Privacy of your Information

This privacy policy explains how we use any information we collect about you, how you can tell us if you prefer to limit the use of that information and procedures that we have in place to safeguard your privacy. NHS North East London CCG’s privacy notice provides a summary of how we use your information.

For the purposes of the Data Protection Act 2018 (DPA 2018) (the “Act”);

The Data Controller is NHS North East London CCG 4th Floor – Unex Tower 5 Station Street London E15 1DA

The Data Protection Officer is Jamie Sheldrake 

Email address: jamie.sheldrake@nhs.net

Website Privacy

Your privacy is extremely important to us. We only use the information you provide about yourself when using this website to answer your enquiry or to help us to improve our service to you. We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

The information we collect

We may collect and process the following data about you:

Information that you provide by filling in forms on our website at cityandhackney.gpwebsite.org (our “Website”). This includes information provided when completing our enquiry form or submitting feedback on a consultation. This may include your name, your organisation’s name, your position, email address, business address and contact telephone number. We may also ask you for information when you report a problem with our site.

If you contact us, we may keep a record of that correspondence.

NHS North East London Clinical Commissioning Group may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

Details of your visits to our site including, but not limited to, web server statistics, traffic data, location data and details of the web pages and resources that you access.

Site Usage

We may collect information about your computer, including where available your IP address, operating system and browser type via the web server log files, for system administration and to analyse aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

These uses are in line with the purposes outlined in our registration with the Information Commissioner’s Office, the reference number is Z972915X.

Your information may be used to help assess the needs of the general population both on a local, regional and national level to help make informed decisions about the provision of future services. Information can also be used to conduct health research and development, monitor NHS Performance in order to allow the NHS to plan for future. As part of our planning NHS North East London CCG will identify areas to concentrate on concerning the health of North East London residents.

Information sharing with other NHS agencies and non-NHS organisations

We may share your information for health purposes and for your benefit with other organisations such as NHS England, NHS Trusts, and also general practitioners (GPs), etc. We may also need to share information with our partner organisations.

Where information sharing is required with third parties, we will always have relevant contractual obligations and data sharing agreements in place and will not disclose any health information without your explicit consent unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it or to carry out a statutory function.

In some exceptional circumstances, we do not require your explicit consent to share information. This would be in cases, for example, notification of new births, a public interest issue, when the health and safety of others is at risk, fraud prevention and investigation, protecting children and vulnerable adults from harm or where the law requires it (a formal court order has been served requiring us to do so).

In these cases, permission to share must be given by our Caldicott Guardian, who is the senior person in the CCG with responsibility for ensuring the protection of confidential patient and service user information. We are obliged to tell you that we have shared your information unless doing so would put you or others at risk of harm.

The law provides some NHS bodies, particularly the Health and Social Care Information Centre (NHS Digital), with permission to collect and use patient data to help commissioners to design and procure the combination of services that best suit the population that they serve.  The patient data that is supplied is not in a form that will identify you.

NHS North East London CCG as a health care organisation is required to support the public sector, including police, in their work. This may include the provision of personal information about patients or staff. There are legal constraints to the information that may be shared depending on the circumstances further information is available on this link:  Disclosure of personal information to the police.

Specialist advice on the handling of patient information is provided by the Information Governance team within NEL to ensure all legal requirements are met when handling information.

National fraud initiative

NHS North East London CCG is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds or where undertaking a public function in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.  Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information, such as key payroll data and contact details. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it may indicate that there is an inconsistency, which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018. Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.

For further information about countering fraud in the NHS is available on the Report NHS fraud page.

How we keep your information confidential

It is everyone's legal right to expect that information held and used about you is safe and secure and is only used for the agreed purpose(s).

Everyone working for the NHS is subject to the Common Law Duty of Confidentiality. The information we hold about you, whether in paper or electronic form, is protected from unauthorised access. Under the NHS Confidentiality Code of Conduct, all our staff are required to protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared. All NHS North East London CCG staff receive annual training on how to do this. This is monitored by the CCG and can be enforced through disciplinary procedures.

Information provided in confidence will only be used for the purpose(s) advised with consent given by the patient, unless there are other specific circumstances covered by the current General Data Protection Regulation (GDPR) and UK legislations.

NHS North East London CCG takes this responsibility very seriously and has ensured that it has robust and effective processes and procedures in place to achieve this expectation for you and the information we hold and process about you.

