What we do with patient information
NHS Greenwich CCG does not process personal information for the majority of Greenwich patients and service users; this information is limited to the clinicians and organisations directly involved in providing your care. There are some instances when we will collect information about you including:
Your NHS number, name, address, date of birth and details of your GP
Your medical condition and the treatment(s) that you receive
These instances are generally limited to where you have made a complaint to us about a service or have made an individual funding request for your care. Examples of teams that may have access to your information are: Continuing Care, Medicines Management and Safeguarding.
Why does NHS Greenwich CCG keep this information?
By law we have to keep certain information about you where it has been provided by you in relation to your care.
How your personal information is used
Your records are used to direct and manage the care you receive to ensure that healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive, and so that your concerns can be properly investigated if a complaint is raised.
Only members of staff directly involved in reviewing your care/complaint are able to see your information. Everyone who does see your information must keep it confidential.
We hold some
information about you and our Fair Processing Notice outlines how that information is used,
who we may share that information with, how we keep it secure (confidential)
and what your rights are in relation to this. You can read our extended Fair Processing Notice here.
Who we share information with
In certain situations we will share your information with other organisations involved in your care or where we have a legal obligation to do so. These organisations may include but are not limited to:
Your General Practitioner
Other NHS Trusts and Hospitals that are involved in your care
Social Care Services / Local Authorities (to enable better integration of care)
Voluntary and private sector providers working with the NHS
Disclosure of information
You have the right to determine how and with whom we share the personal information in your records that identifies you. This must be noted explicitly within your records in order that all healthcare professionals and staff treating and involved with you are aware of your decision. By choosing this option, it may make the provision of treatment or care more difficult or unavailable. You can also change your mind at any time about a disclosure decision.
Keeping information secure and confidential
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff will receive appropriate training on confidentiality of information, and staff who,because of their role, have regular access to personal information will have received additional specialist training.
We take relevant organisational and technical measures to unsure the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, and protecting personal and confidential information held on equipment such as laptops with encryption.
Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian, in Greenwich CCG this role is shared by two people, they are:
Dr Ranil Perera – GP Executive
Diane Jones – Director of Integrated Governance
Accredited Safe Haven
Most of the time we use information, such as statistical or anonymous data, that does not identify individuals. These instances include:
evaluating and reviewing services, such as checking their quality and efficiency
checking NHS accounts and services
carrying out assessments of the conditions you are at risk of having so we can prioritise NHS services
determining how we may prevent conditions you are at risk of having
making sure our services can meet patient needs in the future
preparing statistics on NHS performance
reviewing the care we provide to make sure it is of the highest standard.
Some of our commissioning functions use data with an identifier, such as NHS numbers. This is only done under legal permissions such as those set out under Section 251 of NHS A ct 2006. Examples of these commissioning functions include when we are:
monitoring how care is delivered to patients
making sure services are working well and using resources properly
redesigning and modernising services
understanding particular health needs in different geographic areas
enabling only clinicians who are involved in a patient's care to identify and contact patients, for example those who would benefit from Active Case Management ( a service which cares for patients with complex needs)
supporting care service planning and commissioning
verifying invoices from providers
Data flows that do contain identifiers under the Section 251 arrangement are processed within an Accredited Safe Haven that requires the CCG to obtain the required standards in information governance, confidentiality, and security of the data it holds. More information is available from the HSCIC website: http://www.hscic.gov.uk/dataflowstransitionmanual
Controlled Environment for Finance (CEfF)
Clinical Commissioning Groups (CCGs) and Commissioning Support Units (CSUs) have received approval under Regulation 5 of the Health Service (Control of Patient Information) Regulations 20021 to process patient identifiable information without consent for the purposes of invoice validation. This approval provides the legal basis for Health Service Providers to disclose patient confidential information to named organisations for the purposes of invoice validation.
NHS Greenwich CCG has the correct safeguards in place and are recorded on the NHS England register of CEfF's: http://www.england.nhs.uk/wp-content/uploads/2014/07/ceff-app-orgs.pdf
Further information regarding CEfF and Invoice validation can be found on the NHS England Website: http://www.england.nhs.uk/ourwork/tsd/ig/in-val/
How you can access your records
The Data Protection Act 1998 gives you a right to access the information we hold about you on our records. Requests must be made in writing to:
NHS Greenwich Clinical Commissioning Group
31-37 Greenwich Park Street
We will reply to your request within 40 days from receipt and in order to provide the correct information we will need:
Your personal details including your full name, address, date of birth, and NHS number so that your identity can be verified and your records located
A cheque for an initial £10 (rising to a maximum of £50 for health records) made payable to NHS Greenwich Clinical Commissioning Group
An indication of what information you are requesting to enable the CCG to locate this in an efficient manner
For independent advice about data protection, privacy and data-sharing issues, you
can contact the
The Information Commissioner
Phone: 08456 30 60 60 or 01625 54 57 45
NHS Care Record Guarantee
In accordance with the NHS Constitution for England 2010, you have the right to privacy and confidentiality and to expect the NHS to keep confidential information safe and secure. This guarantee is our commitment that NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and
promote your health and wellbeing. The Government has made it clear that patients will have control of their own health records, starting with access to the records held by their GP and extending to records held by all health providers (source: Equity and Excellence: Liberating the NHS, Department of Health, 2010, paragraph 2.11). http://systems.hscic.gov.uk/scr/intro/crg.pdf