South East Coast (SEC) NHS 111 SERVICE


How we use your information – Patient Records

  1. Who we are

South East Coast Ambulance Service (SECAmb) provides NHS care and treatment for people living in South East England, and as a Trust we:

  • Receive and respond to 999 calls from members of the public
  • Receive and respond to 111 calls from members of the public
  • Receive and respond to requests received through the NHS 111 Online Service
  • Respond to urgent calls from healthcare professionals e.g. GPs

We provide these services across the majority of the South East Coast region of Kent Medway, Surrey and Sussex. We aim to provide you with the highest quality care and in order to do this, we must keep records about you and the care we provide for you.

Health records are held on paper and electronically. We have a legal duty to keep these confidential, accurate and secure at all times in line with data protection laws.

Our staff are trained to handle your information correctly and protect your privacy.

We maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing.  Your information is never collected for direct marketing purposes, and is not sold on to any other third parties.  Your information is not processed overseas.

Sometimes your care may be provided by members of a care team, which might include people from other organisations such as health; social care; education; or other care organisations.  Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care 2016 as set out in the NHSx Records Management Code of Practice 2021.

Information collected about you to deliver your healthcare is also used to assist with:

  • Making sure your care is of a high standard.
  • Using statistical information to look after the health and wellbeing of the general public and planning services to meet the needs of the population.
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care.
  • Preparing statistics on our performance for the Department of Health and other regulatory bodies.
  • Helping train staff and support research.
  • Supporting the funding of your care.
  • Reporting and investigation of complaints, claims and untoward incidents.
  • Reporting events to the appropriate authorities when we are required to do so by law.
  • Testing / implementing new systems or processes. In such instances we will ensure that anonymised or minimal patient information is used.

The legal basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health and data protection law. It is appropriate to do so for health and social care treatment of patients, and the management of health or social care systems and services.

Some of your information will also be shared with NHS Digital to improve NHS 111 and 999 services, the information received through their intelligence data tool consists of outcome data which is not identifiable.

If we need to use your personal information for any reason beyond those stated above, we will discuss this with you.  You have the right to ask us not to use your information in this way.

However, there are exceptions to this which are listed below.

  • The public interest is thought to be of greater importance for example:
    – If a serious crime has been committed
    – If there are risks to the public or our staff
    – To protect vulnerable children or adults
  • We have a legal duty, for example registering births, reporting some infectious diseases, wounding by firearms and court orders
  • We need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority)

Data protection laws give individuals rights in respect of the personal information that we hold about you.

These are:

  1. To be informed why, where and how we use your information.
  2. To ask for access to your information.
  3. To ask for your information to be corrected if it is inaccurate or incomplete.
  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it.
  5. To ask us to restrict the use of your information.
  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
  7. To object to how your information is used.
  8. To challenge any decisions made without human intervention (automated decision making).
  1. SEC NHS 111 service

NHS 111 is the NHS non-emergency telephone number which allows people to speak to a team of fully trained advisers, supported by experienced nurses and paramedics. This service is provided by SECAmb in Sussex, North Kent, West Kent and Medway.

During contact you will be asked a series of questions to assess your symptoms and will be immediately directed to the best medical care for you. The service is used in instances where urgent medical help or advice is needed but it’s not a life-threatening situation such as:

  • You need medical help fast but it’s not a 999 emergency
  • You think you need to go to A&E or need another NHS urgent care service
  • You don’t know who to call or you don’t have a GP to call
  • You need health information or reassurance about what to do next

Where possible, the NHS 111 team will book you an appointment or transfer you directly to the people you need to speak to. Calls to NHS 111 are recorded and all calls and the records created are maintained securely.

Information recorded during the call will be shared with other health professionals directly involved in your care, this also includes the 999 service should this be clinically needed.

NHS 111 Online

The NHS 111 online service allows individuals to refer themselves to the NHS 111 telephone service based on certain assessment outcomes. When you use NHS 111 online the personal information you provide is automatically passed through to the NHS 111 service.

This service presents patients with a range of questions relating to their health which is then forwarded together with their personal details to the healthcare service selected, should the individual (or the person you are contacting them about) choose to be referred. The information received is then held within the NHS 111 telephone service.

