Fair Processing and Privacy Notice
Your information: what do we hold?
The CCG is committed to protecting your privacy. We will only use information collected lawfully in accordance with the Data Protection Act 1998 and undertake not to use any information we may hold about you for any purpose other than that for which it was collected, unless we have obtained your consent. This includes not sending the information overseas without permission. We do not sell personal information.
NHS records may be electronic, paper, or a mixture of both, and we may use a combination of working practices and technology to ensure that your information is kept confidential and secure.
We do not routinely hold medical records, but may hold other personal information relating to complaints, investigations, independent funding requests you may make, continuing healthcare funding, or reviews that we are carrying out on your behalf. We also hold information centrally which is used for statistical purposes to allow the NHS to plan the services it provides. We may also use de-identified data for research, audit and public health purposes.
We will not share your health records or data we hold about you for any reason unless:
- You ask us to do so;
- Where a formal court order has been served on us;
- In order to assist the police in the prevention and detection of crime;
- To protect children and vulnerable adults;
- We have special permission for health and research purposes (granted by the Health Research Authority), or
- For the health and safety of others; for example to report an infectious disease such as meningitis or measles.
We work with a number of other NHS, partner agencies and other organisations to provide healthcare and other services for you. We may also share de-identified statistical information with them for the purpose of improving local services, for example understanding how conditions spread across our local area compared against other areas.
We also contract with other organisations to provide a range of services for us, for example providing some human resource services for our staff. In these instances we ensure that our partner agencies handle our information under strict conditions and in line with the law.
All CCG staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. Staff with access to patient identifiable information receive appropriate on-going training to ensure they are aware of their responsibilities. Our staff are granted access to personal data on a need-to-know basis only.
We will use limited information about individual patients when validating invoices received for healthcare provided, to ensure the invoice is accurate. This will be performed in a secure environment and will be carried out by a limited number of authorised staff. These activities and all identifiable information will remain within a CEfF (Controlled Environment for Finance), approved by NHS England.
Your information: What do we need from you?
Please tell us as soon as possible if there are any changes to your details, such as a new address. This helps us to keep your information reliable and up to date.
Contacting us about your information
Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian. Jill Houghton, Chief Nurse, is the CCG’s Caldicott Guardian.
If you have any questions or concerns regarding the information we hold on you or the use of your information, or would like to know more about accessing your information, please contact us at:
Cambridgeshire and Peterborough Clinical Commissioning Group Lockton House
Clarendon Road Cambridge
Tel: (01223) 725400
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner at:
Phone: 08456 30 60 60 or 01625 54 57 45
Fax: 01625 524510
Confidentiality - The NHS Code of Practice; Caldicott Review: Information Governance in the Health and Social Care System
Records Management - Records Management Code of Practice for Health and Social Care 2016
Data Sharing - Data Sharing Code of Practice
Advice and guidance on the law and personal data - The Information Commissioner's Office
Information Security - Information Security Management: NHS Code of Practice
Anonymisation - Anonymisation Standard for Publishing Health and Social Care Data
Requesting Information uner the Data Protection Act - Information Commissioner's Guidance on Subject Access
The Care Record Guarantee - National Care Record Guarantee
Health Research Authority - Confidentiality Advisory Group