Everyone working for the NHS must keep information about you confidential.
All NHS organisations follow the principles and values set out in the NHS Constitution when using and sharing personal information.
How the CCG uses your information
Information about your health and care is confidential and not routinely shared with the CCG for direct health care purposes. However we may, on occasion, need to access and use certain personal information if, for example, we are involved in helping you resolve a complaint or you need to be assessed for continuing health care purposes.
We will only use information about you in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, the Human Rights Act 1998 and the common law duty of confidentiality.
In order to effectively commission health services in East and North Hertfordshire we need to use anonymised data about the local population. Accurate and relevant information is essential when planning your health services and conducting research.
We do not share personal information about you with other organisations without your permission. However, there may be circumstances where we are required by law to report certain information to the appropriate authorities, for example, to protect vulnerable children and adults from harm or to prevent fraud.
In such cases, permission to share must be sought from our Caldicott Guardian, Jane Kinniburgh, who is responsible for ensuring confidential patient information is protected. We are obliged to tell you when we share your information, unless doing so puts you or others at risk of harm.
In exceptional circumstances the Secretary of State can also issue a notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) to require organisations to process confidential patient information for specific purposes set out in Regulation 3(1) of COPI. The Secretary of State has issued such a notice to Health Service organisations to process confidential patient information where the information to be processed is required for a COVID-19 purpose and will be processed solely for that COVID-19 purpose in accordance with Regulation 7 of COPI. This notice was first issued on 1st April 2020 and, at the current time, will expire on 31 March 2021, unless it is reviewed and extended on or before this date.
The above notice provides more detail on how and why information is used by our organisation for purposes beyond your individual care and the legal basis to use this information. To find out more about the national data opt-out or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. Our organisation is currently compliant with the national data opt-out policy.
Advice on how to make a Freedom of Information (FOI) request is available here.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) was developed to update and harmonise data privacy laws across Europe by standardising definitions and addressing legal uncertainty and public perception that their data is at risk. GDPR protects an individual’s fundamental rights and freedoms, in particular, the “Right to the Protection of Personal Data.”