NHS North East London CCG, working with our network service provider, NEL ensures that information is held in secure locations with restricted access to authorised persons only. We protect any personal information that is held on our systems with encryption so that it cannot be accessed by those who do not have access rights.

How we use the patient information that we collect

NHS North East London CCG has safeguards in place to prevent its staff from identifying individuals from the data that we receive, using information from services we commission in North East London or indirectly via the Data Services for Commissioners Regional Offices using national information from various NHS organisations as outlined in the previous section.

Information from your health and social care records will be received into Data Services for Commissioners Regional Offices and any information that might allow others to identify you is removed. This means that no one can know:

• your name
• your exact date of birth (this is replaced with just the year of birth)
• your postcode (this is replaced with a national standard area code that is based on the total population and number of houses in an area)

The information from your health and social care records may also contain more sensitive information about your health and also information such as outcomes of needs assessments but these are mainly coded.

Cookies

To comply with EU legislation we are required to tell you about the cookies used on this website.

We use cookies only because we want you to find the information you need as quickly and easily as possible.

A cookie is a small text file that is placed on your computer when you visit a website. Cookies help websites function usefully and can provide information to website owners.

Cookies do not place viruses on your computer and cannot run programs.

Our cookies do not provide us with any private or personally identifiable information about you. All data that is gathered is anonymous.

Some of the cookies we use collect information about how visitors use our site.

For example, one of our cookies counts the number of visitors to the site and notes which pages they visited. This anonymous information helps us to compile statistical reports, which can help us to improve the site.

Your web browser gives you the ability to accept or decline cookies. Generally, web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, some useful features of this website will not work.

For example, there is the option to view this website as text only, with no graphics. The 'useTextOnly' and 'set String' cookies remember that you have chosen to view this site with no graphics. If you choose to decline cookies you will have to select the text only option every time you view a new page.

The cookies we use and what they do

These cookies mentioned above are used to collect information about how visitors use our site. This information can be used to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Places to go to find out more about cookies

You can find out more about cookies, including how to see what cookies have been set and how to manage and delete them, at these sites: 

http://www.allaboutcookies.org/

http://tools.google.com/dlpage/gaoptout

How we protect your information

All information you provide to us is stored on our secure servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we use strict internal procedures and security features to prevent unauthorised access.

There are facilities within this web site which allow you to type in information and send it to NHS North East London Clinical Commissioning Group. You should be aware that such transmissions are not subject to any encryption and could, in theory, be intercepted and read by someone. Therefore you may wish to avoid including information which you consider to be private. Any information you supply to NHS North East London Clinical Commissioning Group via this web site will be handled in accordance with our policies and procedures for data protection.

We also keep your information confidential. The internal procedures of NHS North East London Clinical Commissioning Group cover the storage, access and disclosure of your information.

How we use your information

We use information held about you in the following ways:

• To provide you with information, services that you request from us
• To carry out our obligations arising from any contracts entered into between you and us.

Your Rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.

Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

The Data Protection Act 2018 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.

Your consent

By submitting your information you consent to the use of that information as set out in this policy. If we change our privacy policy we will post the changes on this page, and may place notices on other pages of the Website, so that you may be aware of the information we collect and how we use it at all times. We will also e-mail you should we make any changes so that you may consent to our use of your information in that way. Continued use of the service will signify that you agree to any such changes.

Contact Details

We welcome your views about our website and our privacy policy. If you have any queries or comments, or if any of the information that you have provided to the NHS North East London CCG 4th Floor – Unex Tower 5 Station Street London E15 1DA, please contact us.

CCG oversight and responsibility

The CCG’s Caldicott Guardian and Senior Information Risk Owner (SIRO) have overall responsibility of information risks with the CCG.

The CCG is provided with specialist data protection advice from its Information Governance Manager and Data Protection Officer to ensure all legal requirements are met when handling information.

The Senior Information Risk Officer for the CCG is Steve Collins The SIRO’s email address is steve.collins5@nhs.net

The Caldicott Guardian for the CCG is Diane Jones. The Caldicott Guardian’s email address is diane.jones11@nhs.net

The Data Protection Officer for the CCG is Jamie Sheldrake, Information Governance & FOI Manager for North Central London CCGs. The DPO’s email address is jamie.sheldrake@nhs.net