Handling Your Personal Information – Fair Processing Notice
This notice is to inform you of the type of information (including personal information) that we Bromley CCG, as your clinical commissioning group (CCG), holds, how that information is used, who we may share that information with, and how we keep it secure and confidential.
What we do
We Bromley CCG are responsible for planning, buying and monitoring (also known as commissioning) health services from healthcare providers, such as hospitals and GP practices, for our local population to ensure the highest quality of healthcare. We also have a performance monitoring role of these services, which includes responding to any concerns from our patients on services offered.
How we use your information
We hold some information about you and this document outlines how that information is used, who we may share that information with, how we keep it secure (confidential) and what your rights are in relation to this. Your records are used to direct and manage the care you receive to ensure that healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive, and so that your concerns can be properly investigated if a complaint is raised.
These uses are in line with the purposes outlined in our registration with the Information Commissioners Office and the reference number is Z3602379.
What kind of information do we use?
We use six types of information/data:
What do we use these types of data for?
We use the above types of data to plan health care services. Specifically, we use it to:
Do you share my information with other organisations?
We commission a number of organisations (both within and outside the NHS) to provide healthcare services to you. A full list of services can be found on ‘our services’ page We may also share anonymised statistical information with them for the purpose of improving local services: for example, understanding how health conditions spread across our local area compared to other areas.
The law provides some NHS bodies, particularly the Health and Social Care Centre – HSCIC (NHS Digital), ways of collecting and using patient data that cannot identify a person to help commissioners design and procure the combination of services that best suit the population they serve.
Data may be linked and de-identified by these special bodies so that it can be used to improve health care and development, and monitor NHS performance. Where data is used for these statistical purposes, stringent measures are taken to ensure individual patients cannot be identified.
When analysing current health services and proposals for developing future services, it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking primary care GP data with secondary care secondary uses service (SUS) data (inpatient, outpatient and A&E).
In some cases there may also be a need to link local datasets, which could include a range of acute-based services such as radiology, physiotherapy and audiology, as well as mental health and community-based services such as IAPT, district nursing and podiatry. When carrying out this analysis, the linking of these datasets is always done using a pseudonym as the CCG does not have access to patient identifiable data.
The following are the types of organisations HSCIC (NHS Digital) receives data from, and then forwards on to our data processor in a de-identified format or a dataset with a weakly pseudonym identifier (NHS Number) format to link and analysis the data.
Types of organisations and types of information we receive:
It is also important to note that if you receive treatment in another part of the country, for example if you are on holiday, HSCIC (NHS Digital) will receive information about your treatment. We will receive this information in a de-identified dataset in accordance with point 2 and 3 above within the ‘what kind of information do we use’, as it’s important to link and analyse your patient pathway.
We may also contract with other organisations to process data. We ensure external data processors that support us are legally and contractually bound to operate this process. They must be able to prove security arrangements are in place where data that could or does identify a person is processed.
Currently, the external data processors we work with include (amongst others):
How you can access your records
The Data Protection Act 1998 gives you a right to access the information we hold about you on our records. Requests must be made in writing to:
Information Governance Manager
NEL Commissioning Support Unit
3rd Floor, 1 Lower Marsh,
You can email: firstname.lastname@example.org
We will reply to your request within 40 days from receipt and in order to provide the correct information we will need:
For independent advice about data protection, privacy and data-sharing issues, you can contact:
The Information Commissioner
Phone: 08456 30 60 60 or 01625 54 57 45
To read more about how we use your information please see document below to access our extended fair processing Notice