Skip navigation
Privacy statement

myhealthlocker End User Privacy Statement

Last Updated:13 December 2011


We are committed to protecting and respecting your privacy. The following Privacy Policy ("Policy") applies to the Portal in its entirety, and sets out the basis on which any personal data we collect from you, or that you provide to us, will be handled by us. It is suggested that you take some time to read the Policy carefully to understand our views and practices regarding your personal data, and how we will treat it.
The files transmitted between myhealthlocker powered by the South London and Maudsley NHS Foundation Trust (SLaM) and the Electronic Patient Journey System (ePJS, SLaM's electronic medical record system) are confidential. The files have been transferred for the specified purpose and should be treated with due care in accordance with Confidentiality: NHS Code of Practice by the Department of Health.
The technical and physical security of the files and the information contained within them is the responsibility of the recipient. The information contained within the Portal is provided for the sole purpose for which it was requested, and use for any other purpose or onward transmission without the permission of the sender is prohibited, and may be unlawful.
If you are not the intended recipient, any reading, printing, storage, disclosure, copying or any other action taken in respect of this document is prohibited, and may be unlawful. If you are not the intended recipient, please notify your mental health professional immediately.
The use of the Portal is routinely monitored for compliance with the Department for Health's policy on the use of electronic communications.

Information we collect when you visit the Portal

When you access the Portal, we use technology to collect information indirectly, such as your Internet address (IP Address), which is then kept in our internet logs. This is collected for aggregate information purposes and represents statistical data about our user's browsing actions and patterns. This data does not identify any individual in any way and is anonymised.
We collect information directly from you in a number of ways. One way we do this is by using cookies. Cookies are small text files that save and retrieve information about your visit to the Portal, such as how you entered the Portal, how you navigated through the Portal, and what information was of interest to you. In addition to this, if you personalise any part of the Portal, the information is stored in a cookie and is remembered for your next visit.
Cookies provide an anonymised label for each user. If you are uncomfortable with the use of cookies, you can disable cookies on your computer by changing the Settings in the 'Preferences' or 'Options' menu in your internet browser.
You may contribute to discussions in one of the Portal forums, or you may be entering data as part of your myhealthlocker Personal Health Record. When this data is collected, we will notify you as to why we are asking you for this information, and how this information will be used. It is completely up to you whether or not you provide it, and if you do not feel comfortable providing this information, you are under no obligation to do so. myhealthlocker uses a temporary session cookie to reference the active server session. The cookie is in-memory only and is not active after the browser session is closed.
The Portal also allows you to transfer your personal health information from your interactions with myhealthlocker powered by SLaM to Microsoft® HealthVault®. Once you have transferred this information to your personal account, the use and disclosure of your personal and health information from your Microsoft® HealthVault® account to third parties is governed by the Terms and Conditions of your HealthVault® user agreement with Microsoft®, including Microsoft®'s Privacy Policy.

How do we use this information?

We use the information stored in cookies to view information on how you utilised the Portal service, such as how you entered the Portal, how you navigated through the Portal, and what information was of interest to you.
When you use the Portal to store or retrieve personal health information, all of the data is stored in your Microsoft® HealthVault® Account. All personal and health information you enter into the Portal is governed by the Terms and Conditions of your HealthVault® user agreement with Microsoft®, including Microsoft®'s Privacy Policy.

Will we disclose your information to, or share it with, other organisations?

As a government department, SLaM do not share data with other organisations, unless the law permits us to do so. We do not sell individual information. We will share it only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller under the Data Protection Act 1998. Before you submit any information, it will be made clear to you why we are asking for specific information, and it is up to you whether you provide it.

Roles and responsibilities

SLaM is committed to the delivery of a first class confidential service. This means ensuring that all service user information is processed fairly, lawfully and as transparently as possible. The Trust will ensure necessary improvements are made to the way sensitive information is kept confidential, the service users are kept informed of the way this information is used and that they are given a choice whether this information can be disclosed.
The Trust will ensure sensitive clinical information and the interest of service users are protected through a number of procedures, including (but not limited to) :
  • Procedures to ensure that all staff, contractors and volunteers are at all times fully aware of their responsibilities regarding confidentiality;
  • Recording clinical information accurately, consistently and contemporaneously;
  • Keeping information about service users private;
  • Keeping information about service users physically secure; and
  • Disclosing and using information with appropriate care.
SLaM provides staff training on confidentiality at induction and during employment. It is the role of the Governance Executive to define the Trust's Policy in respect of patient confidentiality, taking into account legal and NHS requirements. This Policy and the procedures that support it will be reviewed on an annual basis.
The Governance Executive is also responsible for ensuring that sufficient resources are provided to support the requirements of the Policy. The Trust has incident reporting procedures in place to report breaches of confidentiality. Risk Management Assurance Strategy is in place to assess potential security risks and ensure that risk action plans are kept under regular review.

Data Protection Act (1998)

The Data Protection Act (1998) is the legislation that provides a framework that governs the processing of information that identifies living individuals - personal data in Data Protection terms. Processing includes holding, obtaining, recording, using and disclosing of information and the Act applies to all forms of media, including paper and images. It applies to confidential patient information but is far wider in its scope, e.g. it also covers staff records.
The Act identifies eight Data Protection Principles that set out standards for information handling and sets the foundations for personal data to be:
1. Processed fairly and lawfully
2. Processed for specified purposes
3. Adequate, relevant and not excessive
4. Accurate and kept up to date
5. Not kept for longer than necessary
6. Processed in accordance with the rights of data subjects
7. Protected by appropriate security (practical and organisational)
8. Not transferred outside the EEA without adequate protection
For the purposes of the Data Protection Act, the Data Controller is SOUTH LONDON AND MAUDSLEY NHS FOUNDATION TRUST, Maudsley Hospital, Denmark Hill, London SE5 8AZ
More information can be found at the Information Commissioner's web site at

Research and audit

The Trust is in an academic partnership with the Institute of Psychiatry and King's College London as part of King's Health Partners (KHP). Researchers, who have contractual agreements with the Trust, may want to use clinical information to conduct scientific projects to improve care and treatment of service users.
Similarly, the Trust regularly reviews its clinical practices to improve the quality of its services and safeguard high standards of care. There are Trust procedures in place to plan and conduct clinical audits. Further information on clinical audits and support can be obtained from the Clinical Audit Department.
If information is required for medical research or audit, staff should always evaluate each project whether personal identifiable information is needed for such purposes.
Unless there is genuine justification, all personal identifiable information described in
Section 2 of this policy should be taken out to anonymise the data for research purposes.
There may be exceptional circumstances, where the use of patient identifiable information in research outweighs issues of privacy for public good. The National Information Governance Board for Health and Social Care (NIGB) has been given the powers provided under Section 251 of the NHS Act (2006) (formerly Section 60 of the Health and Social Care Act 2001) in such circumstances. It is important to note that Section 251 permits the temporary setting aside of the common law duty of confidentiality but does not set aside the requirements of the Data Protection Act (1998).
If a member of staff identifies a potential application of Section 251 of the NHS Act (2006) prior to ethical approval of a project, the case should be made to the Caldicott Guardian following the initial approval of the NIGB, who will assess each case individually and refuse or accept the initial decision by NIGB to disclose the required information for research without consent for the public good. If ethics approval has been given to a research project without a section 251 approval, the Caldicott Guardian must be notified of this decision in writing.
All research staff must keep personal identifiable information secure at all times.
Associated researchers should clarify in research proposals the arrangements to obtain permission to access clinical information. Once explicit consent is obtained, researchers can use clinical information to conduct research.
The management of personal identifiable information is regulated by the Trust ICT
Security Policy and must be adhered to by all research staff. All staff must ensure personal identifiable information is not stored on local hard disks (C drives), pen drives or other portable media. Personal identifiable information should only be stored in network drives in password protected files. This information cannot be emailed between and e-mail. Institute of Psychiatry staff who hold an honorary contract with SLaM can apply to obtain secure e-mail accounts at

Clinical Record Interactive Search

The Biomedical Research Centre (BRC) has developed a new, safe and secure computer system which allows staff to carry out research using information from ePJS. The system is called the Clinical Record Interactive Search (CRIS). CRIS automatically anonymises clinical information on ePJS. This enables research staff to use clinical details for research without accessing personal identifiable information as CRIS removes any personal information. Further information about CRIS can be obtained by contacting

Changes to the privacy policy

SLaM reserves the right, in its sole discretion, to change, modify, add or remove any section of the Policy, in whole or in part, at any time. Changes to the Policy will be with immediate effect, as opposed to being effective when posted.

Further communication

If you have any additional questions regarding this Policy, please feel free to contact us at:
South London and Maudsley NHS Foundation Trust
Maudsley Hospital