These records may include:

  • Basic details about you, such as your name, address, date of birth, next of kin,
  • Contact we have previously had with you.
  • Notes and reports about your health, treatment and care.
  • Relevant information from people who care for you for example, other Health
  • Professionals and relatives.

By agreeing to NHS 111 online you are also agreeing that your personal data can be forwarded to us so that we can provide your care.

Your completed notes will be passed onto your GP or healthcare provider to ensure your continuity of care. This will also ensure that there is a full record of your care held centrally.

You are able to object to this sharing of data as we have an obligation to consider the Common Law Duty of Confidentiality, however, if we feel that not sharing the data would cause you serious harm we will consider your vital interests. This will be fully explained to you at the end of each period of care.

For more information on this please see their website:

It is essential that your details are accurate and up-to-date. Always check that your personal details are correct and please inform us of any changes as soon as possible.

  1. 3.Confidentiality affects everyone and is everyone’s responsibility.

South East Coast Ambulance Service NHS Foundation Trust (SECAmb) captures, stores and uses large amounts of personal data every day. For example, we collect data about your contact with us, our employees, and the contracts we have with our suppliers.

Our staff, and the agencies we work with to provide healthcare, use this data in the course of their work. Please see section 7 for further information.

We have a duty to protect your personal information and confidentiality and we take our responsibilities very seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data, whether it is in digital form or on paper.

Everyone working for SECAmb must comply with data protection legislation and the Common Law Duty of Confidence. Information you provide to us will be used in confidence and only for the purposes explained to you and to which you consented, unless there are other circumstances covered by the law.

SECAmb complies with the NHS Confidentiality Code of Conduct. All our staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

SECAmb has a designated “Caldicott Guardian”, who is responsible for the management of patient information and confidentiality and a designated Senior Information Risk Owner (SIRO) who is responsible for ensuring the robust management of all information assets, any associated risks and incidents that occur.

Both of these roles are undertaken by senior members of the Trust Board.

  1. Why do we collect information about you?

The doctors, nurses and team of healthcare professionals caring for you keep records about your health and any treatment and care you receive. These records help to ensure that you receive the most appropriate care. They may be written in paper records or held on computer.

Telephone calls to the NHS 111 service are recorded for the following purposes:

  • To make sure that staff act in compliance with Trust procedures.
  • To ensure quality control.
  • For training, monitoring and service improvement
  1. How is your personal information used?

Your records are used to direct, manage and deliver the care you receive to ensure that:

  • The doctors, nurses and other healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you.
  • Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive.
  • Your concerns can be properly investigated if a complaint is raised.
  • Appropriate information is available if you see another healthcare professional, or are referred to a specialist or another service of the NHS or other agency connected with your care.
  1. The NHS Care Record Guarantee

The Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing.

Copies of the full document can be obtained from:

  1. Who do we share personal information with?

Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.

Unless you tell us not to, we will share information with the following main partner organisations:

  • Other NHS Trusts and hospitals that are involved in your care.
  • NHS commissioners and other NHS regulatory bodies.
  • General Practitioners (GPs).
  • Other Ambulance Services. This also includes our counterparts within the SECAmb 999 service
  • GP led services – e.g. Out of Hours

You may also be receiving care from other people as well as the NHS, for example Social Care Services. If we have your permission, we may also share information about you, so that you receive the best possible care, with:

  • Social Care Services.
  • Education Services.
  • Local Authorities.
  • Voluntary and private sector providers working with the NHS.

Unless the sharing is specifically related to the direct provision of healthcare we will not share your information with anyone without your explicit permission. The only exception to this may be if the health and safety of others is at risk, or if the law requires us to pass on information.

  1. Disclosure of information

Patient right to object to processing/opt-out

You have the right to restrict how and with whom we share the personal information in your records that identifies you.

There are choices you can make about how your information is used, and you can choose to opt out of your information being shared or used for any purpose beyond providing your care.  This must be noted explicitly within your records in order that all healthcare professionals and staff treating and involved with you are aware of your decision.

