of how seriously we take the protection of your right to confidentiality. Our Executive Medical Director is also a senior member of our Trust Board who understands the requirements for protecting the confidentiality of patient information as well as enabling appropriate information sharing.

We also have the necessary controls in place with external organisations that process data on our behalf, to ensure that the organisation complies with the UK data protection legislation and the GDPR.

The Trust will not transfer your personal data outside the UK unless there are arrangements in place to ensure an adequate level of protection for the rights and freedoms of data subjects.

Data protection law gives you rights in respect of personal information that we hold about you. These are:

  1. To be informed why, where and how we use your information;
  2. To ask for access to your information (known as “subject access”);
  3. To ask for your information to be corrected if it is inaccurate or incomplete;
  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it;
  5. To ask us to restrict the use of your information;
  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information;
  7. To object to how your information is used;
  8. To challenge any decisions made without human intervention (automated decision making).

The Trust has a legal basis for gathering and processing personal information necessary for the delivery of essential services. You have the right to request the Trust to stop processing your personal data in relation to services provided by the Trust. However, this may cause delays or prevent us delivering a service to you. Where possible we will seek to comply with such requests but this may not be possible where the Trust is required to do so by law, for the performance of our public task, to safeguard public safety, where there is a risk of harm and/or in emergency situations.

If you want to make a subject access request for personal data held in respect of any services provided by the Trust you should email: yas.subjectaccessrequests@nhs.net

Or make a written request to:

Legal Services Department Yorkshire Ambulance Service NHS Trust Headquarters Springhill 2 Brindley Way Wakefield 41 Business Park Wakefield WF2 0XQ Tel: 01924 584032

To ensure that personal data does not fall into the wrong hands, The Trust needs to be satisfied with the identity of the requestor. Consequently you will be asked to provide evidence of your identity. The Trust will provide your information to you within one month of receiving the request (and appropriate proof of ID); there is no fee payable for this service.

Information may be withheld if:

  • the organisation believes that releasing the information to you could cause serious harm to your physical or mental health;
  • harm is identified as possibly being caused to another person;
  • releasing the information presents a risk to the safe and secure operation of the organisation and its ability to deliver its legitimate business.

We are not obliged to tell you that information has been withheld.

Information may also be withheld if another person (i.e. third party) is identified in the record, and they do not want their information disclosed to you. However, if the other person was acting in their professional capacity in caring for you, in normal circumstances they could not prevent you from having access to that information.

If you think any information in your records is inaccurate or incorrect, please let us know using the contact details above.

Please remember that our staff have rights too and we do not expect their personal data to be used without their permission or abused in any way by patients or members of the public. This includes taking photographs or filming them for malicious reasons.

We retain your clinical records and details of 999 calls and calls to NHS 111 for 10 years (25 years in relation to children's records). Other records that may contain information about you are kept for varying lengths of time.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will only hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Like most websites, we use cookies from Google Analytics to anonymously track visits to pages. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make any attempt to find out the identities of those visiting our website.

We also use functional cookies to ensure our website operates correctly (for example, the accessibility toolbar options) but these are not used for tracking.

You can find out more about Cookies here: www.allaboutcookies.org.

From time to time, we may use visitor information for new, unanticipated uses not previously disclosed in our privacy notice. YAS will update this policy from time to time. To keep up-to-date with YAS’ policy, please check this page periodically.

The Trust's designated Data Protection Officer is the Head of Risk and Assurance, Helen Jones, who can be contacted by email: yas.dpo@nhs.net

Contact Details for Yorkshire Ambulance Service NHS Trust:

Yorkshire Ambulance Service HQ Springhill Brindley Way Wakefield 41 Business Park Wakefield WF2 0XQ Tel: 0845 120 0048 Email: yas.corpcomms@nhs.net

Should you wish to lodge a complaint about the use of your information, please contact the Trust’s Patient Relations Department at:

Patient Relations Department Yorkshire Ambulance NHS Trust Ambulance Headquarters – Springhill Wakefield 41 Business Park Wakefield WF2 0XQ Tel: 0333 1300549 E-mail: yas.patientrelations@nhs.net

If you are still unhappy with the outcome of your enquiry you can write to:

Information Commissioner's Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113