How we use information about you - Fair Processing Notice

How we use information about you - Fair Processing Notice

Who we are

NHS East and North Hertfordshire Clinical Commissioning Group (CCG) has various roles and responsibilities, but a major part of our work involves making sure that:

  • Contracts are in place with local health service providers;
  • routine and emergency NHS services are available to patients; 
  • those services provide high quality care and value for money; and 
  • paying those services for the care and treatment they have provided. 

This is called “commissioning” and is explained in more detail in the other pages on this website.

Accurate, timely and relevant information is essential for our work to help us to design and plan current and future health and care services, evidence and review our decisions and manage budgets.

We are committed to protecting your rights to confidentiality

We are committed at all times to protecting your privacy and will only use information ethically and lawfully in accordance with the General Data Protection Regulation (GDPR), Data Protection Act 2018, the Human Rights Act 1998 and the common law duty of confidentiality.

All NHS organisations have to follow the principles and values set out in the NHS Constitution when using and sharing confidential personal information. 

The following information explains why we use information, who we share it with, how we protect your confidentiality and your legal rights and choices.

We want patients to understand:

  • How the CCG uses and shares information
  • How GPs use and share your information
  • Your health record, what it contains and how you can access it
  • When you can choose to opt-out of your personal information being collected or shared and what this will mean to you.

Sharing and Consent

Your personal information will only be shared in accordance with your rights under the General Data Protection Regulation, Data Protection Act 2018, the Common Law duty of confidentiality, the NHS Constitution and in keeping with professional and NHS Codes of Practice.

The Health and Social Care Information Centre (publicly known as and referred to henceforth as NHS Digital) has published a guide to confidentiality in health and social care that explains the various laws and rules about the use and sharing of confidential information.

Safe and effective care is dependent upon relevant information being shared between all those involved in caring for a patient. When an individual agrees to being treated by the wider care team, it creates a direct care relationship between the individual patient and the health and social care professional and their team. All health and adult social care providers are subject to the statutory duty under section 251B of the Health and Social Care Act 2012 to share information about a patient for their direct care. This duty is subject to both the common law duty of confidence and the GDPR and Data Protection Act 2018.

For common law purposes, sharing information for direct care is on the basis of “implied consent”, which may also cover administrative purposes where the patient has been informed or it is otherwise within their reasonable expectations.  This means that information is shared without the individual having to give verbal or written agreement each time and only applies within the context of direct care. 

Under the GDPR the lawful basis for the processing of personal data in the delivery of direct care, and for providers’ administrative purposes, will be undertaken using Article 6(1)(e), “the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.” Personal data in relation to health are special categories of personal data and the processing of this data for direct care or administrative purposes is undertaken using Article 9(2)(h), “…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…”

In some circumstances other duties or obligations to share information outweigh confidentiality, and personal information is shared without consent, for example to ensure the safety of a child or vulnerable adult or to report a notifiable disease. 

Your information will be used in a de-identified or anonymised form for purposes other than direct care, such as statistical and analytical information needed to assist the CCG, the NHS, Department of Health and health care partners. 

Unless there is a legal basis to share your information if it is necessary to use confidential information that identifies you as an individual for a non-direct care purpose, your explicit consent will be sought before any such use or sharing takes place.  

You have the right to withhold consent or object to your information being shared, but in some circumstances this may delay or affect the care you receive. Always consult your GP or relevant health professional before deciding to withhold consent to sharing your information, as they will be able to advise you on the possible outcomes of this decision.

How the CCG uses your information

When analysing current health services and proposals for developing future services it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking:

  • Secondary care data (inpatient, outpatient and A&E) obtained from the secondary uses service (SUS);
  • Hospital and community based mental health services;
  • Community based physical health services;
  • Primary care data from GP health records.

Information about your health and care held in your health records is confidential and not routinely shared with the CCG for direct health care purposes. However, there may be times when we need to hold and use certain information about you, for example:

  • if we are involved in helping you to resolve a complaint with your GP or other NHS service provider;
  • if we fund specialised treatment for you for a particular health condition that is not routinely covered in our local contracts, and are known as Individual Funding Requests;
  • if you need to be clinically assessed for continuing health care requirements;
  • if our Pharmacy and Medicine Optimisation Team are involved in reviewing your medication;
  • if there are any vulnerable adult or children safeguarding issues;
  • if you are a member of our patient participation group, or have asked us to keep you up to date about our work and involved in our engagement and public consultations.

