CPCCG logo
Home » Privacy/Fair processing notice

Privacy/Fair processing notice

Your personal information – What you need to know 
data laptop.jpg

Who we are and what we do

NHS Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) purchase and manage services to provide patients in our area with the highest quality of healthcare.  To enable us to do this, we keep records that contain information about you and your health, and the care and treatment we have provided or plan to provide to you.  Further information on the CCG is available to read here.

The CCG is registered with the Information Commissioner’s Office (ICO) as a data controller1.  Details of our data protection registration are available through the ICO website, our registration number is Z358830X. 

[1] See Appendix B ‘Key Definitions – Data Controller

If you would like a copy of our Fair Processing/Privacy Notice, you can download it here.

National Data Opt Out

Information about you can also be used and provided to other organisations for purposes beyond your individual care, for research and planning to help provide better health and care for you, your family and future generations. This may only take place when there is a clear legal basis to use this information.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way.  If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  On this web page you will: 

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.  Cambridgeshire and Peterborough CCG is currently working towards compliance with the policy by March 2020.

We are committed to protecting your privacy and will only use or process information collected lawfully1  in accordance with the Data Protection Act 2018 (DPA).  We undertake not to use any information we may hold about you for any purpose other than that for which it was collected, unless we have obtained your explicit consent2.  This includes not sending your information overseas without permission.  We do not sell personal information.

As a commissioning organisation not involved in direct patient care, the CCG does not routinely hold medical records, but may hold other personal or sensitive (special category) information3 relating to complaints, investigations, independent funding requests you may make, continuing healthcare funding, or reviews that we are carrying out on your behalf.  We also hold information centrally which is used for statistical purposes to allow the NHS to plan the services it provides.  We may also use anonymised4 or pseudonymised5 data for research6, audit and public health purposes.

Data may be anonymised and linked with other data so that it can be used to improve healthcare and development and monitor NHS performance.  Where data is used for these statistical purposes, stringent and technical measures are taken to ensure individual patients cannot be identified.

The CCG contracts with other organisations to process data on our behalf.  These organisations are known as ‘Processors’7 and we ensure they are legally and contractually bound, providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that any processing will meet the requirements of the DPA and ensure the protection of the rights of the data subject.

[1] See Appendix A - ‘Lawful Bases for Processing Data’
[2]See ‘Information Sharing’ section for instances where patients cannot opt out of their information being shared.
[3] See Appendix B ‘Key Definitions’ - Personal and Sensitive (Special Category) Data
[4] See Appendix B ‘Key Definitions’ - Anonymised Data
[5] See Appendix B ‘Key Definitions’ - Pseudonymised Data
[6] See Appendix B ‘Related Links and Documents’ - Health Research Authority
[7]See Appendix B ‘Key Definitions’ - Data Processors

The CCG has limited cause to process data as we are not involved in direct patient care, we do however receive anonymised and pseudonymised primary and secondary care data1 processed on our behalf by the North of England Commissioning Support Unit, contracted by us under strict information governance and information security conditions.  Receiving data of this type enables us to analyse current health services and proposals for developing future services.  It is sometimes necessary for us to link separate anonymised individual datasets to be able to produce a comprehensive methodology for evaluation.  This may involve linking primary care data with other non-identifiable data provided for secondary use (known as SUS2 which includes inpatient; outpatient; A&E and other NHS services data).

[1] See Appendix B ‘Key Definitions’ - Primary and Secondary Care Data
[2] See Appendix B ‘Key Definitions’ – Secondary Uses Service

Full details of the types of information processed within the CCG (including the purpose and any data processor involvement) can be found in Appendix A below.
Please tell us as soon as possible if there are any changes, such as a new address. This helps us to keep your information reliable and up to date.

