Your Information – what we hold, how we use it and keep it confidential and secure.
This privacy notice tells you about information we collect and hold about you, what we do with it, how we will look after it and who we might share it with. It covers information we collect directly from you or receive from other individuals or organisations.
This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address in the “Further Information and Complaints” section, below.
We keep our privacy notice under regular review: it was last reviewed in September 2016.
Who we are
NHS Rushcliffe Clinical Commissioning Group (CCG) has many different roles and responsibilities. A major part of our work is effective planning, buying and monitoring of services from healthcare providers, such as hospitals and GP Practices. This means making sure that the NHS services that people need locally are available and making sure that those services are high quality and value for money, and is known as “commissioning”.
For more information please see http://www.rushcliffeccg.nhs.uk/
Personal Information we hold about you
As a commissioner, we do not routinely hold or have access to your medical records. However, we may need to hold some information about you, for example:
Our records may include relevant information that you have told us, information provided on your behalf by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment. Our records may be held on paper or in a computer system.
NHS data that we receive about service users that we are responsible for
Organisations providing NHS services keep records that contain information about you and your health, and the care and treatment they have provided or plan to provide to you. This information is held as either paper or computerised records and is used to support decisions made by you and the healthcare professionals looking after you to make sure your care is safe and effective.
Hospitals and community organisations that provide NHS-funded care must submit certain information to NHS Digital (formerly known as the Health and Social Care Information Centre) about services provided to our service users. This information is generally known as ‘commissioning datasets’. These datasets are used in a format that does not directly identify you, for wider NHS purposes such as managing and funding the NHS, monitoring activity to understand and plan the health needs of the population and to gain evidence that will improve health and care through research.
The CCG obtains these datasets from NHS Digital which relate to service users for whom we have a commissioning responsibility. The datasets include information about the service users who have received care and treatment from those services that we are responsible for funding. The CCG is unable to identify you directly from these datasets: they do not include your name, home address or date of birth. However, information such as your NHS number or postcode, along with age, ethnicity and gender as well as coded information about any clinic or accident and emergency attendances, hospital admissions and treatment may be included.
More information about how this data is collected and used by NHS Digital is available on their website http://digital.nhs.uk/patientconf.
We also receive datasets directly from NHS providers and GP Practices within our CCG membership but these are anonymised and do not identify you.
How we use your information
We use the following types of information/data:
The CCG uses the data it receives for a number of purposes such as:
When analysing current health services and proposals for developing future services, it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking primary care GP data with other data such as secondary uses service (SUS) data (inpatient, outpatient and A&E). In some cases there may also be a need to link local datasets which could include a range of acute-based services such as radiology, physiotherapy, audiology etc, as well as mental health and community-based services such as Improving Access to Psychological Therapies (IAPT), district nursing, podiatry etc. When carrying out this analysis, the linkage of these datasets is always done using a unique identifier that does not reveal a person’s identity as the CCG does not have any access to patient identifiable data (i.e. pseudonymised data).
We use pseudonymised, anonymised or aggregated data that cannot be linked back to your identity, wherever possible (this is known as de-identified data). However, there are limited circumstances when it is necessary for us to use identifiers, such as your NHS number. We will only do this if:
To ensure that the NHS continues to run lawfully and efficiently, the Secretary of State for Health has given limited permission for us (and other NHS commissioners) to use certain confidential patient information without explicit consent, but only when it is necessary for the work listed above. We have to meet strict conditions that are set out in section 251 of the NHS Act 2006, and approval is given based on the advice of the Health Research Authority’s Confidentiality and Advisory Group
Invoice validation is an important process in ensuring that your care is paid for correctly. It involves using your NHS number to check that we are the CCG that is responsible for paying for your treatment. We can also use your NHS number to check whether your care has been funded through specialist commissioning, which NHS England will pay for.
The process makes sure that the organisations providing your care are paid correctly. All information with NHS numbers collected to validate invoices is held within a secure, controlled environment within the CCG. The use of personal data by CCGs for invoice validation has been approved by the Confidentiality Advisory Group of the Health Research Authority and it is anticipated this will be in place until at least end of March 2017. This approval provides the legal basis for the CCG to process personal data for invoice validation purposes. More information can be found on the NHS England website (https://www.england.nhs.uk/ourwork/tsd/ig/in-val/).
