Fair Processing Notice

How We Use Your Information

PRIVACY & FAIR PROCESSING NOTICE

Published Sept 2016

This page explains the NHS North East Lincolnshire Clinical Commissioning Group’s privacy policy and how we will use and protect any information about you that you give us when you contact us by whatever method.

This privacy statement only covers the NHS North East Lincolnshire CCG and does not cover any other organisations or organisations that can be linked to from this site. It is important you are aware when you are moving to the site of, or engaging in correspondence with another organisation that you read the privacy statement of that organisation.

Who We Are and What We Do

North East Lincolnshire Clinical Commissioning Group (hereafter referred to as “the CCG”) is responsible for implementing the commissioning roles as set out in the Health and Social Care Act 2012.

Clinical Commissioning Groups are groups of GP Practices that are responsible for commissioning health and care services for the local community, for example hospital services, nursing in the community and mental health services. We ensure the care providers provide safe high quality care, which includes responding to concerns from our citizens; please see below for details of how to make comments and complaints.

As a Clinical Commissioning Group we have many other functions, but these do not generally need data that may identify a person individually (identifiable data).


The Data Protection Act

Under the Data Protection Act 1998 the CCG is required to register with the Information Commissioners Office detailing all purposes for which personal identifiable data is collected, held and processed.

The CCG has a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it.

The CCG will not pass on your details to any third party or other government department unless you consent to this or when it is necessary and we are allowed or required to by law.

The Information Commissioners Office maintains a public register of organisations that process personal identifiable data. The NHS North East Lincolnshire Clinical Commissioning Group’s registration number is Z3526987.

View the CCG’s Notification online: http://www.ico.org.uk/esdwebpages/search

The entry sets down:

Information we collect and how we use it

For the majority of our work we do not need to know individually who lives in our community, and this is our preferred way of working. It should be noted that information which cannot identify an individual does not come under the Data Protection Act 1998.

The CCG uses information for statistical purposes to allow it to better plan and commission health services for the local area. This could include:

Monitoring of quality and efficiency of services commissioned

Statistical analysis of the local populations illnesses

Preparing national data submissions for quality and cost

The CCG does not directly provide health care services and therefore does not routinely create or hold any clinical records about any individuals as it does not provide direct care. If you wish to have sight of your own personal health care records you will need to apply to your GP Practice, or the NHS Hospital or NHS organisation which provided your healthcare.

We have been granted an exemption under Section 251 of the NHS Act 2006 which allows us to process personal information for limited purposes including:

Ensuring that the CCG is billed accurately for the treatment of its patients, which is known as "Invoice Validation"

Section 251 was introduced because it was recognised that there were essential activities of the NHS, and important medical research, that required the use of identifiable patient information – but, because patient consent had not been obtained to use people’s personal and confidential information for these other purposes, there was no secure basis in law for these uses.

We currently use the following organisation to help carry out this work:

North of England CSU (NECS)

EMBED Health Consortium

Other functions for which we do currently process personal identifiable data after gaining an individual’s consent include:

There are some circumstances where we are legally required to process personal information or share it with partner organisations without seeking consent, including:

 From time to time the CCG may collect information about you in order to perform its duties or answer queries, enquiries or complaints you have raised and it applies to:

Planning and Improving Healthcare

The CCGs uses anonymised and pseudonymised patient information to design and commission care services across its area as well as to identify gaps in healthcare services.

Anonymised information is data about you, but from which you cannot be personally, individually identified

Pseudonymised information is where any identifiable information (e.g. names) have been removed and replaced with a unique code (to represent each individual) so that specific people cannot easily be identified from the remaining data.

This code still allows information from several sources to be linked together, without seeing the identity of the patient. This de-identification and linking work is carried out by the Health and Social Care Information Centre (a public body granted additional legal rights to carry out the work).

Information across the following sources (national and local) may be used and linked to help manage the health and social care needs of North East Lincolnshire and its surrounding area.

Visitors to our Website

When someone visits the CCG’s website, http://www.northeastlincolnshireccg.nhs.uk/ information is collected in a standard internet log to enable the CCG to monitor how the website is used. This is done to find out things such as the number of visitors to the various parts of the site. This information is collected in such a way that does not identify people who have visited our websites.

From time to time, you may be asked to submit personal information about yourself (e.g. name and email address) in order to receive or use services on our website. Such services include bulletins, email updates, website feedback, requesting investigation of complaints and any other enquiries.

By entering your details in the fields requested or sending us an email, you enable the CCG and its service providers to provide you with the services you select. Any information you provide will only be used by the CCG, or our agents or service providers, and will not be disclosed to other parties unless we are obliged or permitted to do so.

We will hold your personal information on our systems for as long as you use the service you have requested, and remove it in the event the purpose has been met or when you no longer wish to continue your subscription.

Use of Cookies

You can read more about how cookies work on the CCG website at: Cookies

People who email us

Any email sent to the CCG, including any attachments, may be monitored and used by the CCG for reasons of security and for monitoring compliance with office policy. 

Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

If you post or send offensive, inappropriate or objectionable content anywhere on http://www.northeastlincolnshireccg.nhs.uk/ or otherwise engage in disruptive behaviour on this website we may use whatever information is available to us, about you, to stop such behaviour.

Staff

The CCG as NHS Employers needs to process information in relation to staff. This information is used in a variety of ways to ensure staff are paid, that the CCG complies with employment law, or to provide other services related to their employment.

National Fraud Initiative

This organisation is required [by law] to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.  For further information on data matching at the CCG please use the “Contact Us” section below.