Please note that not choosing to share your information may have an impact on your care and by sharing your information it will improve NHS services and the experience of treatment and care for our patients.

If you do not wish to share your information, then please inform the 111 Service when you contact them. They will then mark your non-disclosure against your current call although any previous calls on record cannot be amended.

You can change your mind at any time about a disclosure decision.

  1. What is the National Data Opt-Out?

The national data opt-out policy was introduced on 25 May 2018, following recommendations from Dame Fiona Caldicott in the ‘Review of data security, consent and opt-outs’.

National data opt-out is a service which allows the public to opt out of their confidential information being used for purposes beyond their individual care and treatment.

This review aimed to ensure that the public can make choices on how their data is used for Research and Planning purposes.

The information collected can also be used and provided to other organisations for purposes beyond individual care, for instance to help with:

  • Improving the quality and standards of care provided
  • Research into the development of new treatments
  • Preventing illness and diseases
  • Monitoring safety
  • Planning services

This may only take place when there is a clear legal basis to use this information which is used to provide and improve healthcare. Confidential patient information is only used where allowed by law.

Most of the time, anonymised data is used for research and planning so that individuals cannot be identified, in which case confidential patient information isn’t needed.

Individuals have a choice about whether they chose to have their confidential patient information to be used in this way. If they do not object to this happening then no action needs to be taken. However, should they choose to opt out their confidential patient information will still be used to support individual care.

Individuals who decide that they do not wish to share their personal information shared and used for purposes other than for their care and treatment, should contact the GP Practice who they are registered with and ask for further information about how to register their objections. This should not affect the care and treatment they receive.

See section on Patient Control of Information below for further details.

Patient Control of Information

Individuals may choose to prevent their confidential information from being shared or used for any purpose other than providing care.

There are two choices available:

  1. Individuals can object to their information leaving a GP Practice in an identifiable form for purposes other than direct care.
    This means that confidential information will not be shared with other organisation for non-direct care purpose.
    This is referred to as a ‘type 1′ objection; or
  2. Individuals can object to their information leaving NHS Digital in an identifiable form.
    This means that confidential information will not be sent to anyone outside NHS Digital.
    This is referred to as a ‘type 2′ objection.

Information from other places where you receive care, such as hospitals and community services is collected nationally by NHS Digital.

If you do not want information that identifies you to be shared outside your GP practice, please speak to a member of staff at your GP practice to ask how to “opt-out”.

The Practice will add the appropriate code to your records to prevent your confidential information from being used for non-direct care purposes.

Please note that these codes can be overridden in special circumstances required by law, such as a civil emergency or a public health emergency.

If you do not want your personal confidential information to be shared outside of NHS Digital, for purposes other than for your direct care you can register a type 2 opt-out with your GP practice. Patients are only able to register the opt-out at their GP practice.

For further information and support relating to type 2 opt-outs please contact:

NHS Digital contact centre at referencing ‘Type 2 opt-outs — Data requests’ in the subject line;

Alternatively call NHS Digital on (0300) 303 5678; or visit their website here:

What does it mean for me?

To find out more or to register your choice to opt out, please visit

On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

If you have questions about this, please speak to staff at your GP practice, check NHS Digital frequently asked questions, or call their dedicated patient information line on 0300 456 3531.

You can also find out more about how patient information is used at:

Health Research Authority

NHS Digital

You can change your mind about your choice at any time.

  1. How your personal information is used to improve the NHS

When you contact the NHS 111 service you will be asked during the greeting message you hear as you are connected to the service whether you consent to your information being shared with other NHS organisations.

Unless you tell the call handler otherwise your information may be shared.

Your information will be used to help us manage the NHS and protect the health of the public by being used to:

  • Review the care we provide to ensure it is of the highest standard and quality.
  • Ensure our services can meet patients’ needs in the future.
  • Investigate patient queries, complaints, incidents and legal claims.
  • Prepare statistics on NHS performance, this does not include patient identifiable data.
  • Audit NHS accounts and services.
  • Undertaking heath research and development (with your consent – you may choose whether or not to be involved).
  • Help to train and educate healthcare professionals.
  1. Risk stratification

There are instances where your GP may use your data / information to ensure that they provide the best care for you.  Your consent to share this information would already have been recorded as part of your consultation with the NHS 111 service.