The information we hold about you personally for these purposes will, therefore, be with your knowledge and consent.

We may also hold identifiable information, at the level of NHS number, or use de-identified or anonymised information for non-direct health care purposes such as: 

  • determining the general health needs of the population;
  • ensuring that our services meet future patient needs;
  • teaching and training healthcare professionals;
  • investigating complaints or legal claims;
  • conducting health research and development;
  • check the quality and efficiency of the health services we commission;
  • preparing statistics on NHS performance;
  • auditing NHS accounts and service;
  • paying your health care provider.

Access to the identifiable information is strictly controlled and it is only used when it is absolutely necessary to use identifiable information. The CCG currently pseudonymises much of this information for non-direct health care purposes so that the CCG does not receive information that can be used to identify individual patients. This system is called Pseudonymisation at source, for further information please see section below. 

If you do have any concerns about us holding your personal information, then please tell us and we can explain the way this may affect our ability to help and discuss alternative arrangements available to you. 

Invoice validation

Invoice validation is an important process. In some circumstances it involves using your NHS number to check that we are the CCG that is responsible for paying for your treatment. We can also use your NHS number to check whether your care has been funded through specialist commissioning, which NHS England will pay for. The process makes sure that the organisations providing your care are paid correctly.

The legal basis to use information for invoice validation is provided under Regulations made under section 251 of the NHS Act 2006 and is based on the advice of the Health Research Authority’s Confidentiality and Advisory Group (reference CAG 7-07(a) and (b)/2013.)

Risk stratification

Risk stratification is a process GPs use to help them to identify and support patients with long-term conditions and to help prevent un-planned hospital admissions or reduce the risk of certain diseases developing such as type 2 diabetes. This is called risk stratification for case-finding and involves using your NHS number so that your GP can identify who you are. 

The CCG also uses risk stratified data to understand the health needs of the local population in order to plan and commission the right services. This is called risk stratification for commissioning and involves using pseudonymised data for this purpose.

Risk stratification tools use historic information about patients, such as age, gender, diagnoses and patterns of hospital attendance and admission collected by NHS Digital from NHS hospitals and community care services. This is sometimes linked to data collected in GP practices and analysed to produce a risk score. 

GPs are able to identify individual patients from the risk stratified data when it is necessary to discuss the outcome and consider preventative care. Where the risk stratification process has linked GP data to health data obtained from other sources i.e. NHS Digital or other health care provider, the GP will ask for your permission to access the details of that information.   

The legal basis to use information for risk stratification is provided under Regulations made under section 251 of the NHS Act 2006 and is based on the advice of the Health Research Authority’s Confidentiality and Advisory Group (reference CAG 7-04(a)/2013.)

How we use information provided by NHS Digital

We use information collected by NHS Digital from healthcare providers such as hospitals, community services and GPs, which includes information about the patients who have received care and treatment from the services that we fund. 

The data we receive does not include patients’ names or home addresses, but it may include information such as your NHS number, postcode, date of birth, ethnicity and gender as well as coded information about your visits to clinics, Emergency Department, hospital admissions and other NHS services. 

The Secretary of State for Health has given limited permission for us (and other NHS commissioners) to use certain confidential patient information when it is necessary for our work and whilst changes are made to our systems that ensure de-identified information is used for all purposes other than direct care. This approval is given under Regulations made under Section 251 of the NHS Act 2006 and is based on the advice of the Health Research Authority’s Confidentiality and Advisory Group.

In order to use this data, we have to meet strict conditions that we are legally required to follow, which includes making a written commitment to NHS Digital that we will not use information in any way that would reveal your identity. These terms and conditions can be found on the NHS Digital website.

Sharing information with our partners

We have entered into a contract with MedeAnalytics to provide analytical services for risk stratification and commissioning to the CCG and our member GP Practices. 

MedeAnalytics are subject to the exact same legal rules and conditions for keeping personal information confidential and secure. These conditions are set out in contracts and data sharing agreements, which specify what the information is to be used for and what they are required to do to keep it safe and protect privacy.

Currently MedeAnalytics receives and processes identifiable information, at the level of the NHS number only, but de-identifies the information for non-direct health care purposes using a process called pseudonymisation. We have been working closely with MedeAnalytics to develop technical systems that provide the data we and the GPs need to do our work by extracting de-identified data directly from GP and other health care systems in a ways that do not involve MedeAnalytics or the CCG using information that can identify individual patients.  