Risk Stratification and proactive care management
Risk stratification is a proactive case finding process for identifying and caring for patients with long term conditions or at high risk of emergency hospital admission. NHS England encourages CCGs and GPs to use risk stratification tools to help them support patients with long-term conditions and to help prevent hospital admissions that could be avoided. Understanding the number of patients who are chronically ill and which conditions are most common will help us commission the right services to help prevent ill health and improve the quality of services.
Risk stratification tools use a mix of historic information about patients, such as NHS number, age, gender, diagnoses and patterns of hospital attendance and admission as well as data collected in GP practices. The CCG will use data which cannot be tracked back to individuals to understand the local population needs. The GPs can use their data to identify which of their patients would benefit from a certain preventative service, and offer it to them.
We are committed to conducting risk stratification effectively, in ways that are consistent with the laws that protect your confidentiality. NHS numbers are pseudonymised before being used for risk stratification, and are only re-identified to the clinicians providing you with care. The use of personal data by CCGs and GPs for risk stratification has been approved by the Confidentiality Advisory Group of the Health Research Authority and it is anticipated this legal basis will be in place until at least end of March 2017.
If you do not wish your Personal Information to be included in any of these datasets, please contact us or your GP Practice to discuss the possible implications this may have for your care. Your GP Practice can apply a code to your records that will stop your information from being included – see “Your Rights”, below, for further details. More information can be found on the NHS England website (https://www.england.nhs.uk/ourwork/tsd/ig/risk-stratification/)
Complaints made to us
When we receive a complaint from a person, we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
We will publish service user stories anonymously, following upheld complaints, via our Governing Body. The service user stories will provide a summary of the concern, service improvements identified and how well the complaints procedure has been applied. Consent will always be sought from the service user, carer, or both, before we publish the service user story.
National Registries (such as the Learning Disabilities Register) have statutory permission under Section 251 of the NHS Act 2006 to collect and hold service user identifiable information without the need to seek informed consent from each individual service user.
Clinical audit can provide direct benefit to individuals ensuring that they are getting high quality and effective care, and indirect benefit to the population as a whole. Where identifiable data is needed for clinical audit purposes outside of your care team, we will always seek explicit consent to do so.
Research can provide direct benefit to individuals who take part in medical trials, and indirect benefit to the population as a whole. Service user records can also be used to identify people to invite them to take part in clinical trials, other interventional studies or studies purely using information from medical records. Where identifiable data is needed for research, service users will be approached by the organisation where treatment was received, to see if they wish to participate in research studies. Your consent will be obtained by the organisation holding your records before identifiable information about you is disclosed for research.
Sometimes, research can be undertaken using information that does not identify you. The law does not require us to seek your consent in this case, but the organisation holding your information will make notices available on the premises and on the website about any research projects that are undertaken.
If you do not wish your information to be used for research, whether identifiable or non-identifiable, please let you GP Practice know. They will add a code to your records that will stop your information from being used for research.
How long we hold information for and our destruction arrangements
All records held by the CCG will be kept for the duration specified by national guidance from the Department of Health, found in the Records Management Code of Practice for Health and Social Care 2016.
Data received from NHS Digital for commissioning purposes will be stored in accordance with the agreed contractual retention terms.
In all circumstances data will be retained in accordance with data protection requirements and ‘kept for no longer than is absolutely necessary’.
Once data is no longer required it will be destroyed securely:
For paper records or information this will be destroyed in line with international standards, incinerated, pulped or shredded, using a cross cutter. Where external confidential waste suppliers are used these will be under contract and assurance that destruction meets the necessary legal requirements and standards.
For digital media permanent destruction will be achieved by over writing the media a sufficient number of times or physical destruction of media by breaking it up into small pieces.
Sharing your information with other organisations or individuals (third parties)
If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.
We would not share information that identifies you unless;
Other organisations that provide services for us
We have entered into contracts with other NHS organisations to provide other services for us. These include holding and processing data including patient information on our behalf in provision of Information Technology (I.T) services or providing human resources services for our staff. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure. We are responsible for making sure that staff in those organisations are appropriately trained, that procedures are in place to keep information secure and protect privacy.
The CCG also has shared data management arrangements with the other five Nottinghamshire CCGs, the services that support this function are provided by a Joint Data Management Team (hosted by NHS Rushcliffe CCG). These services are also subject to the same legal rules and conditions for keeping personal information confidential and secure. Where possible a pseudonymisation technique (whereby identifiable information is replaced with an alias) is used so that those other NHS staff processing data on our behalf do not have access to information such as the NHS number and data cannot be tracked back to individuals.
