IMPORTANT INFORMATION

This website is no longer being updated.

NHS Barnsley Clinical Commissioning Group has been legally dissolved and from 1 July 2022 has been replaced by a new organisation: NHS South Yorkshire Integrated Care Board (SY ICB). NHS South Yorkshire ICB is now responsible for commissioning and funding of health and care services locally. Please go to our new website www.southyorkshire.icb.nhs.uk for information about the work of NHS South Yorkshire ICB and details about how to contact us.

Thank you.

branch graphic

Privacy Notice

How your personal information is used by NHS Barnsley CCG

Please click on the highlighted text within the notice for links to further information. Click the link for a Glossary of definitions used throughout this notice.

Who we are and what we do

Data Controller: NHS Barnsley Clinical Commissioning Group, Hillder House, 49/51 Gawber Road, Barnsley, South Yorkshire S75 2PY

Data Protection Officer (DPO):Caroline Million DPO Contact Details:Caroline.million@outlook.com

 NHS Barnsley Clinical Commissioning Group is responsible for planning and designing local health services in and around Barnsley. We do this by ‘commissioning’ or buying health and care services including:

  • Planned hospital care
  • Unplanned care (urgent care)
  • Rehabilitation care
  • Community Health Services
  • Mental Health and learning disability services
  • Primary care (GP services, some pharmacy services)

We are also responsible for arranging unplanned care services for our registered patients and for commissioning services for any unregistered patients who live in Barnsley. All general practices in Barnsley are members of our Clinical Commissioning Group.

We manage the performance of services that we commission to make sure that they are safe, provide high quality care and meet the needs of local people. Part of this performance management role includes responding to any concerns from our patients about these services.

How we use your personal information

The purpose of this notice is to inform you of the type of information (including personal information) that the CCG holds as a Data Controller, how that information is used, the legal basis for using the information, who we may share that information with, and how we keep it secure and confidential. It covers information we collect directly from you or collect indirectly from other individuals or organisations for the CCG’s registered population.

This notice applies to all information held by the CCG relating to individuals, whether you are a patient, service user or a member of staff. This notice was last reviewed in June 2021.

Types of information we hold

We need to use information about you in various forms and will only use the minimum amount of information necessary for that purpose. Where possible we will use information that does not identify you. The CCG uses and processes several different types of information.

  1. Identifiable - information which contains personal details that identify individuals such as name, address, email address, NHS Number, full postcode, date of birth.
  2. Pseudonymised - individual level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity
  3. Anonymised - data which is about you but from which you cannot be personally identified.
  4. Aggregated – grouped information about individuals that has been combined to show general trends or values without identifying individuals

Throughout this Notice you will see reference to an organisation called NHS Digital. They are the national provider of information, data and IT systems for commissioners (such as the CCG), analysts and clinicians in health and social care. NHS Digital provides information based on identifiable data passed securely to them by Primary and Secondary Care Providers who are legally obliged to provide this information.

Our records may be held on paper or in a computer system.

Details of information used for specific purposes

Use of Anonymised Data

We use anonymised data to plan health care services including:

  • Checking the quality and efficiency of the health services we commission;
  • Preparing performance reports on the services we commission;
  • Working out what illnesses people will have in the future, so we can plan and prioritise services and ensure these meet the needs of patients;
  • Reviewing the care being provided to make sure it is of the highest standard.

Use of Pseudonymised (De-identified) Information

We use de-identified information in our role as commissioner including:

  • Commissioning - to plan, design, purchase and pay for the best possible care available for you ; look at the care provided by different providers across our area to make sure that together they support the needs of the local population; performance manage contracts; to prepare statistics on NHS performance to understand health needs and support service redesign, modernisation and improvement; to help us plan future services to ensure they continue to meet our local population needs
  • Risk Stratification- to identify groups of patients who would benefit from some additional help from their GP or care team. The aim is to prevent ill health and possible future hospital stays, rather than wait for you to become sick. Only de-identified information is accessible to the CCG in order to help us plan the most appropriate health services for our population.

Use of Personal and Sensitive (Identifiable) Information

As a CCG we do not routinely hold medical records or confidential patient data with some limited exceptions.

There are some categories of personal data for which special safeguards are required by law, known as special category or sensitive data. This includes records relating to health, sex life, race, ethnicity, political opinions, trade union membership, religion, genetics and biometrics.

The following list includes examples of where we collect and use personal information. Please click on each of the following examples for information on the purpose, the type of information used, the legal basis identified for the collection and use of the information, how we collect and use the information required, any third parties we may share the information with and your rights regarding the use of the information including, where relevant, your right to opt out.

Patient Information

Staff Information

The CCG as an NHS employer needs to process information in relation to staff. This information is used in a variety of ways to ensure staff are paid, that the CCG complies with employments law, or to provide other services related to their employment. For more details about how staff information is used please click on the following: 

Read the glossary of terms used in these privacy notices.

