If you have any questions, complaints or concerns about how we use your information, please contact us at:
NHS Southend Clinical Commissioning Group
5-15 Harcourt Avenue Southend on sea
Tel: 01702 314299
Below is supplementary information to “drill down” to:
Below are links to more information about your rights and the ways that the NHS uses personal information:
NHS Digital Guide to confidentiality in health and social care.
The National Data Guardian’s Panel – the panel advising the Secretary of State on information governance matters across the health and social care system. Includes links to the Independent Information Governance Review conducted in 2012 and the Government’s response.
Section 251 and the Confidentiality Advisory Committee, who provide independent expert advice to the HRA (for research applications) and the Secretary of State for Health (for non- research applications) on whether applications to access patient information without consent should or should not be approved.
The Information Commissioner (the Regulator for the Data Protection Act 1998, who can offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information)
View the records management code of practice.
Below are some key definitions of terms used within this notice:
Personal Data – Data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of the CCG (for example, name, address, date of birth, NHS Number)
Sensitive Personal Data (in the context of the NHS)– Data consisting of information as to an individual’s physical or mental health or condition
Pseudonymised Data – Pseudonymisation is a technical process that replaces identifiable information such as a NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual patient to those working with the data
Anonymised Data – Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place.
Aggregated Data – the consolidation of data relating to multiple individuals, and therefore the data cannot be traced back to a specific individual.
Anonymised Patient Level Data – Activity level data which has had identifiers removed so as to render it anonymous.
Primary Care Data – primary care refers to the work of health professionals who act as a first point of contact for patients such as GP’s and pharmacists, primary care data is therefore data collected within GP Practices, dental practices, community pharmacies and high street optometrists.
Secondary Care Data – secondary care is the health care provided by specialists who generally do not have first contact with patients, it includes hospital care, community care and mental health care, secondary care data is therefore data collected by hospital, mental health and community services.
Data Protection Statement
Southend CCG is a ‘Data Controller’ under the Data Protection Act 1998. This means we are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles. We must also tell the Information Commissioner about all of our data processing activity. Our registration number is ZA008459 and our registered entry can be found on the Information Commissioner’s website.
All of our staff receive training to ensure they remain aware of their responsibilities. They are obliged in their employment contracts to uphold confidentiality, and may face disciplinary procedures if they do not do so. A limited number of authorised staff have access to personal data where it is appropriate to their role.
We have entered into contracts with other organisations to provide Information Technology (IT) services for us. These organisations are: (e.g.)
- North East London Commissioning SupportUnit
This includes holding and processing data including patient information on our behalf, and providing human resources services for our staff. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure. We are responsible for making sure that staff in those organisations are appropriately trained and that procedures are in place to keep information secure and protect privacy. These conditions are written into legally binding contracts, which we will enforce if our standards of information security are not met and confidentiality is breached.
We will not share, sell or distribute any of your personal information to any third party (other person or organisation) without your consent, unless required by law. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with the requirements of the Data Protection Act (Principle 8).