The purpose of this notice is to inform you of the type of information including *personal confidential data that Salford CCG processes about you, how that information is used, who we may share that information with, and how we keep it secure and confidential.
NHS England who lead the National Health Service in England have a Fair Processing Notice which can be found on: https://www.england.nhs.uk/contact-us/privacy-notice/
However Salford as a Data Controller determines how the data will be processed and used within the CCG and with others who we share data with. We are legally responsible for ensuring that all personal data that we hold and use is done so in a way that meets the data protection principles under the General Data Protection Regulation (GDPR) and Data Protection Act 2018. This notice also explains how we handle that data and keep it safe.
Salford CCG has a duty to ensure this is kept confidential, secure and used appropriately.
Salford CCG is an NHS commissioning organisation, our purpose is not to provide care and so we do not routinely hold or receive information about patients and service users in a format from which they can be identified.
Salford CCG has various roles and responsibilities, but a major part of our work involves making sure that:
• Contracts are in place with local health service providers;
• routine and emergency NHS services are available to patients;
• those services provide high quality care and value for money; and
• paying those services for the care and treatment they have provided.
This is called “commissioning” and is explained in more detail on our website at:
Accurate, timely and relevant information is essential for our work to help us to design and plan current and future health and care services, evidence and review our decisions and manage budgets.
The following information explains why we use information, who we share it with, how we protect your confidentiality and your legal rights and choices.
We are committed to protecting your rights to confidentiality
We want patients to understand:
• How the CCGs use and share information
• How GPs use and share your information
• Your health record, what it contains and how you can access it
• When you can choose to opt-out of your personal information being collected or shared and what this will mean to you
We use the following types of information / data:
This contains details that identify individuals even from one data item or a combination of data items. The following are demographic data items that are considered identifiable such as name, address, NHS Number, full postcode, date of birth. Under GDPR, this now includes location data and online identifiers.
Special Categories of Personal Data (previously known as Sensitive Data)
This is personal data consisting of information as to: race, ethnic origin, political opinions, health, religious beliefs, trade union membership, sexual life and previous criminal convictions. Under GDPR, this now includes biometric data and genetic data.
Personal Confidential Data
This term came from the Caldicott review undertaken in 2013 and describes personal information about identified or identifiable individuals, which should be kept private or secret. It includes personal data and special categories of data but it is adapted to include dead as well as living people and ‘confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’.
Pseudonymised Data or Coded Data
Individual-level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity. When data has been pseudonymised it still retains a level of detail in the replaced data by use of a key / code or pseudonym that should allow tracking back of the data to its original state.
This is data about individuals but with all identifying details removed. Data can be considered anonymised when it does not allow identification of the individuals to whom it relates, and it is not possible that any individual could be identified from the data by any further processing of that data or by processing it together with other information which is available or likely to be available.
This is statistical information about multiple individuals that has been combined to show general trends or values without identifying individuals within the data
The CCG receives the following datasets from providers:
Primary Care Data
As many people's first point of contact with the NHS, around 90 per cent of patient interaction is with primary care services. In addition to GP practices, primary care covers dental practices, community pharmacies and high street optometrists. Primary Care Data relates to information which has been sourced from these types of services.
Secondary Care Data
Secondary Care means treatment and care of a specialised medical service by clinicians, for example, specialist doctors and nurses, within a health facility or hospital on referral by a primary care clinician such as your GP. Secondary Care data relates to information which has been sourced from these types of services.
Secondary Uses Service (SUS) Data
The Secondary Uses Service (SUS) is the single, comprehensive repository for healthcare data in England which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services. When a patient or service user is treated or cared for, information is collected which supports their treatment. SUS data is useful to commissioners and providers of NHS-funded care for 'secondary' purposes – this is use of data other than for direct or 'primary' clinical care.
For further information about SUS, please visit:
Community Care / Social Care Data
Community care data includes data from social care services covering both adults and children.
Secondary Uses Services Data
We use information collected by hospitals, GPs, community services and NHS Digital. The type of information we use is called Secondary Uses Services data (SUS data). SUS data gives us information about the services we commission. It does not include your name or home address but may include information such as your NHS number, ethnicity and gender. It also contains coded information about hospital attendances and treatment.
