​​​What we do with patient information 

NHS Greenwich CCG does not process personal information for the majority of Greenwich patients and service users; this information is limited to the clinicians and organisations directly involved in providing your care. There are some instances when we will collect information about you, including:

  • Your NHS number, name, address, date of birth and details of your GP
  • Your medical condition and the treatment(s) that you receive

These instances are generally limited to where you have made a complaint to us about a service or have made an individual funding request for your care. Examples of teams that may have access to your information are: Continuing Care, Medicines Management or the Safeguarding teams.

Why does NHS Greenwich CCG keep this information?

By law we have to keep certain information about you where it has been provided by you in relation to your care.

How your personal information is used

Your records are used to direct and manage the care you receive to ensure that healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive, and so that your concerns can be properly investigated if a complaint is raised.

Only members of staff directly involved in reviewing your care/complaint are able to see your information. Everyone who does see your information must keep it confidential.​

We hold some information about you and our Privacy Notices outlines how that information is used, who we may share that information with, how we keep it secure (confidential) and what your rights are in relation to this.  You can read our Privacy Notice​​​ here.

Who we share information with


In certain situations we will share your information with other organisations involved in your care or where we have a legal obligation to do so. These organisations may include but are not limited to:

  1. Your General Practitioner

  2. Other NHS Trusts and Hospitals that are involved in your care

  3. Social Care Services / Local Authorities (to enable better integration of care)

  4. Voluntary and private sector providers working with the NHS

Disclosure of information

You have the right to determine how and with whom we share the personal information in your records that identifies you. This must be noted explicitly within your records in order that all healthcare professionals and staff treating and involved with you are aware of your decision. By choosing this option, it may make the provision of treatment or care more difficult or unavailable. You can also change your mind at any time about a disclosure decision.

Keeping information secure and confidential

All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff will receive appropriate training on confidentiality of information, and staff who,because of their role, have regular access to personal information will have received additional specialist training.

We take relevant organisational and technical measures to unsure the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, and protecting personal and confidential information held on equipment such as laptops with encryption.

Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott Guardian, in Greenwich CCG this role is shared by two people, they are:

Dr Ranil Perera - GP Executive
Yvonne Leese - Director of Quality and Integrated Governance

Accredited Safe Haven

Most of the time we use information, such as statistical or anonymous data, that does not identify individuals. These instances include:

  • evaluating and reviewing services, such as checking their quality and efficiency
  • checking NHS accounts and services
  • carrying out assessments of the conditions you are at risk of having so we can prioritise NHS services
  • determining how we may prevent conditions you are at risk of having
  • making sure our services can meet patient needs in the future
  • preparing statistics on NHS performance
  • reviewing the care we provide to make sure it is of the highest standard.

Some of our commissioning functions use data with an identifier, such as NHS numbers. This is only done under legal permissions such as those set out under Section 251 of NHS A ct 2006. Examples of these commissioning functions include when we are:

  • monitoring how care is delivered to patients
  • making sure services are working well and using resources properly
  • redesigning and modernising services
  • understanding particular health needs in different geographic areas
  • enabling only clinicians who are involved in a patient's care to identify and contact patients, for example those who would benefit from Active Case Management ( a service which cares for patients with complex needs)
  • supporting care service planning and commissioning
  • verifying invoices from providers

Data flows that do contain identifiers under the Section 251 arrangement are processed within an Accredited Safe Haven that requires the CCG to obtain the required standards in information governance, confidentiality, and security of the data it holds. More information is available from the HSCIC website

Controlled Environment for Finance (CEfF)

Clinical Commissioning Groups (CCGs) and Commissioning Support Units (CSUs) have received approval under Regulation 5 of the Health Service (Control of Patient Information) Regulations 20021 to process patient identifiable information without consent for the purposes of invoice validation. This approval provides the legal basis for Health Service Providers to disclose patient confidential information to named organisations for the purposes of invoice validation.
NHS Greenwich CCG has the correct safeguards in place and are recorded on the NHS England register of CEfF's.

Further information regarding CEfF and Invoice validation can be found on the NHS England website

How you can access your records

"The Data Protection Act 2018 gives you a right to access the information we hold about you on our records. Requests must be made in writing to:
Compliance Manager
NHS Greenwich Clinical Commissioning Group
31-37 Greenwich Park Street
London SE10 9LR

We will reply to your request within one calendar month from receipt and in order to provide the correct information we will need:

  • Your personal details including your full name, address, date of birth, and NHS number so that your identity can be verified and your records located
  • An indication of what information you are requesting to enable the CCG to locate this in an efficient manner

For independent advice about data protection, privacy and data-sharing issues, you can contact the

The Information Commissioner
Wycliffe House
Water Lane
Cheshire SK9 5AF
Phone: 08456 30 60 60 or 01625 54 57 45

Your rights

The NHS Constitution covers your rights as an NHS patient and includes a section on confidentiality. The constitution can be found online.

NHS Care Record Guarantee 

In accordance with the NHS Constitution for England 2010, you have the right to privacy and confidentiality and to expect the NHS to keep confidential information safe and secure. This guarantee is our commitment that NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing. The Government has made it clear that patients will have control of their own health records, starting with access to the records held by their GP and extending to records held by all health providers (source: Equity and Excellence: Liberating the NHS, Department of Health, 2010, paragraph 2.11).