We will not otherwise share, sell or distribute any of your personal information to any third party (other person or organisation) without your consent, unless required by law. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with the requirements of the Data Protection Act 1998 (Principle 8).
Details of our Data Processors and the function that they carry out on our behalf can be found in Appendix A.
Protecting your privacy
We are committed to protecting your privacy and will only process personal information in accordance with the Data Protection Act 1998, the Human Rights Act 1998 and the common law duty of confidentiality.
NHS Rushcliffe CCG is a Data Controller under the terms of the Data Protection Act 1998 we are legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you is done in compliance with the eight Data Protection Principles. All data controllers must notify the Information Commissioner’s Office of all personal information processing activities. Our registration number is Z3610590 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website
All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. We will only use the minimum amount of information necessary about you. Where possible we will use information that does not directly identify you, but when it becomes necessary for us to know or use personal information about you, we will only do this when we have either a legal basis or have your consent. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you, where it is appropriate to their role, and is strictly on a need-to-know basis.
The CCG has a Caldicott Guardian (see “Contact us”, below) who is a senior person responsible for protecting the confidentiality of service user information and enabling appropriate and lawful information-sharing. There are specific processes which are followed to ensure the continuing security and confidentiality of information.
If you do not wish us to process or share your information
If you do not agree to certain information being processed or shared with us or by us, or have any concerns then please let us know. We may need to explain the possible impact this could have on our ability to help you, and discuss the alternative arrangements that are available to you.
You have certain legal rights, including:
These are commitments set out in the NHS Constitution, for further information please visit
Subject Access Requests and Requests to Correct Errors
Individuals can find out if we hold any personal information about them by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
To make a request for any personal information we may hold you need to put the request in writing to the address provided below (see “Contact us”).
If we do hold information about you and you consider it to be inaccurate, you can ask us to correct any mistakes by, once again, contacting us at the address below.
We will only retain information for as long as necessary. Records are maintained in line with the Department of Health retention schedule which determines the length of time records should be kept.
If you do not wish your data to be used for purposes beyond your direct care, there are two types of objections that you can ask your GP Practice to record:
Type 1 objections: patients can object to Personal Information about them leaving a General Practice in identifiable form for purposes other than direct care.
Type 2 objections: patients can object to Personal Information collected from healthcare providers by NHS Digital being used for purposes other than their direct care.
Type 1 and 2 objections will be respected, except in very limited circumstances such as:
You have the right to refuse/withdraw consent to information sharing at any time. The possible consequences will be fully explained to you and could include delays in receiving care or omission from health screening programmes. If you wish to discuss withdrawing consent please contact us (see “Contact us”, below), or speak to your GP.
If you have any questions or concerns regarding how we use your information, please contact us at:
NHS Rushcliffe Clinical Commissioning Group
165 Loughborough Road
Tel: 0115 8837880
The contact details for the CCG’s Caldicott Guardian are:
c/o NHS Nottingham North & East Clinical Commissioning Group
Arnot Hill Park
Tel: 0115 8831838
Complaints or questions
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
The links below give more information about your rights and the ways the NHS uses personal information:
Aggregated data – anonymised information, grouped together so that it doesn't identify individuals.
Anonymised data – data about individuals, but with identifying details removed to protect that person’s identity. Anonymised data must comply with the ICO's Anonymisation: managing data protection risk code of practice.
De-identified data – see Anonymised data and Pseudonymised data.
Direct (patient) care – care provided personally by a health professional. Direct patient care may involve any aspects of the health care of a patient, including treatments, counselling, self-care, patient education and administration of medication.
Personal confidential data – is information which has been provided in confidence which relates to either or deceased individuals.
Personal identifiable data – data containing details that could potentially identify individuals, such as information containing an NHS number, postcode or a set of information which, taken together, could identify an individual. This may apply if the person is either living or deceased.
Primary care data – this is data from Primary Care Services (GP Practices, dental practices, community pharmacies and high street optometrists) which is identifiable health information.
Pseudonymised data – data about individuals, but with identifying details (such as name or NHS number) replaced with a unique code to protect the person’s identity.
Risk stratified data – data which has been processed to identify the patients who are at high risk of emergency admissions or unfavourable health outcomes, so that better care or support can be provided to the patient.
Secondary care data – data used for the national reporting of secondary care (hospital) activity which is either NHS-funded, and/or provided by NHS organisations. Datasets are securely submitted to the Secondary Users Service (SUS). Secondary Care Data allows CCGs to design better services for patients.
Appendix A – Data Processors