This system is called Pseudonymisation at Source, for further information please see section below.

Sharing information with other organisations

We will only share anonymised statistical information (information that cannot be tracked back to an individual) with other NHS and partner organisations to help them improve local services, carry out research or audits, and improve public health. 

We would not ordinarily share information about you unless you have given your permission. There may however be circumstances where we are required by law to report certain information to the appropriate authorities. This may be to prevent fraud, protect children and vulnerable adults from harm, or where a formal court order has been served requiring us to do so.

In these cases, permission to share must be given by our Caldicott Guardian, who is the senior person in the CCG responsible for ensuring the protection of confidential patient and service user information. We are obliged to tell you that we have shared your information unless doing so would put you or others at risk of harm. 

Pseudonymisation at Source

The CCG has been working closely with MedeAnalytics to develop systems that provide the data we and the GPs need to do our work, but in ways that do not involve MedeAnalytics or the CCG using information that can identify individual patients.  

Pseudonymisation is a technical process that replaces identifiable information such as a NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual patient to those working with the data. It allows records for the same patient from different sources to be linked to create a complete longitudinal record of that patient’s condition, history and care.

Linkage of data from different health and social care data sources is undertaken enabling the processing of data and provision of appropriate analytical support for GPs and CCGs whilst protecting the privacy and confidentiality of the patient(s).

Technical and organisational measures are in place to ensure the security and protection of information.  Robust access controls are in place to ensure only GPs are able to re-identify information about their individual patients with their consent when it is necessary for the provision of their care.

MedeAnalytics Pseudonymisation at Source system has been confirmed by the Information Commissioners Office as sufficiently de-identifying patient identifiers before it leaves the originating source to make it impossible to re-identify the individual concerned, as well as receiving approval from the Confidentiality Advisor Group who provide guidance to the Secretary of State for Health.

MedeAnalytics are looking to provide patient access to their data in the future, using the public key obtained by the individual patient through the third party, so ultimately, patients will be able to view their entire health record using this system.


Everyone working for the NHS has a legal duty to keep information about you confidential. 

The NHS Care Record Guarantee is a commitment that all NHS organisations (and other organisations which provide NHS-funded care) will use your records in ways that respect your rights and promote your health and wellbeing.

The NHS Constitution establishes the principles and values of the NHS in England. It provides a summary of your legal rights and contains pledges that the NHS is committed to achieve, including certain rights and pledges concerning your privacy and confidentiality.  

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information-sharing. Each NHS organisation is required to have a Caldicott Guardian. 

The Caldicott Guardian for NHS East and North Hertfordshire CCG is Sheilagh Reavey, Director of Nursing and Quality. 

How GP Practices use information about your health and care

Your GP keeps information about your health and the care and treatment you receive in your health record. This information is used by your doctor, nurse and other healthcare professionals to assess your health and, together with you, decide the appropriate care for you. 

With your agreement, your GP may refer you to other services such as community care, Out of Hours or hospital. Your GP will share information about you only with the healthcare professionals involved in providing your care. Other services and health care providers will normally tell your GP surgery about the treatment they provide you and your GP or nurse will include this in your record.  Further details can be found below in the section on Sharing & Consent

You have the right to see information your GP practice holds about you. Please ask them about this.

It may also be necessary to share your information with non-NHS services or health providers but only in accordance with the rights of the individual and statutory obligations or by law

Your Health Record

Your health record may be held in different formats, hand written (manual record) or held on computer (electronic). Collectively known as your “health record”, this will include;

  • personal information, i.e. your address, date of birth and NHS number;
  • your health history;
  • contacts you have had with healthcare services, i.e. clinic visits, doctors’ appointments, hospital admissions;
  • notes, reports and decisions about your treatment and care
  • results of tests, i.e. X-rays, blood tests or scans.

It may also include:

  • information from other health professionals, relatives or carers;
  • information from social care services if they have been involved with your care;
  • information about close relatives where there is a family history of a particular condition;
  • other information relevant to your health and wellbeing, e.g. personal, family or work issues. 

Your care providers will endeavour to ensure that your health record is kept up-to-date, accurate and secure and appropriately accessible to those providing your care and treatment. 

How you can access your information

Where information from which you can be identified is held, you have the right to ask to:

  • View this or request copies of the records by making a subject access request.
  • Request information is corrected.
  • Have the information updated where it is no longer accurate.
  • Ask us to stop processing information about you where we are not required to do so by law – although we will first need to explain how this may impact and affect the care you receive.

