King’s Health Partners hosts the IMPARTS programme.  IMPARTS collects data to support clinicians to deliver routine, holistic mind and body clinical care to patients receiving care at Guy’s and St Thomas’ Hospitals NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, as well as support research and planning. 

IMPARTS aims to improve the care provided to patients receiving physical health care by identifying those who may also be experiencing psychological distress and common mental health problems such as depression and anxiety which may be impacting on their physical health condition(s), care and treatment.  IMPARTS uses data gathered to inform individual patient care, conduct research, clinical audit and evaluation.  

King’s Health Partners, King’s College Hospital NHS Foundation Trust and King’s College London are the data processors for the information provided to IMPARTS.  The data controller is the NHS Trust (King’s College Hospital NHS Foundation Trust or Guy’s and St Thomas’ Hospitals NHS Foundation Trust) where the patient received their care and treatment. 

If you have any queries about the process or how we handle your information, please contact us at  

Sources of Information used by IMPARTS

Information about patient’s symptoms, wellbeing and health is submitted by the patient or by their healthcare professional.  If data are used for research purposes, data may be gathered from electronic patient records. 

Data are gathered from patients or healthcare professionals via secure web-based platform.  Patients attending clinics at King’s College Hospital NHS Foundation Trust or Guy’s and St Thomas’ Hospitals NHS Foundation Trust are asked to answer questions on an electronic tablet prior to their appointment.  Information relevant to the patient’s care is submitted directly from the IMPARTS platform to the patient’s electronic care record.  A copy of the information is held on a secure server at King’s College Hospital NHS Foundation Trust. 

Security and confidentiality are maintained through the use of restricted access, passwords and security agreements.  All individuals who have access to identifiable personal data are NHS employees who access the information for the purpose of clinical care.  Where data are used for research and clinical audit, data is pseudonymised and individuals are unable to identify patients from the information submitted. 

The King’s Health Partners IMPARTS team hold the information needed to link a particular patient to the data submitted. 

The IMPARTS team gathers information, such as clinician contact details, from the individual clinical teams using the IMPARTS platform for the purposes of managing the IMPARTS platform and data.  

What will we do with the information you provide to us? 

All of the information provided will only be used for the purpose for which you provided it, or to fulfil business, legal or regulatory requirements if needed.  

The IMPARTS programme will not share any information provided to us to any third parties for marketing purposes.   

Information is held in secure data centres in the EEA which comply with the Data Protection Act (2018) and the General Data Protection Regulation (2018). 

All data are held on a restricted server at King’s College Hospital NHS Foundation Trust behind the Trust firewall and in line with Trust policies like all other clinical data.  Access to the data is password protected.  Data held on the IMPARTS server is only accessible to staff members working on the IMPARTS programme, and data processors by approval.  Information relevant to patient care is added to the patient’s electronic care record. 

Data may be used to monitor the delivery of the IMPARTS programme, for clinical audit and service evaluation.  Aggregated IMPARTS data may be used to publish research at various levels (e.g. patient group, diagnosis, hospital, speciality). 

Where data are requested for research purposes, an application is made and approved via the IMPARTS Research Ethics Committee, and the IMPARTS research data based has been granted approval by an NHS Research Ethics Committee (ref: 12/SC/0422) until 2023. 

We will use the staff contact details you provide to us to contact you and in connection with any ongoing relationship with the IMPARTS programme. 

You can request for the information to not be used to communicate with you about events or other communications such as newsletters.  

What Information do we ask for and why? 

The IMPARTS programme do not collect more information than is needed to fulfil the requirements of the programme and we will not retain it longer than is necessary. 

The information we ask for is used either to maintain a record of your or to contact you, provide information to support and inform clinical care, or for approved research purposes.   

We process: 

  1. Demographic data including age and gender; 
  2. Care data including clinic(s) where treatment is received, diagnosis, treatment/interventions, processes of care, physical health markers (e.g. height and weight); 
  3. Routine patient and clinician reported outcomes including scores on measures such as Patient Health Questionnaire-9 (PHQ9) and Generalised Anxiety Disorder Assessment (GAD7). 

Use of Data Processors 

Data processors are third parties who process data for us.  We have contracts in place with our data processors.  This means they cannot do anything with the information unless we have instructed them to do it.   

All of our data processors will not share any information with any organisation other than us.  They will hold it securely and retain it for the period we instruct.   

The data processors we use are: 

  1. Provider of the IMPARTS platform (Teleologic Ltd). 

How long is the data retained for? 

Information added to patient’s clinical records is retained in line with the Records Management Code of Practice (2021). 

All other data is stored in accordance with the records retention schedule. 

Legal Basis for Processing 

Patient’s Clinical Care

All health and social care providers are subject to a statutory duty to process information about a patient for their clinical care.  This includes medical diagnosis, the provision of health care or treatment, performance against national targets, local clinical audit and service improvement.  IMPARTS therefore applies for following lawful basis for processing personal data: 

Article 6(1)(e) – Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller  

In addition, as IMPARTS processes special category data (such as health data), and therefore must process this data under an additional legal basis.  IMPARTS applies the following legal bases for processing this data: 

Article 9(2)(h) – Necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional  


Article 9(2)(i) – Necessary for reasons of public interest in the area of public health, such as protecting against serious cross- border threats to health or ensuring high standards of healthcare and of medicinal products or medical devices. 

IMPARTS research

For any research conducted using IMPARTS data, applications are reviewed by the IMPARTS Research Oversight Committee and is processed under the following legal basis 

Article 6(1)(e) – Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 


Article 9(2)(j) –  Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. 


All information received via the IMPARTS programme is treated as confidential.   

Identifiable information is only processed for the purpose of informing individual clinical care and treatment.  All other information is processed in a pseudonymised format and individual patients are only identifiable using coded patient lists which are held separately to the dataset.   

The IMPARTS team, clinicians or researchers will not publish information which can enable individuals to be identified, nor allow third parties to access the data.   

The confidentiality and security of information is maintained in the following ways: 

  1. In all publications, the statistical information is reviewed to ensure the risk of identification is minimised, and where necessary small numbers are supressed. 
  1. All publications include aggregated data at a relevant level. 

Your Rights 

Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2018 you have rights as an individual which you can exercise in relation to the information we hold about you. 

What if I do not want my information used? 

As a patient, you can choose not to provide data to the IMPARTS programme.  Please tell your healthcare professional that you do not want to take part.  

If you would not like your data to be used for research purposes, please let your healthcare professional know or email  You can also choose to not have any of your confidential patient information used in research and planning via the NHS opt-out service ( 

Complaints or queries 

IMPARTS takes our data protection and privacy requirements seriously.  If you have any concerns, questions or wish to make a complaint you can contact us using the information at the bottom of this notice.   

You can also complain to the Information Commissioners Office directly: 

Changes to this Notice 

We keep our privacy notices regularly under review.  This privacy notice was last updated in April 2020. 

Contact Us 

If you would like more information on this privacy notice, how we process your data or privacy policy, please email or write to: