We use anonymous information for statistical purposes to allow us to help CCGs plan the commissioning of healthcare services. Examples of this include:
For the purposes listed above, we will only use anonymised data which means that individuals can not be identified. We can only use any information that may identify individuals (known as personal information) in accordance with the Data Protection Act 1998 and other laws such as the Health and Social Care Act 2012. www.legislation.gov.uk/ukpga/1998/29/contents and www.legislation.gov.uk/ukpga/2012/7/contents/enacted.
We also have a Common Law Duty of Confidentiality to protect your information. This means that where a legal basis for using your personal or confidential information does not exist, we will not do so.
Therefore, as a commissioning support organisation we do not routinely hold medical records or confidential patient data. There are some specific areas, however, because of our responsibilities, where we do hold and use personal information. In order to process that information we will have met a legal requirement and will use only the minimum data allowed. Examples of where we have a lawful basis for using personal confidential data are as follows:
The areas where we use personal information are:
We process and share anonymised statistical information with CCGs for the purpose of improving local services, for example understanding how conditions spread across our local area compared against other areas.
We process personal data as described above and have been granted a legal basis for processing data in this way which operates under strict controls to ensure your information is handled lawfully. We are an established Accredited Safe Haven which allows us to use limited personal data lawfully for specific purposes and operate a Controlled Environment for the processing of invoices.
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff receive annual training on confidentiality of information.
We take relevant organisational and technical measures to make sure that the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, secure email systems and ensuring that mobile equipment such as laptops are encrypted.
Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian. The Caldicott Guardian for the CSU is Dr James Gossow.
You have a right in law to refuse or withdraw previously granted consent to the use of your personal information.
You are entitled to obtain a copy of the personal information held about you by the CSU. Any request to access or obtain a copy of this information will be considered under Section 7 of the Data Protection Act.
To make a request for personal information, email NECSU.IG@nhs.net or write to:Information Governance Team John Snow House University Science Park Durham DH1 3YG.