Purposes for processing
The seasonal flu programme is a long-established and successful vaccination programme that is proven to save lives and deliver a cost-effective prevention programme, along with reducing pressures on NHS services during the winter.
The annual vaccination programme is a critical element of the system-wide approach for delivering robust and resilient services throughout the year.
The service is offered to patients who are particularly susceptible to the flu because of their health condition, age or because they are pregnant. This year people aged 50 years or over and children aged 2 years to those in school year 6 are invited to attend for vaccination.
For the purposes of the 2020 National Flu Vaccination Programme, NHS England has put in place a centralised service system to invite people to book an appointment with their GP or a pharmacy to have a vaccination. The system creates mailing lists and automatically send letters to groups of people selected because of their health condition or age.
The system makes a record of patients that have been vaccinated, and using this information sends reminder letters to people that have been invited for vaccination but have not been vaccinated.
The system will send text or email reminders to people who have recorded their communications preference on the My NHS Communications web site. The option to this is presented in the invitation letters.
We use the information recorded in the system to monitor the effectiveness of the programme and take any actions needed to improve the service.
Categories of personal data
The information we will process for these purposes includes:
- names and addresses
- the patients registered GP Practice
- information about people’s health condition that make them potentially susceptible to flu.
Sources of the data
We obtain names and addresses and GP registration information from the Primary Care Registration Management Service that NHS Digital manages as a processor for NHS England.
We obtain the information about health conditions and other factors that can make people vulnerable to the flu from NHS Digital who collect it from GP Practices, acting under directions from the Secretary of State for Health and Social Care.
We receive information about vaccinations given from GP Practices, pharmacies and other vaccination centres. This is so that we can send out reminder letters, inform GPs for them to update their records, and monitor the progress of the vaccination programme.
Categories of recipients
The system sends information to GP practices so that they can update their records about vaccinations that their patients have received at pharmacies or other vaccination centres.
Legal basis for processing
For GDPR purposes NHS England’s lawful basis for processing is Article 6(1)(e) – ‘…exercise of official authority…’; and
For the processing of special categories (health) data the basis is 9(2)(h) – ‘…health or social care…’, and 9(2)(i) – ‘…public health purposes…’.