The Data Protection Act is a law designed to protect and maintain personal identifiable information, and to enable those wishing to, to gain access to their records.

When Cambridge University Hospitals Trust staff handle personal patient data they are under obligation to adhere to standards set by the Data Protection Act. Whether they are using, holding, disclosing or disposing of information, staff must abide by the eight principles detailed in the act.

The Trust is registered as a data controller with the Information Commissioners Office.

Data protection principles

  • Principle 1: Data must be processed fairly and lawfully
  • Principle 2: Personal data shall be obtained only for one or more specific and lawful purposes.
  • Principle 3: Personal data shall be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
  • Principle 4: Personal data shall be accurate and where necessary kept up to date.
  • Principle 5: Personal data processed for any purpose(s) shall not be kept any longer than is necessary for that purpose.
  • Principle 6: Personal data shall be processed in accordance with the rights of data subjects under the 1998 data protection act.
  • Principle 7: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Principle 8: Personal data shall not be transferred to a country outside the EEA, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

What does this mean for you, the patient?

  • The act ensures any records held about you are kept secure at all times (both physically and electronically) so that only those people concerned with your medical care have access to them.
  • It gives you the right to access, or prevents access to your records if it is likely to cause distress.
  • You can claim compensation if you suffer in any way from misuse of your information.
  • You can ask for a record to be corrected if you believe factual information is incorrect.

How do I access my health records?

If you wish to see your health records under the Data Protection act please see Access to Health Records where you can find an online request form.

Trust Data Protection Officer

The Data Protection Officer for Cambridge University Hospitals can be contacted at:

Box 153
Addenbrooke's Hospital
Hills Road

Tel: 01223 245 151 

Show on hub page: