Support Your
Midlands Air Ambulance Charity
Click to donate

Privacy Policy - Patient Data

Privacy Policy - Patient Data

At Midlands Air Ambulance Charity, we are committed to treating the personal information that you give to us responsibly (ensuring we protect your privacy). This policy explains how we use the information you share with us and the measures we take to protect it.


We may update this policy from time to time so please check this webpage occasionally to ensure you are happy with any changes.


  1. Who we are

Midlands Air Ambulance Charity (MAAC) is a registered charity operating a lifesaving air ambulance service across the Midlands.


In this policy, references to ‘MAAC’ or to ‘we’, ‘our’ or ‘us’ are to Midlands Air Ambulance Charity, a registered charity (charity no: 1143118) and a registered company limited by guarantee (company no. 07683841). Midlands Air Ambulance Charity’s registered office is Airbase Avenue, Neachley Lane, Shifnal, TF11 8UR.


  1. What information we collect

In order to carry out our work and provide care for patients, MAAC will obtain confidential patient information.  Confidential patient information is information that identifies you and says something about your health care or treatment.  Under data protection legislation, health data is classified as Special Categories of Personal Data. We will only collect this information if it is necessary to provide care and treatment, or with your explicit consent.


The records we hold about our patient’s health, treatment, and care may be held in secure digital format (Electronic Paper Records) or written form (Paper Patient Report Forms)  and includes:

  • Basic details about you such as your address and next of kin details
  • Details about the treatment and care you are receiving
  • Notes and / or reports about your health including any treatment and care you need, have had, and may need
  • Results of investigations
  • Relevant information from other health professionals, relatives or those who care for you and know you well
  • Outcome data which includes information on investigations or treatment you received in hospital. This is shared in order to review our standards of treatment against a confirmed diagnosis and subsequent condition. This helps inform our future clinical practice.


Sometimes we may obtain or receive your personal information from a third party. For patients, personal information may be obtained through other healthcare and emergency services (NHS hospitals, ambulance, police or fire services).


  1. How we use the information we collect

We will use patient information in the following ways:

  • To verify your identify.
  • To help decide what care and treatment to provide.
  • To undertake research to help improve the medical support we give at scene and during transition to hospital.


Patient data is held within a secure confidential database and only accessible to those who have a genuine requirement. Patient data cannot be accessed for the purposes of fundraising. All MAAC staff have a legal duty to keep patient information confidential.


We will keep your information only for as long as we need to provide our clinical services and in accordance with the law. Further information about data retention periods can be found in our Record Retention Schedule and Disposal Protocol. To request a copy, please use the contact details below.


  • Patient data used for individual care and treatment

Patient information will only be shared if others, involved in your care, have a genuine need for it e.g. copies of patient records are handed over to the receiving hospital, so treatment can be continued safely and without delay.


Patient records may also be shared with West Midlands Ambulance Service, who we work in partnership with, and any other ambulance service who we work in partnership with, to provide our clinical services.


Patient information may be shared with the Care Quality Commission (CQC), the independent regulator of health and social care in England. The CQC have powers under the Health & Social Care Act 2008 to access and use information where they consider this is necessary for them to carry out their function as the regulator. The CQC privacy policy can be found at


We will not disclose your confidential patient information to third parties without your permission unless there are exceptional circumstances - such as when the health or safety of others is at risk or where the law requires information to be passed on. We may, for example, share your personal data without your consent for the purpose of fulfilling our safeguarding responsibilities. This does not happen often but we may share your personal data:

  • If we believe there is a serious risk to the public, our staff or to other professionals;
  • To protect a vulnerable person, (child or adult) who we believe may be at risk.


Anyone who receives information from us is also under a legal obligation to keep it confidential.


  • Patient data used for planning or research purposes

Personal information collected about patients may be used to help our HEMS operational team provide the best possible care, for example, through case reviews.


MAAC may also participate in research to help improve the medical support we offer at scene and during transition to hospital. Research may involve confidential patient information gathered directly during the course of our work and information provided from the NHS. Wherever possible, research studies will be conducted without using your confidential patient information and will use data that does not identify you (with data anonymised).


You can stop your confidential patient information being used for planning or research purposes, and this will not affect your individual care or treatment.

  • For more information regarding your NHS confidential patient information and opting out of its use for research, please visit
  • For opting out of MAAC patient confidential information being used for research purposes, please contact 


  • Patient Liaison Lead

MAAC has a dedicated Patient Liaison Lead role. The Patient Liaison Lead (PLL) is responsible for the safe, compassionate, effective and high-quality delivery of vital post trauma or medical support and guidance for our patients and families, assisting their recovery and transition back to independent living.


The patient liaison service provides a long-term point of contact between MAAC and its patients, ensuring it learns from patient feedback, complaints and clinical outcomes for continuous improvement in the quality of its services.


As part of this service, patients and/or their next of kin may be contacted for the purpose of offering follow up or support. Information provided to our aftercare service is stored securely and with strict access controls in place.


  1. Access to health records

You have the right to access the personal information that MAAC holds about you. Your right of access is exercised in accordance with the General Data Protection Regulations and the Access to Health Records Act. You are entitled to receive a copy, but you also need to be aware that in certain circumstances, your right to see some detail in your health record might be limited in your own interest or for other reasons.  Your health record might include:

  • Basic details about you e.g. your address and next of kin
  • Notes and reports about your health and any treatment/care you need, have had, or may need
  • Details and records about treatment/care you are receiving
  • Results of investigations
  • Relevant information from other health professionals, relatives or those who care for you and know you well
  • Follow up information on our in-hospital care, diagnosis, and interventions.


Any request for patient personal information from MAAC should be made,

By email:, or

By post: Caldicott Guardian, Midlands Air Ambulance Charity, Airbase Avenue, Neachley Lane, Shifnal, TF11 8UR


  1. Protecting the confidentiality of people's health and care information and making sure it is used properly

 Whilst we are an independent Charity/ healthcare provider which is not governed by the NHS, we believe that mandatory practices in the Health Service can help us in ensuring the protection and confidentiality of our patient data. As a result, in addition to our Chief Operating Officer as our Data Protection Officer, MAAC has in place the following roles:

  • Finance Director, as our Senior Information Risk Owner (SIRO)
  • Medical Director, as our Caldicott Guardian.


  1. Raising concerns

 MAAC strives to ensure our patients and those we serve receive the best care always.


If you feel there has been a mistake or misunderstanding in the care we have provided, then we would like to hear from you. We can assist in resolving your concerns and ensure that we learn from any mistakes.


Our compliments, concerns and complaints procedure can be found here.


Should you contact us to raise a concern or complaint, the information you provide will be stored securely for the purposes of responding to you with the outcome of our investigation.

Privacy Policy - Patient Data
Donate now