London Ambulance Service, My Clinical Feedback: Federated Data Platform (FDP) product privacy notice

Product description 

The London Ambulance Service (LAS) and NHS trusts use this product to better understand how the care you receive when you use the ambulance service helps to support your care within the LAS and in hospital, to be able to provide the best possible care to you and other patients.

What are the purposes for processing my personal data in this product?

This product processes personal information (called ‘personal data’ under data protection laws) about patients who have been or are being treated by LAS and in the hospital they have been sent to, to support the better coordination of care.

The use of the product by LAS will improve the co-ordination of care through better use of the information that the hospital and LAS hold. This will include bringing together all required information into one place to support the ongoing care and treatment provided.

What personal data about me is processed in this product?

Personal data which directly identifies you (we call this directly identifiable personal data) will be processed by NHS trusts and LAS about patients who have received treatment, for the purposes above. Data that is processed by hospitals that use this product may include your:

  • name
  • postcode
  • date of birth
  • age
  • sex
  • NHS number or hospital record number
  • racial/ethnic origin
  • health information, including information about your medical condition, symptoms, diagnosis and medication

Personal data about members of staff involved in the delivery of care may also be processed when using this product, including the names of staff involved in providing care and their email address.

Who is my personal data shared with?

Your personal data is accessed and used by health care professionals from both the hospital and LAS who are providing you with individual care and treatment.

The product will enable LAS to also share anonymous aggregated data with integrated care boards (ICBs) about the use of the product to help improve the product in the future. This is statistical counts of data that don’t identify you. It is therefore not personal data.

UK General Data Protection Regulation (GDPR) information

Controllers of your personal data

Under data protection law LAS and NHS trusts using the product are the legal controllers of your personal data. The specific NHS trusts using the product are listed on the product description page of the NHS England website.

Legal grounds for processing your personal data

The processing of personal data by NHS trusts for the purposes explained above is permitted under the following legal grounds under data protection law (this is UK GDPR and the Data Protection Act 2018 (DPA2018)):

  • Public Task – Article 6(1)(e) of UK GDPR ‘necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
  • Health CareArticle 9(2)(h) of UK GDPR ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” In addition, the legal grounds under paragraph 2 of part 1 of the DPA 2018 apply (health care purposes).

 The personal data processed about patients by the NHS trust for the purposes above is also confidential data. As the NHS trust is processing your confidential data to provide you with individual care, it is relying on your implied consent to do this, as you would reasonably expect the hospital to process your personal information this way to provide you with care. The NHS trust will keep your personal data confidential and only use and share it with other members of the care team to provide you with care, where you would reasonably expect them to, and subject to strict confidentiality controls to ensure your information remains confidential.

Processor acting on behalf of NHS trusts

The data platform contractor, Palantir Technologies UK LTD is a processor acting on behalf of the NHS trusts who are using this product. They provide the data platform and the technology that the product uses and only act on the instructions of the NHS trust.

McKinsey & Company is a processor acting on behalf of LAS to provide engineering support to enable the smooth running of the product.

Palantir also act as a sub-processor on behalf of McKinsey & Company in relation to the processing of data within this product.

Your rights under UK GDPR

You have the following rights under UK GDPR in relation to the processing of your personal data by the NHS trust for the purposes above:

  • right to be informed
  • right of access
  • right to rectify
  • right to object

Further information about these rights is in the NHS Federated Data Platform privacy notice. Your NHS trust will also have a privacy notice on its own website which will explain more about how the trust processes your personal data, your rights and how to exercise them.

Contact details for data protection officers in the NHS trusts using this product are available on the NHS England website.

Does the national data opt out or any other opt out apply to this product?

The national data opt out and type 1 opt outs do not apply to the processing of your personal data by the NHS trust for the purposes explained above. This is because the NHS trust is processing your personal data to provide you with individual care and treatment and these opt-outs don’t apply in these circumstances.

More information

For more information about how personal data is processed within the Federated Data Platform please see the NHS Federated Data Platform privacy notice.