Purposes for processing
NHS England is committed to the delivery of safe and efficient services, and will communicate safety critical information and guidance to the NHS under various policy and procedural structures.
An Alert may be issued to prevent or avoid unexpected or avoidable death, harm or injury to patient, carer, staff or visitor, or in order to prevent fraud.
Sources of the data
Alerts can be generated across the organisation, and instigated from systems and services commissioned by NHS England. Under numerous protocols including regulations for Controlled Drugs, Patient Safety, Medical Devices etc., and these alerts will be cascaded to relevant parts of the NHS to ensure patient safety and protection.
Categories of personal data
The data received by NHS England includes a record for each Alert including (if relevant) patient or staff name, NHS Number and other personal details, including relevant healthcare records and information about the Alert, including others involved or potentially impacted by the Alert.
Categories of recipients
Alerts can be cascaded throughout the NHS, and are directed, on a necessary and proportionate bases, to any relevant team within (or outside) NHS England. When Alerts are sent to relevant people they may include action to be taken, or raise awareness of potential harm to which staff need to be aware.
Legal basis for processing
For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) ‘…exercise of official authority…’. For the processing of special categories data the basis is Article 9(2)(h) ‘…health or social care…’.