We will not share your information unless you ask us to do so, however, there are some instances where patients cannot ‘opt out’ of having their information shared and information may be shared without their explicit consent.  These instances may include:

  • Where the sharing is mandated by law or court order;
  • Where there is sufficient safeguarding1 or vulnerability concerns;
  • In order to assist the police in the prevention and detection of crime;
  • There is an overriding public interest in releasing or sharing information;
  • We have special permission for health and research purposes (granted by the Health Research Authority)2;
  • For the health and safety of others, for example to report an infectious disease such as meningitis or measles.

We work with several NHS, partner agencies and other organisations3  to provide healthcare and services for you.  We may also share anonymised and pseudonymised statistical information with them for the purpose of improving local services, for example, understanding how conditions spread across our local area compared against other areas.

All CCG staff have contractual obligations of confidentiality4, enforceable through disciplinary procedures.  Staff with access to patient identifiable information receive appropriate ongoing training to ensure they remain aware of their responsibilities.  Our staff are granted access to personal or sensitive data strictly on a need-to-know basis only.

All NHS organisations have a senior person responsible for protecting the confidentiality of patient information to enable appropriate information sharing.  This person is called the Caldicott Guardian, Carol Anderson is the CCG’s Caldicott Guardian.

[1] See Appendix A ‘Types of Information Processed by the CCG’ - Safeguarding
[2]See Appendix B ‘Key Definitions’ – Section 251 and Appendix C ‘Related Links and Documents’ - Health Research Authority
[3] See Appendix C ‘Related Links and Documents’ - Cambridgeshire Information Sharing Framework
[4] See Appendix C ‘Related Links and Documents’ - Code of Practice for Handling Information in Health and Care

Confidential patient information is when 2 types of information from your health records are joined together.

The 2 types of information are:

  • something that can identify you

  • something about your health care or treatment

Identifiable information on its own is used by health and care services to contact patients and this is not confidential patient information.

There are two different opt-out types which both refer to information sharing for purposes other than that of direct patient care.

Type 1 opt-out:  Applies to Medical Records held at your GP practice

You can tell your GP practice if you do not want your confidential patient information held in your GP medical record to be used for purposes other than your individual care. This is commonly called a type 1 opt-out.  This opt-out request can only be recorded by your GP practice.

National data opt-out: Applies across the Health and Care System in England

In May 2018, a new national data opt-out was introduced following recommendations from the National Data Guardian.  Individuals can opt out of having their confidential patient information shared for reasons beyond their individual care, for example for research and planning.  If you’re happy with your confidential patient information being used for research and planning, you do not need to do anything. You can find out more and set your opt-out choice at nhs.uk/your-nhs-data-matters.

The national data opt-out does not apply where:

  • data is shared for your individual care;

  • there is a risk to public health or data is required for monitoring and control of infectious diseases, for example during an epidemic;

  • there is an overriding public interest;

  • there is a legal requirement to share information, for example:

    • investigations by regulators of professionals;

    • NHS fraud investigations;

    • notification of food poisoning;

  • you have consented to take part in a specific project;

  • anonymised data is used.

NHS Digital [1] monitors the number of patients applying their opt-out rights through aggregated [2] data sources.  Whilst patients have the right to opt out of having their data shared for purposes other than direct patient care, sharing data allows the NHS to better understand the needs of patients.  It also allows for more comprehensive performance monitoring of services and allows organisations to adequately benchmark themselves.  This allows care providers and commissioners to work collaboratively to improve the quality of, and accessibility to local services. 

[1] See Appendix B ‘Key Definitions’ – NHS Digital
[2] See Appendix B ‘Key Definitions’ - Aggregated Data

NHS records may be in electronic or paper format or a mixture of both, a combination of working practices and technology is used to ensure that your information is kept confidential and secure.

The Records Management Code of Practice for Health and Social Care 20161 sets out the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England, based on current legal requirements and professional best practice.

Data held by the CCG is retained in line with the Code of Practice’s retention schedules and thereafter confidentially destroyed or disposed of.  Detailed retention schedules, ie minimum periods for which various records that are created should be retained, in accordance to either their ongoing administrative value or as a result of statutory requirement can be found in Appendix 3 of the Code of Practice.

