Contact us and further information

on . Posted in Fair processing notice

If you have any questions, complaints or concerns about how we use your information, please contact us at:

NHS Southend Clinical Commissioning Group

Harcourt House

5-15 Harcourt Avenue Southend on sea


Tel: 01702 314299


Below is supplementary information to “drill down” to:

Further information

Below are links to more information about your rights and the ways that the NHS uses personal information:

The NHS Care Record Guarantee and the NHS Constitution, which govern the way in which the NHS uses patient confidential information

NHS Digital Guide to confidentiality in health and social care.

The National Data Guardian’s Panel – the panel advising the Secretary of State on information governance matters across the health and social care system. Includes links to the Independent Information Governance Review conducted in 2012 and the Government’s response. 

Section 251 and the Confidentiality Advisory Committee, who provide independent expert advice to the HRA (for research applications) and the Secretary of State for Health (for non- research applications) on whether applications to access patient information without consent should or should not be approved.

NHS England advice for CCGs and GPs on information governance and risk stratification.

The Information Commissioner (the Regulator for the Data Protection Act 1998, who can offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information)

View the records management code of practice


Below are some key definitions of terms used within this notice:

Personal Data – Data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of the CCG (for example, name, address, date of birth, NHS Number)

Sensitive Personal Data (in the context of the NHS)– Data consisting of information as to an individual’s physical or mental health or condition

Pseudonymised Data – Pseudonymisation is a technical process that replaces identifiable information such as a NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual patient to those working with the data

Anonymised Data – Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place.

Aggregated Data – the consolidation of data relating to multiple individuals, and therefore the data cannot be traced back to a specific individual.

Anonymised Patient Level Data – Activity level data which has had identifiers removed so as to render it anonymous.

Primary Care Data – primary care refers to the work of health professionals who act as a first point of contact for patients such as GP’s and pharmacists, primary care data is therefore data collected within GP Practices, dental practices, community pharmacies and high street optometrists.

Secondary Care Data – secondary care is the health care provided by specialists who generally do not have first contact with patients, it includes hospital care, community care and mental health care, secondary care data is therefore data collected by hospital, mental health and community services.

Data Protection Statement

Southend CCG is a ‘Data Controller’ under the Data Protection Act 1998. This means we are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles. We must also tell the Information Commissioner about all of our data processing activity. Our registration number is ZA008459 and our registered entry can be found on the Information Commissioner’s website.

All of our staff receive training to ensure they remain aware of their responsibilities. They are obliged in their employment contracts to uphold confidentiality, and may face disciplinary procedures if they do not do so. A limited number of authorised staff have access to personal data where it is appropriate to their role.

We have entered into contracts with other organisations to provide Information Technology (IT) services for us. These organisations are: (e.g.)

  • North East London Commissioning SupportUnit
  • PIBenchmark

This includes holding and processing data including patient information on our behalf, and providing human resources services for our staff. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure. We are responsible for making sure that staff in those organisations are appropriately trained and that procedures are in place to keep information secure and protect privacy. These conditions are written into legally binding contracts, which we will enforce if our standards of information security are not met and confidentiality is breached.

We will not share, sell or distribute any of your personal information to any third party (other person or organisation) without your consent, unless required by law. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with the requirements of the Data Protection Act (Principle 8).

Sharing Information

on . Posted in Fair processing notice

Other NHS organisations

There may be circumstances where it is necessary to share information about you with other authorities, for example, when required by law, court order or where there are specific concerns about a vulnerable adult or child or to report a notifiable disease.

National services

There are national services such as the National Cancer Screening Programme that collect and hold information from across the NHS in order to contact you about services such as cervical, breast or bowel cancer screening.

Although these services are beneficial to your health and wellbeing, often you have the right not to allow these organisations to have your information.

If you have any concerns please contact your GP Practice, or see the “Your Rights” section for further information.

You can find out more about how the NHS holds and shares your information for national programmes on the NHS Choices website.

Health research

Your GP Practice may work with researchers who work with patients to help them with their research. If your GP thinks you may be suited to a research programme, they will contact you to ask if you would like to participate. Your GP Practice will never pass on your personal details to a researcher without your knowledge and consent.

Your rights

You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal information we hold about you. You have the right to privacy and to expect the NHS to keep your information confidential and secure.

You also have a right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. These commitments are set out in the NHS Constitution.

If you do not want your personal information being shared and used for purposes other than your care and treatment, then you should contact the GP Practice you are registered with and ask for further information about how to register your objections. This should not affect the care and treatment you receive. See section on Patient Control of Information for further details

If you wish to know what personal information the CCG holds about you, or to request access to that information, then please contact us.

To protect your confidentiality, you will have to provide proof of who you are and a charge for the service may apply.

All information held by the CCG is governed by the CCG’s information lifecycle management policy and is held, retained and destroyed in line with the Records Management Code of Practice for Health and Social Care (see link under further information below).

