We are committed to protecting your privacy and will only use or process information collected lawfully1 in accordance with the Data Protection Act 2018 (DPA). We undertake not to use any information we may hold about you for any purpose other than that for which it was collected, unless we have obtained your explicit consent2. This includes not sending your information overseas without permission. We do not sell personal information.
As a commissioning organisation not involved in direct patient care, the CCG does not routinely hold medical records, but may hold other personal or sensitive (special category) information3 relating to complaints, investigations, independent funding requests you may make, continuing healthcare funding, or reviews that we are carrying out on your behalf. We also hold information centrally which is used for statistical purposes to allow the NHS to plan the services it provides. We may also use anonymised4 or pseudonymised5 data for research6, audit and public health purposes.
Data may be anonymised and linked with other data so that it can be used to improve healthcare and development and monitor NHS performance. Where data is used for these statistical purposes, stringent and technical measures are taken to ensure individual patients cannot be identified.
The CCG contracts with other organisations to process data on our behalf. These organisations are known as ‘Processors’7 and we ensure they are legally and contractually bound, providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that any processing will meet the requirements of the DPA and ensure the protection of the rights of the data subject.
See Appendix A - ‘Lawful Bases for Processing Data’
See ‘Information Sharing’ section for instances where patients cannot opt out of their information being shared.
See Appendix B ‘Key Definitions’ - Personal and Sensitive (Special Category) Data
See Appendix B ‘Key Definitions’ - Anonymised Data
See Appendix B ‘Key Definitions’ - Pseudonymised Data
See Appendix B ‘Related Links and Documents’ - Health Research Authority
See Appendix B ‘Key Definitions’ - Data Processors