[1] See Appendix C ‘Related Links and Documents’ - The Records Management Code of Practice for Health and Social Care 2016

If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss accessing your information, please contact the CCG’s Data Protection Officer at:

Data Protection Officer
Cambridgeshire and Peterborough CCG
Lockton House
Clarendon Road
Cambridge CB2 8FH

Email: CAPCCG.DataProtectionOfficer@nhs.net

Information on how to access your information is available here or by contacting the Information Governance Team on 01223 725451 or at capccg.infogov@nhs.net

If you have any question or concerns regarding accessing your information; the information we hold on you or the use of your information, please contact the CCG’s Data Protection Officer, details below:

Data Protection Officer
Cambridgeshire and Peterborough CCG
Lockton House
Clarendon Road

email: CAPCCG.DataProtectionOfficer@nhs.net

Patient Experience Team 

FREEPHONE: 0800 279 2535 or telephone: 01223 725588
Email: capccg.pet@nhs.net

Further information can be found here

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office at:

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113 (Monday to Friday, 9am to 5pm)
Website: https://ico.org.uk/

Under the new Data Protection Regulation, the CCG must determine a lawful basis for processing personal identifiable data before processing commences.  Where special category data is processed, a lawful basis and a separate condition must be identified. (See Note below)


The individual has given clear consent for the CCG to process their personal data for a specific purpose.


The processing is necessary for a contract the CCG has with the individual, or because the individual has asked us to take specific steps before entering into a contract.


The processing is necessary for the CCG to comply with the law (not including contractual obligations).


The processing is necessary to protect someone’s life.


The processing is necessary for the CCG to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.


The processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This does not apply to the CCG - public authorities process data to perform their official tasks.)

Source: ICO Lawful Basis for Processing

Note: Relevant provisions in the General Data Protection Regulation (GDPR) for processing:
Personal Identifiable Data – Article 6(1); Article 6(2) and Recital 40.
Special Category Data - Conditions are listed in Article 9(2) of the GDPR

Types of information processed by the CCG




Purpose – To process your personal information if it relates to a complaint where you have asked for our help or involvement.

Legal Basis - The CCG has a duty as to the improvement in quality of services under Section 14R NHS Act 2006 and will rely on your explicit consent as the basis to undertake such activities.

Data Processor – We process this information ourselves.

Freedom of Information (FOI) requests

Purpose – To process personal information in relation to FOI requests made by an individual to enable response to be provided.

For further information please visit the CCG’s FOI webpage.

Legal Basis – Freedom of Information Act.

Data Processor – We process this information ourselves.


Purpose – Safeguarding means protecting individuals’ health, wellbeing and human rights, and enabling them to live free from harm, abuse and neglect.  It is a key part of providing high-quality health and social care.  The CCG will participate in Serious Case Reviews undertaken by either the local Children’s Safeguarding Boards or the Adult Safeguarding Boards for continued learning, to minimise risk and to improve services.

Legal Basis - The CCG has a statutory responsibility under the Children Act 2004; Care Act 2014 and safeguarding provision within the Data Protection Act 2018 (Schedule 1, Part 2, subsections 18 and 19) to ensure the safety of all children, and the safety of adults at risk of abuse and neglect.

Sharing information - Where there is a suspected or actual safeguarding issue the CCG will share information that we hold with other relevant agencies whether or not the individual or their representative agrees.

Data Processor – We process this information ourselves, except in circumstances where there may be an external review involving a service delivered by us.  Where this is the case, we would commission an appropriate external person to undertake the internal elements of the review for us.

Individual Funding Requests

Purpose – We process your personal information where we are requested to fund specific treatment for you for a particular condition that is not already covered within our contracts.  For further details, please see the CCG’s Patient Leaflet on Funding Requests.