We use the SUS data for a number of purposes:
•To understand the health needs of the population
•To plan, redesign and improve services
•To ensure providers are using resources effectively
•To pay services for the care they provide
•To audit NHS accounts and services.
We will use anonymised data that cannot be linked back to your identity (de-identified data) wherever possible. In order to ensure that the NHS continues to function lawfully and efficiently, the Secretary of State for Health has given permission for CCGs to use certain personal information from SUS without consent, but only when it is absolutely necessary for certain specified purposes. This approval is given upon the strict advice of the Health Research Authority’s Confidentiality and Advisory Group (CAG) under conditions set out in section 251 of the NHS Act 2006. The specific terms and conditions that we are obliged to follow when using SUS data can be found on the NHS Digital website.
The dataset collected from secondary care providers, for example hospitals, by NHS Digital is referred to the Secondary Uses Service (SUS) is the single, comprehensive repository for healthcare data in England which enables a range of reporting and analyses to support the NHS in the delivery of healthcare services. When a patient or service user is treated or cared for, information is collected which supports their treatment. For further information, please visit NHS Digital’s website: http://digital.nhs.uk/sus.
The following are the types of organisations NHS Digital receives data from, and then forwards on to our data processor in an anonymised format or a de-identified format with NHS Number in order to link and analyse the data.
Where data is used for these statistical purposes, stringent measures are taken to ensure individuals cannot be identified.
Types of organisations and types of information we receive:
Acute Trusts (Hospitals) - we receive anonymised acute data such as A&E attendances, waiting times, diagnosis, treatments, and follow ups, length of stay, discharge information and next steps.
Community trusts or community organisations - we receive anonymised community data such as outpatient information, waiting times, diagnosis and treatments, referrals and next steps, domiciliary and district nursing (which includes home visits) and community rehabilitation units.
Mental Health Trusts or Mental Health organisations - we receive anonymised mental health data such as rehabilitation and outpatient attendances, waiting times, diagnosis, treatment, length of stay, discharge, referrals and next steps.
Primary Care organisations, for example your local GP practice. We receive anonymised primary care data such as attendances, diagnosis, treatment, GP or GP practice visits, referrals, medication/prescriptions information and follow-ups.
We may also contract with other organisations to process this data. We ensure external data processors that support us are legally and contractually bound to operate this process. They have security arrangements to maintain confidentiality where data that could or does identify a person is processed. The external data processors we work with to do this is NHS Arden and GEM Commissioning Support Unit (CSU).
The types of secondary use processing we do in the CCG are:
Article 6 (1)(c) - Processing is necessary for compliance with a legal obligation
Article 9(2)(h) - Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems
NHS England encourages CCG’s and GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable admissions. Knowledge of the risk profile of our population helps the CCG to commission appropriate preventative services and to promote quality improvement in collaboration with our GP practices.
Risk stratification tools use various combinations of historic information about patients, for example, age, gender, diagnoses and patterns of hospital attendance and admission and primary care data collected in GP practice systems.
Risk stratification is a process which applies computer based algorithms, or calculations to identify those patients who are most at risk from certain medical conditions and who will benefit from clinical care to help prevent or better treat their condition. To identify those patients individually from the patient community would be a lengthy and time-consuming process which would by its nature potentially not identify individuals quickly and increase the time to improve care. A GP / health professional at your GP Practice review this information before a decision is made.
There are two types of risk stratification:
For risk stratification, there is a Section 251 approval in place which allows NHS Digital to receive personal confidential data. They process this via DSCRO who then send pseudonymised data to the CCG. This is detailed in the flow chart below.
Who are DSCRO and What do they do?
NHS Digital's responsibilities as set out in the Health and Social Care Act 2012 include the collection, analysis and presentation of national health and social care data. The Act also gave NHS Digital the powers to act as a safe haven and collect, hold and process personal confidential data (PCD) for purposes beyond direct patient care.
