Patient Hub Privacy Notice

Introduction

Leeds and York Partnership NHS Foundation Trust (LYPFT) is committed to protecting your privacy and ensuring the confidentiality of your personal and health information. This Privacy Notice explains how we collect, use, share, and protect your data when you use Patient Hub. For more details, please see our main Privacy Policy.

Who We Are

When you use Patient Hub, LYPFT is the Data Controller responsible for processing your personal data in compliance with UK GDPR and the Data Protection Act 2018. For any questions, contact our Head of Information Governance and Data Protection Officer (DPO): Carl Starbuck via the Information Governance inbox.

Purpose of the Patient Hub

The Patient Hub is a secure online platform that allows you to:

  • View Appointment Information
  • Receive notifications
  • Complete online forms and health questionnaires
  • Access health-related materials for Waiting Well

The portal is provided in partnership with Netcall, acting as a Data Processor on behalf of LYPFT.

When you use Patient Hub, we process your data under the following legal bases:

  • UK GDPR Article 6(1)(e) – This is so we can carry out the public task of providing healthcare services to you via the Patient Hub
  • UK GDPR Article 9(2)(h) – This is so we can process special category data necessary for the provision of health or social care
  • UK GDPR Article 6(1)(a) – We rely on your consent to register and authenticate your account. You can withdraw this consent by changing your communication preferences with your care team at any time during the course of your care. Whilst this withdrawal of consent will close your account on the Patient Hub, any and all information received via the Patient Hub will be retained in your records, held under the legal bases quoted above.

What Information We Collect

When you use Patient Hub, we may process:

  • Personal Information: Name, Date of Birth, NHS number, address, contact details, next of kin
  • Health Information: Medical history, diagnoses, treatment details, medications, allergies, test results, appointment records and letters
  • Technical Data: IP address, browser type, login activity, usage patterns when you use Patient Hub

How We Use Your Information

We use your data to:

  • Provide secure access to your health records
  • Enable appointment information viewing
  • Communicate with you via SMS, email, or notifications

How We Keep Your Data Secure

When you use Patient Hub, your data is stored securely using encryption and strict access controls. Only authorised Trust staff who are involved in your care will access your records. All data is stored within the UK according to NHS security standards.

How Long We Keep Your Information

When you use Patient Hub, we retain your information as per the NHS Records Management Code of Practice (2023). Active accounts remain available while you use the Patient Hub. If you request deletion, your account will be deactivated, but your clinical records remain part of your NHS record, retained for the periods stipulated in the Code of Practice. This is usually 20 years after you are discharged from our services, or for 10 years after death, if still open to our services when this occurs. Records can sometimes be retained for longer than this – e.g. in the event that an official healthcare or Government inquiry is taking place.

Your Rights Over Your Data

You have rights under data protection law, including:

  • Right to Be Informed – You have the right to know how we use your data.
  • Right of Access – You can request a copy of your data.
  • Right to Rectification – You can ask us to correct inaccurate information.
  • Right to Erasure (“Right to be Forgotten”) – You can request account deletion (but your medical records will still be retained).
  • Right to Restrict Processing – You can ask us to limit how we use your data.
  • Right to Data Portability – You can request a copy of your data in a structured format.
  • Right to Object – You can object to how your data is processed.

To exercise your rights, contact our Head of Information Governance and Data Protection Officer (DPO): Carl Starbuck via the Information Governance inbox. For more details, visit the Information Commissioner’s Office website.

Opt-Out of Secondary Use

You can opt out of your data being used generally for research and planning via the National Data Opt-Out. Using Patient Hub is voluntary and if you choose not to use it, we will provide you with the information available via other methods.

Sharing Your Information

We do not sell your data. We may share it with other NHS services directly involved in your care or legal authorities where required by law.

Changes to This Privacy Notice

We may update this notice from time to time. Please check our website for the latest version.

Contact Us and Complaints

If you have concerns or questions about how your data is handled when you use Patient Hub, please contact our Head of Information Governance and Data Protection Officer (DPO): Carl Starbuck via the Information Governance inbox.

If you are not satisfied with our response, you can contact the Information Commissioner’s Office to make a complaint or call 0303 123 1113

 

Page last updated: 27th Oct 2025 10:52am