Patient control of information

You may want to prevent confidential information about you from being shared or used for any purpose other than providing your care.

There are two choices available to you:

  • You can object to information about you leaving a GP Practice in an identifiable form for purposes other than your direct care, which means confidential information about you will not be shared with the CCG, NHS Digital or other organisation for any non- direct care purpose. This is referred to as a 'type 1' objection; Inaddition
  • You can object to information about you leaving NHS Digital in identifiable form, which means confidential information about you will not be sent to anyone outside NHS D. This is referred to as a 'type 2'objection.

Information from other places where you receive care, such as hospitals and community services is collected nationally by NHS Digital.

If you do not want information that identifies you to be shared outside your GP practice and/or NHS Digital, please speak to a member of staff at your GP practice to ask how to “opt- out”.

The Practice will add the appropriate code to your records to prevent your confidential information from being used for non-direct care purposes. Please note that these codes can be overridden in special circumstances required by law, such as a civil emergency or public health emergency.

In both cases, it is still necessary for NHS Digital to hold information about you in order to ensure data is managed in accordance with your expressed wishes. Please see “Patient Objections Management” on the NHS Digital website for further information.

If you have questions about this, please speak to staff at your GP practice or check the NHS Digital website.

How GP Practices use information about your health and care

on . Posted in Fair processing notice

Your GP keeps information about your health and the care and treatment you receive in your health record. This information is used by your doctor, nurse and other healthcare professionals to assess your health and, together with you, decide the appropriate care for you.

With your agreement, your GP may refer you to other services such as community care, Out of Hours or hospital. Your GP will share information about you only with the healthcare professionals involved in providing your care. Other services and health care providers will normally tell your GP surgery about the treatment they provide you and your GP or nurse will include this in your record. Further details can be found below in the section on Sharing & Consent

You have the right to see information your GP practice holds about you. They may charge for this. Please ask them about this

It may also be necessary to share your information with non-NHS services or health providers but only in accordance with the rights of the individual and statutory obligations or by law

Your Health Record

Your health record may be held in different formats, hand written (manual record) or held on computer (electronic). Collectively known as your “health record”, this will include;

  • personal information, i.e. your address, date of birth and NHSnumber
  • yourhealth
  • history
  • contacts you have had with healthcare services, i.e. clinic visits, doctors’ appointments, hospitaladmissions
  • notes, reports and decisions about your treatment andcare
  • results of tests, i.e. X-rays, blood tests or scans

And may also include:

  • information from other health professionals, relatives orcarers
  • information from social care services if they have been involved with yourcare
  • information about close relatives where there is a family history of a particular condition
  • Other information relevant to your health and wellbeing e.g. personal, family or work issues etc.

Your care providers will endeavour to ensure that your health record is kept up-to-date, accurate and secure and appropriately accessible to those providing your care and treatment.

How you can access your information

You have a right to see your health record.

An application to access your health record is known as a Subject Access Request.

Your GP Practice will be able to provide you with information about how to make a request, but generally:

  • Your request must be made in writing to the records manager at your health centre, GP Practice or health professional in charge of yourcare.
  • You will need to provide details to enable them to verify your identify and locate your healthrecords.
  • It will assist those responsible for providing you with access if you are able to specify what it is within your record you want tosee.
  • There may be a charge to have a printed copy of the information held about you (maximum cost£50).
  • Facilities may be available to allow you to view parts of your health record via computer.
  • It is important that you are aware there may be circumstances when information within your health record may be limited or withheld, for example, when it is in reference to a third party or where there is a concern that access would be harmful for your well-being or the well-being ofothers.

Visit the Information Commissioner’s website for further information about your rights and how to request your personal information. 

Sharing information with our partners

on . Posted in Fair processing notice

We have entered into a contract with PI Benchmark to provide analytical services for risk stratification and commissioning services to the CCG and our member practices.  We have also entered into a contract with Boston Consulting Group to provide some analytical services for commissioning to the CCG. Boston Consulting Group receives anonymised patient level data to carry out this service.

PI Benchmark and Boston Consulting Group are subject to the exact same legal rules and conditions for keeping personal information confidential and secure. These conditions are set out in contracts and data sharing agreements, which specify what the information is to be used for and what they are required to do to keep it safe and protect privacy.

Sharing information with other organisations

We will only share anonymised statistical information (information that cannot be tracked back to an individual) with other NHS and partner organisations to help them improve local services, carry out research or audits, and improve public health.

We would not ordinarily share information about you unless you have given your permission. There may however be circumstances where we are required by law to report certain information to the appropriate authorities. This may be to prevent fraud, protect children and vulnerable adults from harm, or where a formal court order has been served requiring us to do so.

In these cases, permission to share must be given by our Caldicott Guardian, who is the senior person in the CCG responsible for ensuring the protection of confidential patient and service user information. We are obliged to tell you that we have shared your information unless doing so would put you or others at risk of harm.