Commissioners of healthcare services need to plan and commission healthcare services in their local area through analysis of actual and projected use of services across all parts of the care economy. This modelling requires access to information about care provided to patients, their hospitals stays and patient journeys but without accessing personal confidential patient data. Care commissioners do not provide direct patient care, and therefore they have no legal basis on which to access personal confidential patient information.
Therefore commissioners require an intermediary service that specialises in processing, analysing and packaging patient information into a format they can legally use this is completed by Data Services for Commissioners Regional Offices (DSCROs)
DSCROs work with data from GP Practices and NHS Hospital Trusts in the regional processing centres. Staff follow strict rules on accessing, analysing and processing data. The powers granted to the organisation by the Health and Social Care Act 2012 which means that staff are operating within the approved legal framework.
The service allows clinical commissioning groups (CCGs), local authority public health teams and specialised commissioners to plan and commission those healthcare services in their local area and nationally using the services provided through the DSCROs.
There is a data sharing agreement with DSCRO & the following CCG’s to provide assurance regarding the security processes for pseudonymisation and for sharing such data as part of collaborative working with the following CCG’s in Greater Manchester.
Technical and organisational measures are in place to ensure the security and protection of personal confidential data. Robust access controls are in place to ensure only GPs are able to re-identify information about their individual patients with their consent when it is necessary for the provision of their care.
As a commissioning organisation we do not routinely hold medical records or patient confidential data. There are some specific areas, however, because of our assigned responsibilities where we do hold and use personal information. In order to process that information we will have met a legal requirement, in general this is where we have complied with one of the following:
The information is necessary for direct healthcare for patients
We have received consent from individuals to be able to use their information for a specific purpose
There is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime
There is a legal requirement that will allow us to use or provide information (e.g. a formal court order, statutory returns)
The areas where we use personal information and the legal basis and conditions use to do this are outlined below:
NHS Continuing Healthcare (CHC) applications
Article 6 (1)(e) - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
If you make an application for NHS Continuing Healthcare (CHC) funding we will use the information you provide and where needed request further information from care providers to identify eligibility for funding. If agreed, arrangements will be put in place to provide and pay for the agreed funding packages with appointed care providers.
This process is nationally defined; we follow a standard process and use standard information collection tools when assessing eligibility for CHC applications.
Individual Funding Requests
You or your doctor on your behalf can make an Individual Funding Request (IFR) for a treatment not routinely commissioned. We use the information you provide and if necessary request further information from care primary and secondary care providers to identify eligibility for funding. This process is carried out by a data processor who acts on our behalf. The Data Processor for this purpose is Greater Manchester Shared Services - Effective Use of Resources Team. Please note this does not include IFR’s for mental health, these are processed by the CCG directly.
For further information about Individual Funding Requests processed by the GMSS EUR, please email: firstname.lastname@example.org.
For further information about Individual Funding Requests for Mental Health, please contact the CCG.
Information is provided to care providers to ensure that adult and children's safeguarding matters are managed appropriately. Access to personal confidential data will be shared in some limited circumstances where it's legally required for the safety of the individuals concerned.
For the purposes of safeguarding children and vulnerable adults, personal and healthcare data is disclosed under the provisions of the Children’s Act 2014 and Care Act 2014.
Incident Management – Serious Incidents
Salford CCG is accountable for effective governance and learning following all Serious Incidents (SI’s). We work closely with all provider organisations as well as commissioning staff members to ensure all SI’s are reported and managed appropriately.
The Francis Report (February 2013) emphasised that commissioners should have a primary responsibility for ensuring quality, as well as providers.
Supporting Medicines Optimisation
The Medicines Optimisation Team work with GP practices to provide advice on medicines / prescribing queries and review prescribing of medicines to ensure that it is safe. In some cases, to ensure clinical safety, this may require the use of personal confidential data.
In cases where personal confidential data is required, this is done with the practice agreement. No data is removed from the practice’s clinical system and no changes are made to patient's records without permission from the GP. Patient records may sometimes be viewed remotely via secure encrypted laptops from the CCG's premises.
Where specialist support is required, for example, to advise community pharmacists to order a drug that comes in solid form, in gas or liquid form; CCG medicines optimisation pharmacists will provide advice on behalf of a GP to support your care. Personal confidential data is used for this purpose.