The CCG does not directly provide health care services and therefore does not hold personal healthcare records. If you wish to have sight of, or obtain copies of your of your own personal health care records you will need to apply to your GP Practice, the hospital or NHS Organisation which provided your health care.

Everybody has the right to see, or have a copy, of data we hold that can identify you. Under special circumstances, some information may be withheld.

A subject access request can be made in writing or verbally but we will need to verify who you are. For ease of use if you wish to have a copy of the information we hold about you and please complete this online form.

Further information about your rights and how to request your personal information is available on the Information Commissioner’s website 

How long do you hold information

All records held by the CCG will be kept and destroyed in line with our Records Management Policy which is available here.

Sharing Information

Other NHS organisations

There may be circumstances where it is necessary to share information about you with other authorities, for example, when required by law, court order or where there are specific concerns about a vulnerable adult or child or to report a notifiable disease. 

National services

There are national services such as the National Cancer Screening Programme that collect and hold information from across the NHS in order to contact you about services such as cervical, breast or bowel cancer screening.

Although these services are beneficial to your health and wellbeing, often you have the right not to allow these organisations to have your information.

If you have any concerns please contact your GP Practice, or see the “Your Rights” section for further information.

You can find out more about how the NHS holds and shares your information for national programmes on the NHS website

Health research

Your GP Practice may work with researchers who work with patients to help them with their research. If your GP thinks you may be suited to a research programme, they will contact you to ask if you would like to participate. Your GP Practice will never pass on your personal details to a researcher without your knowledge and consent. 

Your individual rights 

You have certain legal rights, including a right to have your information processed lawfully, fairly and in a transparent manner, and you have a right to access any personal information we hold about you. You also have the right to privacy and to expect the NHS to keep your information confidential and secure. 

You also have a right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. These commitments are set out in the NHS Constitution.

If you do not want your personal information being shared and used for purposes other than your care and treatment, then you should contact the GP Practice you are registered with and ask for further information about how to register your objections. This should not affect the care and treatment you receive.  See section on Patient Control of Information for further details

Patient control of information and Opting-Out

You can choose whether or not your confidential patient information about you is used outside of your individual care for research and planning. This is referred to as opting-out and a new national data opt-out will be introduced from 25 May 2018. If you do opt out, there are some specific situations where your data may still be used. Data that does not identify you may still also be used. Further information on the National Data Opt-out and the choices available to you are available from the national website.

If you require further information or you wish to speak to somebody to understand what impact this may have, if any, please contact us here.

To manage your choice online, you must be able to verify your identity. You can’t do this if you haven’t registered an email or mobile number with an NHS practice. If in doubt you may need to ask your GP Practice for help if you need to confirm your contact information is up to date. Alternatively, you can contact the NHS Digital Contact Centre to verify your identity and discuss your data sharing choices on 0300 303 5678.

Contact us

If you have any questions or concerns or wish to complain about how we use your information, please contact our Data Protection Officer (DPO) at:

NHS East and North Hertfordshire CCG
Charter House
Welwyn Garden City

Tel: 01707 685 000
Email: via online form

The DPO for NHS East and North Hertfordshire CCG is Sarah Feal, company Secretary.

Further information

Below are links to more information about your rights and the ways that the NHS uses personal information:

Data Protection Statement

NHS East and North Hertfordshire CCG is a ‘Data Controller’ under the GDPR and Data Protection Act 2018. This means we are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles. We must also tell the Information Commissioner about all of our data processing activity. Our registration number is Z3531739 and our registered entry can be found on the Information Commissioner’s website.

All of our staff receive training to ensure they remain aware of their responsibilities. They are obliged in their employment contracts to uphold confidentiality, and may face disciplinary procedures if they do not do so. A limited number of authorised staff have access to personal data where it is appropriate to their role. 

We have entered into contracts with other organisations to provide Information Technology (IT) services for us. These organisations include:  

This includes holding and processing data including patient information on our behalf. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure. We are responsible for making sure that staff in those organisations are appropriately trained and that procedures are in place to keep information secure and protect privacy. These conditions are written into legally binding contracts, which we will enforce if our standards of information security are not met and confidentiality is breached. 

We will not share, sell or distribute any of your personal information to any third party (other person or organisation) without your consent, unless required by law. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with the requirements of Data Protection legislation.

Last modified: 

21 May 2019