Sharing Information with Health and Care organisations

Information Sharing Agreements and contracts will be in place ensuring that where we share information, this meets both the requirements of the Health and Social Care Act 2012 and the current Data Protection legislation ensuring that your confidentiality and rights are not breached.

The CCG is actively working with health and social care partners to ensure that where you receive a referral, for example for community services, all the relevant information that organisation requires in order to offer you the right service is available. We are also working with the hospitals that provide services to our population to ensure that if you find yourself in an emergency situation, relevant and potentially lifesaving information from your GP record will be available, showing any latest tests and any allergies you may suffer from, which the hospital clinicians will need to know.

Whenever a new arrangement is made to share information externally, both with health and social care organisations and with third party suppliers, we will ensure that a legal basis has been identified, using a tool called a Data Protection Impact Assessment, which will highlight any risks to your information and ensure they are resolved before any sharing takes place.

Our Commitment to Data Privacy and Confidentiality

We are committed to protecting your privacy and will only process personal confidential data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, the Common Law Duty of Confidentiality, Professional Codes of Practice and the Human Rights Act 1998.

In the circumstances where we are required to use personal identifiable information, we will only do this if:

  • The information is necessary for your direct healthcare, or
  • We have received explicit consent from you to use your information for a specific purpose, or
  • There is an overriding public interest in using the information:
    • In order to safeguard an individual,
    • To prevent a serious crime or in the case of Public Health or other emergencies, to protect the health and safety of others, or
  • There is a legal requirement that allows or compels us to use or provide information (e.g. a formal court order or legislation), or
  • We have permission from the Secretary of State for Health and Social Care to use certain confidential patient identifiable information when it is necessary for our work

Everyone working for the NHS has a legal and contractual duty to keep information about you confidential. All identifiable information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. All health and social care organisations are required to provide annual evidence of compliance with applicable laws, regulations and standards through the Data Security and Protection toolkit.

Our staff, contractors and committee members receive appropriate and ongoing training to ensure that they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Staff are trained to ensure how to recognise and report and incident and the organisation has procedures for investigating, managing and learning lessons from any incidents that occur.

Your information will not be sent outside of the United Kingdom unless your privacy is protected to the same extent as the law in the UK. We will never sell any information about you.

The CCG maintains a set of regularly updated policies and procedures covering all aspects of information governance. These can be found here: www.barnsleyccg.nhs.uk/strategies-policies-and-plans.htm

 

Your Rights

Under the UK General Data Protection Regulation all individuals have certain rights in relation to the information which the CCG holds about them. Not all rights apply equally to all our processing activity as certain rights are not available depending on the lawful basis for the processing.

When you view an entry in our ‘Use of Personal and Sensitive Information’, we have highlighted which rights apply and which may not. To help understand why some may not apply the following should help.

Examples of where rights may not apply - where our lawful basis is:

  • Processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller - then rights of erasure, portability do not apply.
  • Legal Obligation - then rights of erasure, portability, objection, automated decision-making and profiling do not apply.

If you require further detail each link below will take you to the Information Commissioner’s Office’s website where further detail is provided in section ‘When does the right apply’.

These rights are:

Under the NHS Constitution you have the right to privacy and to expect the NHS to keep your information confidential and secure.

You have the right to be informed about how your information is used. You have the right to request that your confidential information is not used beyond your own care and treatment, and to have your objections considered and where your wishes cannot be followed, to be told the reasons including the legal basis.

In particular, you have a choice about whether you want your confidential patient information to be used for planning and research. If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.

To find out more about the National Data Opt-Out, or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters  . You may also do so via the national NHS app.

The CCG’s use of patient confidential data is compliant with the National Data Opt-Out Policy.

Queries and Complaints

If we do hold identifiable information about you, you can ask us to correct any mistakes by contacting us at the address below. If you have any questions or complaints regarding the information we hold about you or the use of your information, please contact:

NHS Barnsley CCG Quality Team, Tel: 01226 433772   Email: safehaven.riskmanagement@nhs.net

DATA PROTECTION OFFICER – QUERIES REGARDING DATA PROTECTION ISSUES

Legislation (UK General Data Protection Regulation and Data Protection Act 2018) mandates that the CCG appoint a Data Protection Officer (DPO).  This is because we are a public body.

The DPO will assist us to monitor internal compliance, inform and advise on data protection obligations and act as a contact point for data subjects (members of the public and employees) where there are concerns or queries regarding Data Protection.  The DPO will also act as a contact point for communication with the Information Commissioner’s Office.

If you wish to contact the DPO then please use the following contact details stating in the heading which organisation you are enquiring about:

DPO:  Caroline Million Email: Caroline.million@outlook.com

For independent advice about data protection, privacy and data-sharing issues, or to make a complaint about our handling of your information you can contact:

The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Phone: 0303 1231113 or 01625 54 57 45 Website: https://ico.org.uk/