The below is a Model Fair Processing Notice which is used by the CCGs and published on their internet sites:
Model Fair Processing Notice
NHS [Name of CCG] Clinical Commissioning Group (CCG) treats the confidentiality of the data we hold about people living in [Name of CCG area] very seriously. This page provides an overview of the information we hold, why we hold it and how we store it securely. We are a commissioning organisation, which means we are involved in high level planning of healthcare, not the individual care of patients. However, in some instances we receive information from health and social care providers and other public sector organisations such as the police or local authorities.
You must also be aware of the following documents:
NHS Constitution – The NHS pledge to service users that it will respect you, provide opportunities for informed consent and treat your personal data with confidentiality.
Furthermore you have the right of complaint should things go wrong.
NHS Care Record Guarantee – Emphasises the rights you have to request copies of your personal data; the NHS duty to retain accurate records and how that data is protected under the Data Protection Act 1998. It requires good practice by NHS staff to discuss with you and agree what information they will keep about you. The Guarantee provides 12 commitments about the use of your personal data in line with NHS confidentiality requirements.
Your health details
Your own personal health information is only used by those who are looking after you to provide what you need as an individual patient. The CCG may use this information for Continuing Health Care; Individual Funding Requests and NHS Funded Nursing Care.
There are other circumstances, which are described below, when your patient-related information is used and held in a secure system, so your identity is protected.
This sort of information is used in a variety of ways:
1. To plan for future local healthcare needs
2. To identify patients who may be at risk of developing particular health problems The type of information shared, and how it is shared, is controlled by law and strict confidentiality rules. An example of such use is Risk Stratification where we look at the potential risk of patients developing certain health problems.
The legal basis under which the information/data was supplied
We will only use personal information when this is needed to provide your care. You will be requested when necessary to provide your consent for a specific type of healthcare.
Alternatively, it may be provided by clinicians involved in your care.
How we protect your privacy
We use security controls to protect against the loss, misuse and alteration of data used on our systems. These security controls represent best practice for data in transit and at rest and are reviewed on a frequent basis through our service provider NHS Central Southern Commissioning Support Unit.
Sharing and Usage
We will never share, sell, or rent your personal information with anyone without your
advance permission or unless ordered by a court of law. Information submitted to us is only available to employees managing this information for purposes of contacting you or sending you emails based on your request for information and to contracted service providers for purposes of providing services relating to our communications with you.
Typically your healthcare data is used as follows:
look after the health of the general public, e.g. notifying central NHS groups of outbreaks of infectious diseases
undertake clinical audit of the quality of services provided
risk profiling to identify patients who would benefit from proactive intervention
case management where the NHS offers intervention and an integrated care programme involving multiple health and social care providers
report and investigate complaints, claims and untoward incidents
prepare statistics on our performance for the Department of Health.
review our care to make sure that it is of the highest standard
Your NHS number is processed on backing invoice information to validate payment for healthcare services provided. e.g. you receive emergency treatment on holiday in the UK
The CCG is supported in a number of its functions by its service provider NHS Central Southern Commissioning Support Unit. This is an NHS organisation which operates to the same standards of data protection and information security as the CCG. We don’t process any patient data overseas.
Through sharing information ethically and lawfully the NHS is able to improve its
understanding of the most important health needs and the quality of the treatment and care provided.
Disclosure, for what purposes and associated security measures
We disclose the minimum necessary information to health and social care providers where this is necessary to provide direct patient care. We may from time to time disclose
information where there is a statutory requirement to do so, for example to assist the police in investigating certain crimes, to prevent child abuse and other such similar reasons. We communicate in the public sector using secure email systems. Where secure email
exchange isn’t possible, we encrypt outgoing information to AES256 standard. Personal information communicated in hard copy is sent via internal mail within the NHS in [name of CCG] or by secure mail.
Data Protection Act 1998
In accordance with the Data Protection Act 1998, we have a legal duty to protect any information we collect from you. We will only use your information for the purpose as described and we do not pass on your details to any third party unless you have given us permission to do so. You have a right to access your personal data and rectify any
inaccuracies. You have the right to access your information and you can request this information from:
[Name of CCG] Clinical Commissioning Group [Any Road
Anytown Anywhereshire ZZ1 2YY]
Tel: [xxxx xxxxxx]
Email: [[email protected]]