- What information do we collect about you?
- What types of personal data do we handle?
- How will we use information about you?
- Sharing your information
- Retaining information
- Security of your information
What information do we collect about you?
We only collect and use your information for the lawful purposes of administering the business of NHS England. These purposes include:
- Accounting and Auditing
- Accounts and records
- Advertising, marketing & public relations
- Consultancy and Advisory services
- Crime prevention and prosecution of offenders
- Health administration and services
- Information and databank administration
- Sharing and matching of personal information for national fraud initiative
- Staff administration
What types of personal data do we handle?
We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our services, and to support and manage our employees. We also process personal information about health care professionals that deliver services throughout the NHS.
We also use information to support and monitor the health services commissioned in England to enable the delivery of high quality healthcare. This type of information will usually be provided to NHS England in an aggregate or anonymised form, so that we cannot identify an individual.
The types of personal information we use include:
- personal details such as names, addresses, telephone numbers
- family details for example next of kin details
- education, training, mostly frequently of clinicians such as GPs
- employment details, for example for those that work for us either directly or are commissioned by us to provide a service
- financial details, where we provide payment for services or access to funds for individual patients
- services, for example details of the services access or offered by providers
- lifestyle and social circumstances
- visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security
- details held in the patient’s record, where we hold or manage the patient’s record
- responses to surveys, where individuals have responded to surveys about healthcare issues
We also process sensitive classes of information that may include:
- racial and ethnic origin
- offences (including alleged offences), criminal proceedings, outcomes and sentences
- trade union membership
- religious or similar beliefs
- employment tribunal applications, complaints, accidents, and incident details
This information will generally relate to our staff, covered by the Privacy Notice for Staff, or for those health care professionals we manage.
In terms of patient information, information may include:
- physical or mental health details
- sexual life
How will we use information about you?
Your information is used to run and improve the NHS in England. It may be used to:
- Check and report on how effective NHS England and the services it commissions has been
- Ensure that money is used properly to pay for the services it provides
- Investigate complaints, legal claims or important incidents
- Make sure that NHS England gives value for money
- Make sure services are planned to meet patients’ needs in the future
- Review the care given to make sure it is of the highest possible standard
- To manage specialised services that NHS England commissions
- To improve the efficiency of healthcare services, by sharing information with other organisations (sometimes non-NHS) for a specific, justified purpose and approved by NHS England’s Caldicott Guardian.
We may keep your information in written form or on a computer. Whenever possible all information that identifies you will be removed.
NHAIS: Fair processing notice
NHS England are Data Controllers for the NHAIS system. This system holds personal details of all patients registered with GP in England and Wales. There are also links to similar systems in Scotland, IoM, and Northern Ireland.
The information held in these systems is primarily used for healthcare purposes, but may also be used for other non-healthcare related purposes, and shared with other statutory bodies/organisations to enable them to fulfil their statutory obligations.
The information will only be shared with other organisations where there is a statutory obligation to do so, or with the agreement of NHS England’s Caldicott Guardian.
For more information, please contact NHS England’s Corporate Information Governance Team: firstname.lastname@example.org
Sharing your information
There are a number of reasons why we share information. This can be due to:
- Our obligations to comply with current legislation
- Our duty to comply with a Court Order
- You have consented to disclosure
NHS England is responsible for protecting the public funds it manages. To do this we may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
We will only retain information for as long as necessary. Records are maintained in line with the NHS England retention schedule which determines the length of time records should be kept.
Everyone working for the NHS is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.