NHS Wayfinder services

About this privacy policy

NHS England provides the Wayfinder services that enable people and carers to access information about their secondary care referrals and their elective care via the NHS account (either the NHS App or nhs.co.uk).

This privacy policy explains how NHS England and other organisations may use your data for this purpose. 

Data Controller’s Contact Details

The Secretary of State has issued directions to NHS England to deliver Wayfinder. The legal direction is titled Wayfinder Services Directions 2023, dated 5 July 2023.

NHS England are joint controller with the Secretary of State for the data we need to provide the Wayfinder services unless otherwise stated.

NHS England are also joint controller, with the Secretary of State for the NHS App.

Please visit the NHS App webpage for further details.

Please visit the NHS England website for contact details.

Our purpose for using your data

We use your data to help you access information about secondary care referrals and your elective care via the NHS App. We will do this by integrating patient-facing systems (also known as personal health record (PHR) services) with the NHS App to provide more patient-centered care at local and national levels.

Our aims are to:

  • Create a better experience for you, so you have more control over your care.
  • Be able to give more people more access.
  • Be able to give you information relevant and tailored to you.
  • Reduce the number of paper letters sent by post.
  • Reduce our carbon footprint.
  • Reduce waiting times and decrease waiting lists
  • Make a positive contribution towards the Elective Care Backlog Recovery Programme and its goals.

In using your data, we will be able to do the following in the NHS App, both in mobile and desktop formats:

  • Present you with information on:
    • referrals and their status
    • future and historical hospital appointments
    • clinical documents including things such as appointment letters, outcome letters, discharge summaries, etc.
    • questionnaires relevant to your hospital care
    • patient test results and other such patient-facing clinical data sources
    • wait list information and average wait times.
  • Send you notifications and messages regarding the above information.
  • Enable you to access
    • e-RS, to book your initial outpatient appointment
    • patient-facing systems, to book, change and cancel appointments.
  • Provide a way for you to provide feedback.
  • Provide a way to collect and analyse data to improve services.

This service does not include profiling or any automated decision making. 

Where do we get information from?

We collect data from NHS trusts via their patient facing systems as well as other areas of NHS England as explained below:

Role What is it? Data controller
Patient-facing system This enables you to manage your appointments, view important documents and complete questionnaires.

 

Trusts
e-RS

(Electronic Records Service)

National e-Referrals Service provides information about your referrals and appointments. Integrated with aggregator for appointment data and allows deep links into existing manage your referral functionality NHS England

 

Waiting list minimum data set (WLMDS) Wait time data source system managed by NHS North of England Commissioning Support.

Wait time data source system, processing anonymous WLMDS data in order to return average wait time information per speciality in each trust.

Collates and processes latest waiting list data provided by trusts, making it available to consume and surface wait time information to patients within the NHS App.

Data provided at patient level (NHS number) enabling patient to be identified to surface relevant average waiting time information.

NHS England

Data we collect about you

Data Categories Why do we need this?
Personal data
NHS number Your NHS number is part of your personal medical record and is used for matching and validation.
Surname This is part of your personal medical record and is used for matching and validation.
Name This is patient contact information that is part of your personal medical record and used to help our service desk resolve any user issues.
Date of Birth This is part of your personal medical record and is used for matching and validation.
Email address This is patient contact information that is part of your personal medical record and used to help our service desk resolve any user issues.
Phone number This is patient contact information that is part of your personal medical record and used to help our service desk resolve any user issues.
Special category data
Appointment data

For example, appointment identifier, appointment date, appointment location, appointment type/description

We need this to:

  • be able to present appointment information to you
  • help our service desk resolve any user issues.
Referral data

For example, referral identifier (UBRN), referring organisation (ODS Code and name), referral status

We need this to be able to present referral information to you.

 

Document data

For example, document type, document status

We need this to be able to present documents to you.

 

Questionnaire data

For example, questionnaire type, questionnaire status

We need this to be able to present questionnaires to you.

 

Patient-specific wait times data

For example, patient presence on waiting list

Required to link this data with other sources, for example, WLMDS, in order to surface average wait time data relevant to the patient (based on specific speciality, trust, etc.).
Test results Required to surface patient clear and navigable test result information to patients.
Condition/pathway data

For example, SNOMED code for a patient’s condition

Required to enable delivery of a tailored patient experience related to their individual condition or care pathway.
Speciality Required to deliver relevant information to patients based on the speciality.
Messages from health and care providers

For example, new appointment containing key information such as location, speciality, clinician name etc.