Everyone working for the NHS has a legal duty to keep information about you confidential.

The NHS Care Record Guarantee is a commitment that all NHS organisations (and other organisations which provide NHS-funded care) will use your records in ways that respect your rights and promote your health and wellbeing.

The NHS Constitution establishes the principles and values of the NHS in England. It provides a summary of your legal rights and contains pledges that the NHS is committed to achieve, including certain rights and pledges concerning your privacy and confidentiality.

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of a patient information and enabling appropriate information-sharing. Each NHS organisation is required to have a Caldicott Guardian.

The Caldicott Guardian for Southend CCG is Matt Rangue, please see the Contact Us section below for contact details.

How the CCG uses your information

on . Posted in Fair processing notice

There may be times when we need to hold and use certain information about you, for example:

  • if we are involved in helping you to resolve a complaint with your GP or other NHS serviceprovider;
  • if we fund specialised treatment for you for a particular health condition that is not covered in our localcontracts;
  • if you are a member of our patient participation group, or have asked us to keep you up to date about our work and involved in our engagement and publicconsultations,

The information we hold about you personally will therefore be with your knowledge and consent.

There may be times when we need to hold and use certain information for purposes such as:

  • determining the general health needs of thepopulation
  • ensuring that our services meet future patientneeds
  • teaching and training healthcareprofessionals
  • investigating complaints, legal claims,etc.
  • conducting health research anddevelopment.
  • preparing statistics on NHSperformance
  • auditing NHS accounts andservice
  • paying your health careprovider

If you do have any concerns about us holding your personal information, then please tell us and we can explain the way this may affect our ability to help and discuss alternative arrangements available to you.

All information held by the CCG is governed by the CCG’s information lifecycle management policy and is held, retained and destroyed in line with the Records Management Code of Practice for Health and Social Care (see link under further information below).

Invoice validation

Invoice validation is an important process. It involves using your NHS number to check that we are the CCG that is responsible for paying for your treatment. We can also use your NHS number to check whether your care has been funded through specialist commissioning, which NHS England will pay for. The process makes sure that the organisations providing your care are paidcorrectly.

There is currently s251 support in place for the CCG to be able to receive personal data to enable this work to take place.

Risk stratification

Risk stratification is a process GPs use to help them to identify and support patients with long-term conditions and to help prevent un-planned hospital admissions or reduce the risk of certain diseases developing such as type 2 diabetes. This is called risk stratification for case-finding.

The CCG also uses risk stratified data to understand the health needs of the local population in order to plan and commission the right services. This is called risk stratification for commissioning.

Risk stratification tools use historic information about patients, such as age, gender, diagnoses and patterns of hospital attendance and admission collected by NHS Digital from NHS hospitals and community care services. This is linked to data collected in GP practices and analysed to produce a risk score.

There is currently s251 support in place for the CCG to be able to receive data with the NHS Number as an identifier from both NHS DIGITAL and your GP Practice to enable this work to take place. The Data is sent directly into a risk stratification tool from NHS Digital/GP Practices to enable the data to be linked and processed as described above. Once the data is within the tool CCG staff only have access to anonymised or aggregated data.

GPs are able to identify individual patients from the risk stratified data when it is necessary discuss the outcome and consider preventative care. Where the risk stratification process has

linked GP data to health data obtained from other sources i.e. NHS Digital or other health care provider, the GP will ask for your permission to access the details of that information

How we use information provided by NHS Digital

We use information collected by NHS Digital from healthcare providers such as hospitals, community services and GPs, which includes information about the patients who have received care and treatment from the services that we fund.

The data we receive does not include patients’ names or home addresses, but it may include information such as your NHS number, partial postcode (first 4 digits only), age, ethnicity and gender as well as coded information about your visits to clinics, Emergency Department, hospital admissions and other NHS services.

The Secretary of State for Health has given limited permission for us (and other NHS commissioners) to use certain confidential patient information when it is necessary for our work and whilst changes are made to our systems that ensure de-identified information is used for all purposes other than direct care. This approval is given under Regulations made under Section 251 of the NHS Act 2006 and is based on the advice of the Health Research.

Authority’s Confidentiality and Advisory Group.

In order to use this data, we have to meet strict conditions that we are legally required to follow, which includes making a written commitment to the NHS DIGITAL that we will not use information in any way that would reveal your identity. These terms and conditions can be found on the NHS DIGITAL website.

Within Essex, the 7 Clinical Commissioning Groups work collaboratively to assess the need for services, and to work together in procuring, negotiating and managing contracts with Hospitals, Mental Health Providers and Community Health Providers. This collaboration is known locally as a Host and Associate Agreement and requires the Host CCG to receive data, including your NHS Number or postcode, but never both, as well as coded information about your visits to clinics, Emergency Departments, hospital admissions and other NHS

services. The information that is shared between the CCGs is governed by the regulations under section 251 mentioned above.

For further information, please see the contact us section. 

More Articles ...