Legal Basis –The National Health Service Commissioning Board and Clinical Commissioning Groups (Responsibilities and Standing Rules) Regulations 2012 part 7 (34) sets out the duty of a CCG in regard to funding and commissioning of drugs and other Treatments.  The clinical professional who first identifies that you may need the treatment will explain to you the information that is needed to be collected and processed in order to assess your needs and commission your care; they will gain your explicit consent to share this.

Data Processor – The CCG manages its funding requests via a web-based programme provided by Blueteq.  Blueteq store the data on our behalf.

Continuing Healthcare (CHC)

Purpose – We process personal identifiable information whilst carrying out assessments for NHS Continuing Healthcare (a package of care for individuals with complex medical needs) funding.  Where eligibility is established, this ensures that we commission the correct care package for you.

Legal Basis - The National Health Service Commissioning Board and Clinical Commissioning Groups (Responsibilities and Standing Rules) Regulations 2012 section part 6 sets out the duty of a CCG in regard to the assessment and provision of NHS Continuing Healthcare.  The clinical professional who first sees you to discuss your needs will explain to you the information that they need to collect and process in order for your needs to be assessed and your care package to be commissioned; they will gain your explicit consent to share this.

Data Processor – Health Analytics and SystmOne (TPP) are the clinical systems that we use to process and store health data relating to continuing healthcare.  Where required, data is shared with Social Care Teams (Brokerage) to enable care packages to be sourced for our population.

Infection Control

Purpose - The CCG has an obligation for carrying out Infection Control surveillance.  This work is undertaken by a clinical nurse with support from Practices and Acute Trusts to provide the relevant information for the investigation to be undertaken and outcomes derived.  The surveillance reports produce actions and lessons learnt that support direct improved care of patients and continuously improves the safety of patients and focus on clinical learning.

Legal Basis - The Health Service (Control of Patient Information) Regulations 2002 (Paragraph 3) enables the lawful processing of patient information in relation to diagnosing, recognising trends, controlling, preventing, monitoring and managing communicable diseases and other risks to public health.

Public Health England’s Mandatory Healthcare Associated Infection Surveillance: Data Quality Statement - June 2018.

Data Processing – We process this information ourselves.

Invoice Validation

Purpose – The Invoice Validation process ensures that care providers who provide you with care and treatment can be paid for the services they provide in a timely and efficient manner.  There are situations where personal data is required to ensure that the correct service provider is paid.  In such cases service providers are required to send patient identifiable data such as NHS Numbers to a Controlled Environment for Finance (CEfF).  The CEfF is a restricted secure area where a limited number of authorised staff process the data to indicate which invoices can be validated (authorised) for payment.  The CCG has approval for three individuals to have access to patient information for the purposes of the CEfF.  NHS England has published guidance on how invoices must be processed and Commissioners have a duty to detect report and investigate any incidents where a breach of confidentiality has been made.  For further information, please visit NHS England Invoice Validation FAQs.

Legal Basis - GDPR Article 6(1)(e) and Article 9(2)(h).  The use of personal confidential data by CCGs for invoice validation has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority (approval reference (CAG 7-07)(a-c)/2013)), approval has been extended to the end of September 2020.  NHS England Invoice Validation gives us a statutory legal basis under Section 251[1] of the NHS Act 2006 to process data for invoice validation purposes which sets aside the duty of confidentiality.  We are committed to conducting invoice validation effectively, in ways that are consistent with the laws that protect your confidentiality.

Data Processor - NHS Shared Business Services (SBS) process invoices on behalf of the CCG.  NHS SBS do not require and should not receive any personal data to provide their services.

Patient and Public Involvement

Purpose – If you have asked us to keep you regularly informed about the work of the CCG or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process data which you have agreed to share with us.

Where you submit your details to us for involvement purposes, your information will only be used for this purpose and not shared with anyone without your explicit consent.  You can opt out of involvement at any time by contacting the CCG’s Communications and Engagement Team on 01223 725400 or at capccg.contact@nhs.net

Legal Basis – We will rely on your explicit consent for this purpose.

