Your information

What information do we collect about you?

We only collect and use your information for the lawful purposes of administering the business of NHS England. These purposes include:

  • Accounting and Auditing
  • Accounts and records
  • Advertising, marketing & public relations
  • Consultancy and Advisory services
  • Crime prevention and prosecution of offenders
  • Education
  • Health administration and services
  • Information and databank administration
  • Research
  • Sharing and matching of personal information for national fraud initiative
  • Staff administration

Back to the top

What types of personal data do we handle?

We process personal information to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our services, and to support and manage our employees. We also process personal information about health care professionals that deliver services throughout the NHS.

We also use information to support and monitor the health services commissioned in England to enable the delivery of high quality healthcare. This type of information will usually be provided to NHS England in an aggregate or anonymised form, so that we cannot identify an individual.

The types of personal information we use include:

  • personal details such as names, addresses, telephone numbers
  • family details for example next of kin details
  • education, training, mostly frequently of clinicians such as GPs
  • employment details, for example for those that work for us either directly or are commissioned by us to provide a service
  • financial details, where we provide payment for services or access to funds for individual patients
  • services, for example details of the services access or offered by providers
  • lifestyle and social circumstances
  • visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security
  • details held in the patient’s record, where we hold or manage the patient’s record
  • responses to surveys, where individuals have responded to surveys about healthcare issues

We also process sensitive classes of information that may include:

  • racial and ethnic origin
  • offences (including alleged offences), criminal proceedings, outcomes and sentences
  • trade union membership
  • religious or similar beliefs
  • employment tribunal applications, complaints, accidents, and incident details

This information will generally relate to our staff, covered by the Privacy Notice for Staff, or for those health care professionals we manage.

In terms of patient information, information may include:

  • physical or mental health details
  • sexual life

Back to the top

How will we use information about you?

Your information is used to run and improve the NHS in England. It may be used to:

  • Check and report on how effective NHS England and the services it commissions has been
  • Ensure that money is used properly to pay for the services it provides
  • Investigate complaints, legal claims or important incidents
  • Make sure that NHS England gives value for money
  • Make sure services are planned to meet patients’ needs in the future
  • Review the care given to make sure it is of the highest possible standard
  • To manage specialised services that NHS England commissions
  • To improve the efficiency of healthcare services, by sharing information with other organisations (sometimes non-NHS) for a specific, justified purpose and approved by NHS England’s Caldicott Guardian.

We may keep your information in written form or on a computer. Whenever possible all information that identifies you will be removed.

NHAIS: Fair processing notice

NHS England are Data Controllers for the NHAIS system. This system holds personal details of all patients registered with GP in England and Wales. There are also links to similar systems in Scotland, IoM, and Northern Ireland.

The information held in these systems is primarily used for healthcare purposes, but may also be used for other non-healthcare related purposes, and shared with other statutory bodies/organisations to enable them to fulfil their statutory obligations.

The information will only be shared with other organisations where there is a statutory obligation to do so, or with the agreement of NHS England’s Caldicott Guardian.

For more information, please contact NHS England’s Corporate Information Governance Team:

Back to the top

Sharing your information

There are a number of reasons why we share information. This can be due to:

  • Our obligations to comply with current legislation
  • Our duty to comply with a Court Order
  • You have consented to disclosure

NHS England is responsible for protecting the public funds it manages. To do this we may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

Back to the top

Retaining information

We will only retain information for as long as necessary. Records are maintained in line with the NHS England retention schedule which determines the length of time records should be kept.

Back to the top

Security of your information

We take our duty to protect your personal information and confidentiality seriously. We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

We have appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a ‘Caldicott Guardian’ who is responsible for the management of patient information and patient confidentiality. Deputy SIROs have also been appointed in region teams and local Caldicott Guardians have been appointed in region and area teams.

All staff are required to undertake annual information governance training and are provided with an information governance user handbook that they are required to read, understand and agree to adhere to. The handbook ensures that staff are aware of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.

Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared.

Everyone working for the NHS is subject to the common law duty of confidentiality.  Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.

Back to the top

Information for job applicants

NHS England will process information provided by applicants for the management of their application and the subsequent selection process. This involves providing details to the short-listing and selection panels. Other details are kept to help fulfil our obligations to monitor equality and diversity within the organisation and in the application process. You can find more information about the use of personal data throughout the application process.

Information will be retained on interview performance and the application in line with the retention periods of NHS England.

For more information about your application and personal data contact the Customer Contact Centre, details are included in this notice.

Applicants to roles with hosted bodies, such as Commissioning Support Units, should contact that organisation directly.

Back to the top