Data protection

Looking after information

All personal information is kept on the Trust’s electronic system or on paper files. The Data Protection Act makes sure all the information is kept safely and also gives all service users certain rights:

  • Service users, or their guardians, have the right to see the information which we keep.
  • All information is kept securely and only those who need it to help with treatment, have access to it.
  • We only pass on information about our service users if the other person has a genuine need to know or to protect your health.
  • We only pass on the information which is needed and no more.
  • The Data Controller is Birmingham and Solihull Mental Health NHS Foundation Trust.

The Trust has a Data Protection Officer who you can contact if you would like to discuss how the Trust uses your information:

Data Protection Officer

Information Governance Department

Birmingham and Solihull Mental Health Foundation Trust

52 Queensbridge Road, Moseley, Birmingham. B13 8QY. 


OurTrust would like to understand how well you feel we look after your personal information, and we would really appreciate you taking the time to complete our survey here.

Working with the Information Commissioner’s Office (ICO) to drive improvements

We take information governance very seriously and are continually looking at ways of improving our processes to ensure that data is protected. To this end, we actively encourage the reporting of information governance incidents so that we can highlight themes/ trends and issues, learn from them and take action to avoid similar incidents happening in future.

Part of our improvement plan is to be honest and open about incidents and work with the ICO constructively to ensure that our processes are as robust as possible. We invited the ICO to audit our processing of personal data in April 2014, and this audit covered data protection governance and security of personal data. This audit concluded that there is a reasonable level of assurance that the Trust has robust controls and processes in place to deliver data protection compliance. Reasonable assurance is the second highest rating that can be achieved.

The audit identified some scope for improvement in existing arrangements to help reduce the risk of non-compliance with the Data Protection Act, an action plan to address where improvement was required was implemented and achieved. The audit has therefore been valuable in helping us to drive further improvements in our processes. The executive summary of the audit report is available on the ICO website.

Sharing and using information

Keeping your records confidential: It is your legal right to have personal information kept secure and confidential.

By law everyone working in the NHS must keep service users’ personal information confidential and there are strict rules about protecting information held in paper files and on computers. Your records can only be seen or changed in any way by authorised staff, and they must not pass on information about you against your wishes. Staff can only do this in very specific circumstances, for example if the safety of others is at risk.

We may have to share information with GPs, other hospitals, social services or police for example. Our service users may be receiving or need care from other organisations who will need information from us in order that we can work together.

We also carry out reviews ourselves to help improve investigation and treatment, this is called clinical audit.

View more information on Sharing personal information here

Keeping your records up to date

Please help us to keep our information about you up to date by informing us if you change your name, address, GP or any contact details.

Access to your health record

You have a legal right to access personal information held about you; this is called a right of access request under data protection, and in some cases you have the right to access information about a deceased individual. If you wish to access your personal information or request on behalf of someone else, please complete the relevant application form below using the associated guides.

These should then be submitted to:

Information Requests,

Birmingham and Solihull Mental Health Foundation Trust

52 Queensbridge Road, Moseley, Birmingham. B13 8QY.

Or via email to (Please note we cannot guarantee the security of information whilst in transit).

We have a legal duty to reply promptly and at the most within 30 days, starting from the day we receive the information needed to identify you and the information you need. If we reasonably need more information to help find your information or identify you, we will write to ask you for the information we need. We will then wait until we have all the necessary information as well as the fee before dealing with your request.

Further information on your rights under data protection can be found at and via the Trust Fair Processing Notice (information available here and here).

Deprecated: htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated in /sites/ on line 4715