What kind of information do we use?

As a commissioner we do not routinely hold or have access to your medical records. However, we may need to hold some personal information about you, for example:

  • Your name, address, your date of birth, your NHS number and contact details
  • Details of your GP, what treatment you have received and where you received it
  • Details of concerns or complaints you have raised about your health care provision and we need to investigate
  • If you ask us for our help or involvement with your healthcare, or where we are required to fund specific specialised treatment for a particular condition that is not already covered in our contracts with organisations that provide NHS care
  • If you ask us to keep you regularly informed and up-to-date about the work of the CCG, or if you are actively involved in our engagement and consultation activities or service user/patient participation groups

Our records may include relevant information that you have told us, or information provided on your behalf by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment. Our records may be held on paper or electronically in a computer system.

We use the following types of information/data:

  • Personal – this is information containing details that identify individuals. The following are data items that are considered identifiable: name, address, NHS number, full postcode, date of birth.
  • Special categories – personal data revealing: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, sex life or sexual orientation, and health, biometric or genetic data
  • Confidential information - this term describes information or data about identified or identifiable individuals, which should be kept private or secret and includes deceased as well as living people. ‘Confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’.
  • Pseudonymised - this is data that has undergone a technical process that replaces your identifiable information such as NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual patient to those working with the data. When data has been pseudonymised it still retains a level of detail in the replaced data that should allow tracking back of the data to its original state.
  • Anonymised – this is data in a form that does not identify individuals and where identification through its combination with other data is not likely to take place.
  • Aggregated – this is statistical data about several individuals that has been combined to show general trends or values without identifying individuals within the data.

What do we use your personal confidential data for?

The CCG is required by law to perform certain services that involve the processing of personal data. The areas where we regularly use personal data include:

  • responding to your queries, compliments or concerns
  • assessment and evaluation of safeguarding concerns
  • assessments for continuing healthcare and appeals
  • where there is a provision permitting the use of personal data under specific conditions, for example to:
    • understand the local population needs and plan for future requirements, which is known as “Risk Stratification for commissioning"
    • ensure that the CCG is billed accurately for the treatment of its patients, which is known as “invoice validation”

Personal data may also be used in the following cases:

  • where necessary for your direct healthcare needs
  • we need to respond to patients, carers or member of Parliament communications
  • you have freely given your informed agreement (consent) for us to use your data for a specific purpose
  • there is an overriding public interest in using the data e.g. in order to safeguard an individual, or to prevent a serious crime
  • there is a legal requirement that will allow us to use or provide data (e.g. a formal court order).

What do we use non-identifiable data for?

We use pseudonymised, anonymised and aggregated data to plan health care services. Specifically we use it to:

  • check the quality and efficiency of the health services we commission
  • prepare performance reports on the services we commission
  • work out what illnesses people may have in the future, so we can plan and prioritise services and ensure these meet the needs of patients in the future
  • review the care being provided to make sure it is of the highest standard

Do we share your information with other organisations?