Declarations of Interests, Gifts, and Hospitality

The CCG is required to maintain and publish on its website registers of interests, gifts and hospitality for staff of the CCG, as well as its Members, Governing Body and Committee Members.

In exceptional circumstances, where the public disclosure of information could lead to a real risk of harm or is prohibited by law, a person’s name or other information may be withheld from the published registers. If you feel that substantial damage or distress may be caused to you or somebody else by the publication of information in the registers, you are entitled to request that the information is not published. Such requests must be made in writing to the CCG or via the contact us  page.

Make a complaint to us

When we receive a complaint from anyone we will need to make up a file containing details of the complainant and the complaint they are making. How we use a complainant’s information to investigate a complaint is explained further on our Compliments and Complaints page at: : http://www.northeastlincolnshireccg.nhs.uk/get-involved/have-you-say/

Continuing Health Care

The CCG operates an internal Continuing Health Care Team who assess and arrange packages of care individuals found to have a primary health need.

In order for the CCG to provide these services they need to collect and keep a record of personal information about the person to whom the service is to be provided. This record may be either written down or held electronically on computer, these details may include:

This information may be shared with other agencies involved in providing care or where required by law, for example with social services or for safeguarding purposes, however such information will only be shared with the appropriate consent or under a statutory legal requirement.

Keeping Information Secure and Confidential

Everyone working for the NHS is subject to the Common Law Duty of Confidentiality and all staff are trained to keep information confidential and have contractual obligations in respect of confidentiality, which are enforceable through disciplinary procedures. Information provided in confidence will only be used for the purposes to which the patient has consented, unless there are specific circumstances allowed by law.

The NHS Confidentiality Code of Conduct applies to all of our staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

We take relevant organisational and technical measures to make sure that the information we hold is secure; such as holding information in secure locations, restricting access to information to authorised personnel, protecting personal and confidential information held on equipment such as laptops with encryption.

We also have a duty to show that the systems and processes we use are secure and that legal agreements are put in place to maintain security.

We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian. The Caldicott Guardian for NHS North East Lincolnshire CCG is Dr. Anne Spalding.

Partner Organisations With Whom We May Share Your Personal Data

We work with and commission a number of partner organisations (both within and outside the NHS) to provide healthcare services to you. We will only share personal information where there is valid legal basis to do so. We may also share anonymised statistical information with them for the purpose of improving local services, for example understanding how health conditions spread across our local area compared against other areas. These partners include:

The CCG’s Use of Your Information …Your Right To Opt-Out or Withdraw Consent

You have the right, in law and additionally in the NHS Constitution

to request that your confidential information is not used beyond your own care and treatment and to have your objections considered, and where your wishes cannot be followed, to be told the reasons including the legal basis.

In addition you may at any time withdraw any consent you may have previously given the CCG to process information about you.

If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, if any, please contact us.

Opt-Out (Stopping) Information About You Across The NHS Being Used Outside Of Direct Care

If you do not want the NHS to use information about you, collected by your GP or other parts of the NHS then you can opt-out by completing an opt-out form and returning it to your GP practice. There two different types or levels of opt-out available:

Depending on the type of opt out you may choose, this will prevent your information being shared outside of your GP practice or NHS Digital for purposes beyond your direct care (except in special circumstances allowed by law, such as when there is a public health emergency or safeguarding issue). More information about these opt-out types is available from NHS Digital.

The possible consequences of opting-out will be fully explained to you and could include problems and delays in identifying and providing the most appropriate care or making additional care resources available.

Access to Personal Information

Everybody has the right to see, or have a copy, of data we hold that can identify you, with some exceptions. You do not need to give a reason to see your data. If we do hold any information about you we will:

If you want to access your data you must make the request in writing. Under special circumstances, some information may be withheld. To make a request to NHS North East Lincolnshire CCG for any personal information we may hold, you will need to put the request in writing and send it to:

By post to:

Subject Access Requests
North East Lincolnshire Clinical Commissioning Group
Athena Building
Saxon Court
Gilbey Road
Grimsby
North East Lincolnshire
DN31 2UJ

By email to: NELCCG.GovernanceTeam@nhs.net

How Long Do You Hold Confidential Information For?

All records held by the CCG will be kept for the duration specified by national NHS guidance (see  Records Management Code of Practice for Health and Social Care 2016 Retention Schedule for further information).  At the end of the retention period, data will be reviewed as to whether it can then be securely destroyed. When destroying records the CCG will do so in line with the Records Management Code of Practice for Health and Social Care 2016.

Links to Other Websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this Privacy Notice

If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

How to contact us:

If you want to request information about our privacy policy you can write to us at:

North East Lincolnshire Clinical Commissioning Group
Athena Building
Saxon Court
Gilbey Road
Grimsby
North East Lincolnshire
DN31 2UJ
or Email General Enquiries at: nelccg.askus@nhs.net

For independent advice about protection, privacy or data sharing issues, you can contact:

For independent advice about protection, privacy or data sharing issues, you can contact:

The Information Commissioner

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Phone: 08456 30 60 60 0r 01625 54 57 45

Websit :www.ico.gov.uk 

Further information

The links below give more information about your rights and the ways that the NHS uses personal information:

NHS Care Record Guarantee
NHS Constitution
Confidentiality: The NHS Code of Practice
An independent review named Information: To share or not to share? The Information Governance Review was conducted in 2012.
NHS England advice for CCGs and GPs on information governance and risk stratification
Health and Social Care Information Centre
The Information Commissioner (the Regulator for the Data Protection Act 1998, who can offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information)