Data Processor – We process this information ourselves.


Purpose – The CCG acts as a hosted advisory service to support research within primary care.  Any research supported by the advisory service has regulatory approval by the Health Research Authority, who hold delegated legal responsibility for the regulation of research in health and social care.

Legal Basis – Public task.  GDPR Article (1)(e) applies i.e. it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. If explicit patient consent is required, this is arranged between the Sponsor and Primary Care.

Data Processor – Participant study data is neither held nor processed by the CCG.


[1] See Appendix C ‘Key Definitions’ - Section 251


Key definitions

Data ‘Controller’

A Data Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data ‘Processor’

A Data Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal Data


Personal data is any information relating to a person (a ‘data subject’) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Processing (in relation to Personal Data)

Means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction).

Personal Sensitive Data (Special Categories)

Special categories of personal data are related to an individual’s race; ethnic origin; political opinions; religious or philosophical beliefs; genetic data; biometric data (where this is used for identification purposes); health data; sex life; or sexual orientation.  Personal data can also include information relating to criminal convictions and offences.

Anonymised Data

Anonymised data is any personal data which has been processed so that all identifiers are removed or obscured in a way which minimises the likelihood that the data will identify individuals.

Pseudonymised Data

Pseudonymisation is a technical process that replaces identifiable information such as an NHS number, postcode, and date of birth with a unique identifier, which obscures the identity of the individual patient to those working with the data.

Aggregated Data

The consolidation of data relating to multiple individuals, and therefore the data cannot be traced back to a specific individual.

Primary Care Data

Primary care refers to the work of health professionals who act as a first point of contact for patients such as GPs and pharmacists, primary care data is therefore data collected within GP Practices, dental practices, community pharmacies and high street optometrists.

Secondary Care Data

Secondary care is the health care provided by specialists who generally do not have first contact with patients, it includes hospital care, community care and mental health care, secondary care data is therefore data collected by hospital, mental health and community services.

NHS Digital

NHS Digital provides national information, data and IT systems for health and care services.  They exist to help patients, clinicians, commissioners, analysts and researchers.  Their goal is to improve health and social care in England by making better use of technology, data and information.

Secondary Uses Service (SUS)

The Secondary Uses Service (SUS) is a single, comprehensive repository for healthcare data in England which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services.  Commissioners and providers of NHS-funded care use this data for secondary purposes other than direct or 'primary' clinical care, such as: Healthcare planning; Commissioning of services; National Tariff reimbursement and development of national policy. SUS is a secure data warehouse that stores this patient-level information in line with national standards and applies complex derivations which support national tariff policy and secondary analysis.

Section 251

Section 251 of the 2006 NHS Act was created because it was recognised that there were essential activities of the NHS, and important medical research, that required the use of identifiable patient information – but, because patient consent had not been obtained to use people’s personal and confidential information for these other purposes, there was no secure basis in law for these uses.  For further information regarding Section 251, see Appendix C ‘Related Links and Documents’ - Health Research Authority.


Related links and documents


Code of Practice for Handling Information in Health and Care 

Data Sharing

Data Sharing Code of Practice 

Information Governance Review: To share or not to share 

Records Management

Records Management Code of Practice for Health and Social Care 2016 

Advice and Guidance on the Law and Personal Data

Information Commissioner's Office

Information Security Management

Information Security Management: NHS Code of Practice


Anonymisation: Code of Practice

Anonymisation Standard for Publishing Health and Social Care Data

Requesting Information Under the Data Protection or Access to Health Records Acts

ICO Subject Access Code of Practice

Guidance for Access to Health Records Requests

The National Care Record Guarantee (Summary Care Records)

National Care Record Guarantee

Health Research Authority

Confidentiality Advisory Group

The NHS Constitution for England

The NHS Constitution for England

Cambridgeshire Information Sharing Framework

(includes a list of Organisations currently signed up to the Framework)

Cambridgeshire Information Sharing Framework

(Hosted by Cambridgeshire County Council)