Required to update patients on their care and required actions. Messages processed as part of NHS App Messaging and NHS App Notification Services will persist within the NHS App repositories.
Non-personal data
Portal URL (deep link) Required to allow patients to access Wayfinder content and features delivered via patient-facing system within NHS login-enabled experience.
Portal identifiers

For example, NHS login, eRS or patient-facing system identifiers

Required to connect together patient information across different systems via pseudonymised identifiers.
Wait times rolled-up data Aggregated dataset (for example, for trust, speciality, procedure) required to match with patient presence on wait list (from WLMDS) to provide wait time information relevant to the patient.
Patient analytical data

For example, overall number of patient logins to Wayfinder, number of unique patient logins to Wayfinder

Data about patient interaction with Wayfinder functionality gathered by a Management Information Reporting Service in order to inform business case benefits mapping, key performance indicators (KPI)/management information (MI) generation and service delivery improvement opportunities.

Will in some scenarios require processing of patient personal data (for example, NHS number) in order to generate pseudonymised data at a per patient level.

Do we share any of your information?

NHS England may share data back to the NHS trust which originally provided it, in identifiable or pseudonymised form, at the request of the NHS trust to assist in resolving any technical or quality assurance issues.

Anonymous and summarised data will be shared with NHS trusts, commissioners and policy teams at national, regional and provider level to support strategy and operational decisions and with Department of Health and Social Care and its associated bodies (NHS England, UK Health Security Agency, etc.) to support service delivery.

Anonymous and summarised data may also be shared to support research and audit.

Where do we store your information and how long do we keep it for?

We only store and process your personal data within the UK and European Economic Area (EEA).

Your information is stored as follows:

Category of information Retention period
Personal data Your NHS numbers is held forever in order for you to be able to access all historical trust healthcare information.

The service caches the NHS login ID token (which contains NHS Number, surname and data of birth) to support the user with a seamless authentication journey between services that will be retained in a local cache only for the duration of the user session.

Database transaction logs, record locators, infrastructure access logs, edge logs and application logs are retained within the programme; redacted logs sent to the Cyber Security Operation Centre (CSOC) in line with the CSOC retention policy.

  • database transaction logs – 5 years
  • record locators – 40 days
  • infrastructure access logs – 40 days
  • edge logs – 40 days
  • application logs – indefinitely
Special category data Audit logs are retained for 5 years. All other data is pass-through, ie relayed to a subsequent target system from the sending source system.
Non-personal data Audit logs evidencing message processing are retained for 2 years. Audit logs evidencing events processing are retained for 15 months. Audit logs evidencing access are retained for 40 days. All other data is pass-through, ie relayed to a subsequent target system from the sending source system.
Reporting data MI reports are retained for 5 years, and MI events are retained for 5 years for analytical purposes in line with the 5 year duration of benefits forecast in the Wayfinder business case. Data will be held in pseudonymised form.

Audit logs evidencing access and review are retained for 40 days

Our legal basis for processing

The UK General Data Protection Regulation (UK GDPR) sets out the requirements on organisations who collect and process personal data from people in the UK. Where NHS England processes personal data, we need to comply with the UK GDPR.

Having a legal direction in place puts NHS England under a legal obligation to comply with this requirement and so meets Article 6(1)(c) of the UK GDPR. To deliver certain parts of the NHS App, such as when we are using your cookies, we also need your consent so meeting Article 6(1)(a) of the UK GDPR.

Your health data has extra legal protection and NHS England must also comply with  Article 9 of the UK GDPR. To process your health data, we rely on:

  • Article 9(2)(g) of the UK GDPR which applies where there are “reasons of substantial public interest”. The Department of Health and Social Care has decided that it is in public interest for NHS England to provide the NHS App to the public. In addition, Schedule 1, Part 2 paragraph 6 of the Data Protection Act 2018 in relation to statutory and government purpose.
  • Article 9(2)(h) of the UK GDPR which applies as your NHS App supports the provision of health and social care to you. In addition, Schedule 1, Part 1 paragraph 2 of the Data Protection Act 2018 in relation to a health or social care purpose.

What are your rights?

You have a right to:

  • know how and why your data will be collected, processed and stored
  • request a copy of your personal data
  • correct errors or omissions in your personal data
  • to ask us to restrict our use of your personal data (for example, if you think it’s inaccurate and needs to be corrected).

You can exercise your rights by contacting the relevant controller.

For data held and processed by NHS England, please visit the NHS England website for contact details.

If you wish to exercise your rights regarding data held and processed by your hospital, please get in touch with your hospital using the contact details in the hospital’s privacy policy, published on their website.

 How do you complain?

If you have any objections or complaints relating to your data, we will investigate and attempt to resolve them. We will make every reasonable effort to allow you to exercise your rights as quickly as possible and within the timescales set out in data protection laws.

You can contact our Data Protection Office at NHS England to make a complaint. You can do this by emailing enquiries@nhsdigital.nhs.uk or by sending a letter to:

Privacy Transparency and Ethics team

7 and 8 Wellington Place

Leeds

West Yorkshire

LS1 4AP

We ask that you try to resolve any issues with us first. However, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time about our processing of your personal information. The ICO is the UK regulator for data protection and upholds information rights. Contact the ICO.