Fair Processing Notice
This notice reminds you of your rights under the Data Protection Act 1998 and tells you how NHS Norwich Clinical Commissioning Group (CCG) processes information about you. We only use your information for lawful purposes in order for us to administer our business effectively.
We will use limited information about individual patients when validating invoices received for healthcare provided, to ensure the invoice is accurate and genuine. This will be performed in a secure environment and will be carried out by a limited number of authorised staff, these activities and all identifiable information will remain within a CEfF (Controlled Environment for Finance) approved by NHS England.
Risk Stratification is a process that helps your family doctor (GP) help you manage your health. By using selected information from your health records, including from NHS Trusts and your GP practice, a secure NHS computer system will look at recent treatments you have had in hospital or in the surgery and any existing health conditions that you have. This will help your doctor judge if you are likely to need more support and care from time to time. The team at the surgery will use this information to help you get early care and treatment where it is needed.
Risk stratification is used in the NHS to
- help decide if a patient is at greater risk of suffering a particular condition
- prevent an emergency admission to hospital
- identify if a patient needs medical help to prevent a health condition from getting worse.
The information will only be seen by qualified health workers involved in your care. NHS security systems will protect your health information and maintain confidentiality at all times.
Laws exist to prevent the unlawful processing of patient data. We will only use data which does not identify individuals. Where it is not possible to use completely anonymous data, non-identifiable information such as your NHS Number will be used instead.
Our Clinical Commissioning Group carries out this work via a contract with the North East London (NHS) Commissioning Support Unit which has been granted a legal basis for processing data in this way and which operates under strict controls to prevent your information from being re-identified.
Should you have any concerns about how your information is managed at the surgery or if you wish to opt out please contact the Practice Manager to discuss how the disclosure of your personal information can be limited.
NHS Norwich CCG is constantly looking at new ways in which to support its GPs local health community this can involve using alternative care providers such as volunteers and charitable organisations. Only those who are directly involved in supporting your care will be able to access your identifiable information. The CCG ensures that any agencies or support organisations used in this way have a contract to allow them to carry out this work and ensuring they fully understand and maintain the confidentiality of your information at all times.
Security of information
Information held about you, whether on paper or computerised, is protected from unauthorised access. NHS Norwich CCG has an IT Security and Information Governance policy. www.norwichccg.nhs.uk
Consent for sharing information
We will not publish any information that identifies you or routinely disclose any information about you without your express permission.
There may be circumstances where we are bound to share information about you owing to a legal obligation, such as telling authorities about the birth of a child.
Anyone who receives information from us is also under a legal duty to keep this information confidential.
What are my records used for?
The people caring for you use your information (paper or electronic) to provide treatment, to check the quality of your care, to help you make good decisions about your health and to investigate complaints, claims and commissioning purposes. We sometimes use your information to:
- Check the quality of care we provide to everyone (a clinical audit)
- Protect the health of the general public
- Monitor how we spend public money
- Train healthcare workers
- Carry out research
- Help the NHS plan for the future.
From time to time the CCG uses patient data to analyse the health of a population. This is required for the commissioning of health services to our local population, or to help target preventive care to certain patients.
If we use your information for these reasons, we will remove your name and other details which could identify you. If we need the information in a way that identifies you, we will ask you first.
Access to your information
The Data Protection Act 1998 gives you the general right to apply to see or to be given a copy of personal data held about you.
Maximum fees for access and providing copies are set down by law. For further information please contact the NHS Norwich CCG Corporate Governance Manager.
If you believe NHS Norwich CCG has not complied with the Act, either in responding to a request or in the way we process your personal information, and if you are not satisfied with the response from the CCG Corporate Governance Manager, you should contact the CCG’s Senior Information Risk Owner (SIRO).
You always have the right to complain to, appeal to or raise your concerns with the Information Commissioner by writing to:
Information Commissioner Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Enquiry Line: 01625 545700
This notice does not give a full explanation of the law. If it doesn’t answer your questions or you would like more detailed information, contact the Office of the Information Commissioner.
Should you wish to know more about any information that is held about you as a patient, please contact your local health care provider.
For further information and help with Information Governance, please contact:
Corporate Governance Manager, NHS Norwich Clinical Commissioning Group Room 201, City Hall St Peters Street Norwich NR2 1NH