NHS Lincolnshire Clinical Commissioning Group (CCG) may hold some information about you. This document outlines the lawful basis on which we process information, how that information is used, who we may share that information with and how we keep it secure.
This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. The CCG is required to have a Data Protection Officer and for NHS Lincolnshire CCG this is Judith Jordan, NHS Arden & Greater East Midlands Commissioning Support Unit (AGEM CSU).
Any enquiries about our use of your personal data should be addressed to firstname.lastname@example.org or c/o Data Protection Officer, NHS Lincolnshire Clinical Commissioning Group, Bridge House, The Point, Lyons Way, Sleaford, Lincolnshire NG34 8GG or email: email@example.com
We keep our Privacy Notice under regular review. This Privacy Notice was last reviewed on 30th March 2020.
1- What we do
Our CCG is responsible for planning, buying and monitoring (also known as commissioning) health services from healthcare providers such as hospitals and GP practices for our local population to ensure the highest quality of healthcare. We also have a performance monitoring role of these services, which includes responding to any concerns from our patients on services offered.
2- How we use your information
Our CCG holds some information about you and this document outlines the lawful basis on which we process information, how that information is used, who we may share that information with, how we keep it secure (confidential) and what your rights are in relation to this.
3- What kind of information we use?
We use the following types of information/data:
4- What do we use anonymised data for?
We use anonymised data to plan health care services. Specifically we use it to:
5- What do we use your special category (previously known as sensitive category) and personal information for?
There are some limited exceptions where we may hold and use special category and personal information about you. For example the CCG is required by law to perform certain services that involve the processing of special category personal information.
6- Do you share my information with other organisations?
We commission a number of organisations (both within and outside the NHS) to provide healthcare services to you. We may share anonymised statistical information with them for the purpose of improving local services, for example understanding how health conditions spread across our local area compared against other areas.
7- Datasets accessed by the CCG
GP Data and Secondary Uses Service (SUS) data (in-patient, out-patient and A&E) may be de-identified and linked so that it can be used by us to improve healthcare and development and monitor NHS performance. Where data is used for these statistical purposes, stringent measures are taken to ensure individual patients cannot be identified.
8- Currently, the external data processors we work with are:
• AGEM CSU and
9- Paying Invoices – invoice validation
The validation of invoices is undertaken in line with NHS requirements to ensure that the CCG is paying for treatments relating to its patients only. The CCG receives identifiable data into its Controlled Environment for Finance (CEfF) to securely support the invoice validation process.
10- What are your rights?
Where information from which you can be identified is held, you have the right to ask to:
11- What safeguards are in place to ensure data that identifies me is secure?
We only use information that may identify you in accordance with the Data Protection Act 2018. The Data Protection Act requires us to process personal data only if there is a lawful basis for doing so and that any processing must be fair and lawful.
12- How long do you hold confidential information for?
All records held by the CCG will be kept for the duration specified in the NHS national guidance “Records Management Code of Practice for Health and Social Care 2016”.
13- Gaining access to the data we hold about you
The CCG does not directly provide health care services and therefore does not hold personal healthcare records. If you wish to have sight of, or obtain copies of your of your own personal health care records please apply to your GP Practice, the hospital or NHS organisation which provided your health care.
14- What is the right to know?
The Freedom of Information Act 2000 (FOIA) gives people a general right of access to information held by or on behalf of public authorities, promoting a culture of openness and accountability across the public sector.
15- What sort of information can I request?
You can request any information that we hold, that does not fall under an exemption.
16- How do I make a request for information under the Freedom of Information Act?
Your request must be made in writing and can be either posted or emailed to those who manage the service on behalf of the CCG, at the address details below:
17- For independent advice about data protection, privacy, data sharing issues and your rights you can contact the Information Commissioner’s Office.
During the coronavirus pandemic, where possible, you are asked to contact the ICO office via https://ico.org.uk/global/contact-us/
18- Website technical details
Forms We do use electronic forms on our website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. We also aim to use secure forms where appropriate, in compliance with EU legislation.
19- Data retention policy
Our platform operates with a clear data retention policy in order to comply with the Privacy Enhancing Technology guidance from the Information Commissioner. This means that data has predefined time limits for storage and is only retained by the system for as long as it is considered useful.
20- Server statistics
Like almost all websites, we have access to server statistics which provide aggregate statistics on bandwidth and server load. This load data is used to manage bandwidth effectively and for billing purposes.