GDPR and your Nursing Records

This notice explains why nursing records are kept, how your information may be stored, how it is kept safe and confidential and your rights in relation to this.

Why we collect information about you

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you receive. These records help to provide you with the best possible healthcare and help protect your safety.

Data is collected and held for the purpose of providing healthcare services to students, this includes monitoring the quality of care provided. In carrying out this role, the College Nurse may collect information about you that helps her to respond to your queries and or helps to secure specialist services. This data may be in written form and or digital form.

Details we collect about you

The records the College Nurse may hold about you include the following. your name, address and date of birth, emergency contact details, Subjects , college year, and matriculation term and year. They may also contain more sensitive information about your health and information such as the outcomes of your nursing assessment and any contact you have had with the College Nurse such as appointments and consultations.

Notes, letters, reports, and emails relating to your care or about your health, details about your treatment and care, results of investigations and or tests and relevant information from other health professional are also held as are emails relating to your care or health.

How your information is kept safe and confidential

The health records the College Nurse uses may be electronic, on paper or a mixture of both.  A combination of working practices and technology are used to ensure that your information is kept confidential and secure. Your records are backed up securely. The College Nurse ensures that information held is kept in secure locations is protected by appropriate security and access is restricted to the College Nurse. The College Nurse is committed to protecting your privacy and will only use information collected lawfully in accordance with relevant data protection legislation.

The College Nurse will only ever use or pass on information about you if it is reasonably believed that others involved in your care have a genuine need for it. Information will not be disclosed to any third party without your permission unless there are exceptional circumstances (such as risk of serious harm to yourself or others or where the law requires this information to be passed on). You can object to your personal information being shared with other healthcare providers but you should be aware that this may in some instances, affect your care, as important information about your health might not be available to healthcare staff in other organizations. If this limits the treatment that you can receive this will be explained to at the time you object.

To ensure you receive the best possible care your records are used to facilitate the care you receive. Information held about you may also be used to help protect the health of the public and or other students, for instance during an outbreak of a communicable disease such as, but not limited to an outbreak of norovirus, Scarlet Fever and Meningitis. During such outbreaks, the College Nurse may consult the University Advisory Group on Communicable Diseases and or Public Health England or other statutory body.

 Sharing Information in the interest of the college and the student

At the start of your time at St Edmunds College, your consent will be sought to share your photo id and specific health information if you are diabetic, epileptic and or carry an adrenalin auto injector. This information is shared with the Porters Lodge and the catering department if you are diabetic and or carry an adrenaline auto injector; this is so that during a first aid emergency you can be easily identified. If you are epileptic, this information will be shared with the Porters Lodge and the Tutorial Office. You have the right not to consent but you need to be aware that this may affect the First Aid care you receive.


To ensure that safeguarding matters are managed appropriately access to identifiable information will be shared in some limited circumstances where it is legally required for the safety of the individuals concerned.  The College’s safeguarding policy and procedures will be followed.

Record Retention

Student records are managed in line with the RCN recommendation for the retention of nursing records, currently for a minimum of 8 years.

Access to your Information

Everybody has the right to see or have a copy of data held in the Health Centre that can identify you, with some exceptions. You do not need to give a reason to see your data. You have the right to see or have a copy of the information about you held in the Student Welfare and Wellbeing office, with some exceptions. You do not need to give a reason to see your data if you want to access your data. If you want to access your data, you can request this either verbally or in writing to any College staff member. Your request will be treated as a formal Subject Access Request and be dealt with by the College’s Data Protection Lead in accordance with relevant data protection legislation requirements.

Change of details

It is important that you tell the College Nurse if any of your details such as you name or address have changed so that your records can be kept as accurate and up to date as possible. Also any changes in your health that support may be needed.

Complaints or concerns

The controller for your personal information is St Edmunds College. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights.

The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information is the Governance, Risk and Compliance Manager: