Skip to content
left end
left end
right end

Our policies and procedures

Policies and procedures relating to the conduct of business and the provision of services

The following policies and procedures relate to the conduct of business and the provision of services at the University Hospitals Bristol NHS Foundation Trust:

To obtain a copy of these please visit and search for the appropriate policy.

Please note that the above list is not a complete list of the policies and procedures which are in place at the Trust.

Alternatively, please contact the Legal Services Department for more information. Please note that the above list is not a complete list of the human resources policies and procedures at the Trust.

Standing financial procedures

The Trust's standing financial procedures can be found on the publications page of this website.

Standing orders

The Trust's standing orders are available through the Trust's constitution.  This can be found on the publications page of this website.

Complaints and other customer services policies and procedures

 The Trust operates a complaints policy.  More details on how the Complaints team operate can be found at the link below.

The Complaints team - an overview

The Trust holds information regarding complaints, however the information will not normally be available to the public as it may contain references to patients or treatment received. This is classified as personal dtat under section 40 of the Freedom of Information Act 2000.

Data protection/Information Governance/Caldicott Guardian

Fair Processing Notice 2015 

Security of Information

Confidentiality affects everyone: University Hospitals Bristol NHS Foundation Trust collects, stores and uses large amounts of personal data every day, such as medical records, personnel records and computerised information. This data is used by many people in the course of their work.

We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian, who is responsible for the management of patient information and patient confidentiality.

Why do we collect information about you?

The doctors, nurses and teams of healthcare professionals caring for you keep records about your health and any treatment and care you receive from the NHS. These records help to ensure that you receive the best possible care. They may be written down in paper records or held on computer. These records may include:

  • Basic details about you such as name, address, date of birth, next of kin etc.;
  • Contact we have had with you such as appointments or clinic visits;
  • Notes and reports about your health, treatment and care;
  • Results of x-rays, scans and laboratory tests; and
  • Relevant information from people who care for you and know you well, such as health professionals and relatives.

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.

How is your personal information used?

Your records are used to direct, manage and deliver care you receive to ensure that:

  • The doctors, nurses and other healthcare professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you;
  • Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive;
  • Your concerns can be properly investigated if a complaint is raised; and
  • Appropriate information is available if you see another doctor, or are referred to a specialist or another part of the NHS, Social Care or health provider.

Who do we share personal information with?

Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.

We will share information with the following main partner organisations:

  • Other NHS Trusts and hospitals that are involved in your care;
  • General Practitioners (GPs); and
  • Ambulance Services

You may be receiving care from other people as well as the NHS, for example, Social Care Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:

  • Social Care Services;
  • Education Services;
  • Local Authorities; and
  • Voluntary and private sector providers working with the NHS

We will not disclose your information to any other parties without your express permission, unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information.

Disclosure of information

You have the right to restrict how and with whom we share the personal information in your records that identifies you. This must be noted explicitly within your records in order that all healthcare professionals and staff treating you are aware of your decision. By choosing this option, it may make the provision of treatment of care most difficult or unavailable. You can also change your mind at any time about a disclosure decision.

How is your personal information used to improve the NHS?

Your information will also be used to help us manage the NHS and protect the health of the public by being used to:

  • Review the care we provide to ensure it is of the highest standard and quality;
  • Contribute to service development (the Trust may contact patients to raise awareness of the Trust's designated charity,but will not share personal data of any kind)
  • Ensure our services can meet patient needs in the future;
  • Investigate patient queries, complaints and legal claims;
  • Ensure the hospital receives payment for the care you receive;
  • Prepare statistics on NHS performance;
  • Internal and External Audit of NHS Accounts and Services;
  • Undertaking health research and development; and
  • Helping to train and educate healthcare professionals.

How can you access your records?

The Data Protection Act 1998 gives you the right to access the information we hold about you on our records. Requests must be made in writing to the Medical Records Department. The Trust will provide the information to you 40 calendar days from receipt of:

  • A completed application form, containing adequate supporting information (such as your full name, address, date of birth, NHS number etc.) to enable us to verify your identity and locate your records;
  • The fee up to £50.00 to be paid in advance; and
  • An indication of what information you are requesting to enable the Trust to locate the information in an efficient manner.

Dr Mark Callaway (Interim Medical Director) is the Senior Information Responsible Officer, Dr Jane Luker (Deputy Medical Director) is the Caldicott Guardian.

Please contact for any queries relating to Data Protection, Information Governance or Confidentiality issues.


The Data Protection Act 1998 requires organisations to lodge a notification with the Information Commissioner to describe the purposes for which they process personal information. These details are publicly available from:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

The NHS Care Record Guarantee describes how patient information will be used and protected within the National Systems.

Access the NHS Care Record Guarantee 

The NHS Code of Confidentiality is based on legal requirements and best practice. It sets out the required standards of practice concerning confidentiality in the NHS and patients' consent to use their health records.

Access the NHS Code of Confidentiality

Estate management

The management of estates and facilities falls under the Directorate of Trust Services, which is the responsibility of the Chief Operating Officer. Daily responsibility is undertaken by the Director of Estates and Facilities.

Facilities oversee the following areas of the Trusts day to day management:

  • Linen laundry
  • Cleaning
  • Health and safety in respect of facilities
  • Facilities purchasing
  • Catering
  • Portering
  • Waste management
  • Pest control
  • Monitoring cleaning standards
  • Residences
  • Security
  • Car parking
  • Green travel
  • Transport
  • Skills training

Estates oversee the following areas of the Trusts day to day management:

  • Planned maintenance
  • Breakdowns and repairs
  • Grounds and gardens
  • Minor works
  • Backlog maintenance implementation
  • Quality control and systems
  • Strategic and backlog maintenance
  • Risk management
  • Environment and energy
  • Strategic project integration
  • Ordering invoices and payment
  • Capital projects
  • Feasibility studies
  • Project management
  • Estate management
  • Leases and property

Charging regimes and policies

To obtain copies of the Trust's charging regimes and policies, please contact the Legal Services Department