As part of this process, your GP will use your personal and health data to undertake risk stratification, also known as case finding.

Risk stratification involves applying computer based algorithms, or calculations, to identify those patients registered with the GP surgery who are most at risk from certain medical conditions and who will benefit from clinical care to help prevent or better treat their condition.

To identify those patients individually from the patient community registered with your GP would be a lengthy and time-consuming process, which would by its nature potentially not identify individuals quickly and increase the time to improve care.

Your GP surgery uses the services of an authorised health partner, NHS Commissioning Support Unit (CSU) to identify those most in need of preventative or improved care.

Neither the GP surgery nor the CSU will at any time have access to your personal or confidential data. The CSU acts on behalf of your GP Surgery to organise this service with appropriate contractual and security measures only. However, your GP practice will still continue to hold your individual patient record.

The CSU will then automatically process your personal and confidential data without any staff being able to view the data. Typically, they will process your data using indicators such as your age, gender, NHS number and codes for your medical health to identify those who will benefit from clinical intervention / involvement.

The processing of this information takes place automatically and without human or manual handling. Your GP is then able to view the outcome, matching results against patients on their system.

There are strict security controls in place to protect your confidentiality. However, if you wish, you can request that your data is not to be processed for this purpose and the 111 service will mark your record as not to be extracted so that information is not sent to the CSU for risk stratification purposes.

The lawful basis to use this information for risk stratification has been allowed by s251 NHS Act 2006 and is processed by the CSU or other approved providers only.

  1. How you can access your records

Data protection legislation gives you a right to access the information we hold about you on our records. Details of the information you are requesting are needed, this should include full name, the type of information this relates to and the approximate date.

The Trust will provide your information to you within one month from receipt of the request. There is no fee payable for this service.

Please email us at

Or write to us at:

South East Coast Ambulance Service
Ambulance Headquarters
Nexus House,
4 Gatwick Road,
RH10 9BG

Alternatively call us between 9.30am and 4pm, Monday to Friday, (not including Bank Holidays) on 0300 1239 242.

If you think any information in your records is inaccurate or incorrect, please let us know.

  1. Data Controller and Data Protection Officer

SECAmb is a registered Data Controller with the Information Commissioner’s Office and has a Data Protection Officer, responsible for ensuring your confidential information if kept safe and secure.

Should you have any further queries on the uses of your information, please speak to your health professional or alternatively contact our Patient Experience Manager or Data Protection Officer – Caroline Smart, Head of Information Governance.

Should you wish to lodge a complaint about the use of your information, please contact our Patient Experience Team at:

South East Coast Ambulance Service NHS Foundation Trust
Ambulance Headquarters
Nexus House
Gatwick Road
RH10 9BG

If you are still unhappy with the outcome of your enquiry you can write to:

The Information Commissioner Office (ICO)
Wycliffe House
Water Lane

Telephone: 01625 545700.

Website privacy statement

South East Coast Ambulance Service NHS Foundation Trust (SECAmb) is committed to protecting your privacy, in accordance with Data Protection legislation and will not use any information we may hold about you for any purpose other than that for which it was collected.

Patient information leaflets

While the information contained in our patient information leaflets has been written and checked by our clinical teams, they are intended to complement the advice of professional healthcare staff only. They should not be used without appropriate medical advice.

Procedures should only be undertaken by healthcare professionals and SECAmb will not be liable for injury, loss or financial impairment as a result of actions taken by individuals after reading the materials.

If you have any questions, please contact your GP or consultant. Both NHS 111 and the NHS website provide a wealth of health information.

NHS 111 – NHS England

NHS 111 – NHS


All material on this website, including text, graphics and photographs, is copyright of SECAmb unless otherwise stated.

Text and graphics may be freely reproduced for the purpose of personal, educational or private research use. However, all text and graphics, including photographs and the SECAmb logo, contained in the website are not authorised for any purposes unless permission is first obtained from SECAmb.

GDPR Privacy Notice
Version 0.4 August 2019