Personal confidential data is also used by our medicines optimisation team to review and authorise (if appropriate) requests for high cost drugs which are not routinely funded. In cases where personal confidential data is used, this is done with permission from the GP.
For information that may identify you (known as personal confidential data) we would only use in accordance with the:
The General Data Protection Regulation and the Data Protection Act 2018 requires us to have a legal basis if we wish to process any personal information.
NHS Care Record Guarantee – sets out high level commitments for protecting and safeguarding your information, particularly in regard to your rights to access your information, how information will be shared, how decisions on sharing information will be made and investigating and managing inappropriate access (audit trails)
NHS Constitution for England – this states that you have the right to privacy and confidentiality and to expect the NHS to keep your confidential information safe and secure
We also have to honour any duty of confidence attached to information and apply Common Law Duty of Confidentiality requirements. This will mean where a legal basis does not exist to use your personal or confidential information we will not do so.
We keep your information in written form and / or on a computer securely and confidentially.
The information held within these records depend on what is required in order to complete the process for which it is intended and will include basic personal details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments.
The CCG will use the services of the additional data processors, who will provide additional expertise to support the work of the CCG by adding value to the analyses of data that does not directly identify patients, as follows:
Data Processor 2
NHS Oldham CCG hosting:
Greater Manchester Shared Services
Ellen House, Waddington Street, Oldham, OL9 6EE
IT Services / Personal data for the purposes of the Effective Use of Resources process.
Data Processor 3
Salford Royal NHS Foundation Trust hosting:
Advancing Quality Alliance (AQuA), 3rd Floor, Gate House, Cross St, Sale, M33 7FT
No personal data is transferred to this Data Processor or received.
Data Processor 4
Salford Royal NHS Foundation Trust hosting:
Academic Health Sciences Network (Utilisation Management Team)
Salford Royal NHS Foundation Trust Data Centre, Stott Lane, Salford, M6 8HD
No personal data is transferred to this data processor or received
Article 9(2)(h) - Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems
Invoice validation is an important process which the CCG requests that NHS Oldham CCG hosting: Greater Manchester Shared Services carries out on their behalf. This involves using your NHS number to establish which CCG is responsible for paying for your treatment. The process also ensures that those who provide you with care are reimbursed correctly for the care and treatment they have provided. Greater Manchester Shared Services are registered as a Controlled financial environment which ensures that procedures and systems for managing invoices on behalf of the CCG is in line with national requirements.
NHS Shared Business Services – Finance and Accounting Services
Some provider invoices for patient care submitted to Clinical Commissioning Groups for payment are processed via NHS Shared Business Services. They provide support services for the NHS, providing finance and accounting solutions. NHS SBS also use offshore service provider called Sopra Steria who are based in India. Both NHS SBS and Sopra Steria have met the necessary information governance standards to process data overseas.
Purposes where consent is required
There are also other areas of processing undertaken where consent is required from you. Under GDPR, consent must be freely given, specific, you must be informed and a record must be made that you have given your consent, to confirm you have understood.
Patient and public involvement
Article 6 (1)(a) – Explicit Consent
If you have asked us to keep you regularly informed and up to date about the work of the CCG or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you consent to and share with us.
Where you submit or publish your details to us for involvement purposes, we will only use your information for this purpose and only with your written consent. You can contact us at any point to withdraw your consent for us to use your photograph, film and words for any new purposes.
Please remember that once an article is published and in circulation it may be copied and used by others (especially online). If you ask us to stop using your photo, film or words in the future we will comply with your request, but we cannot guarantee that other parties will do so.
To opt out of receiving updates or to withdraw your consent please contacting email@example.com
Subject Access Requests
If you have asked us for a copy of your data we will need your explicit, written consent (or your legal representative) before we proceed.
Complaints relating to the CCG
Complaints relating to CCG commissioned services
Article 9 (2)(h) - Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment or the management of health and social care systems
When we receive a complaint from a person about a commissioned service, we hold information about the complaint in our electronic files. This normally includes the identity of the complainant and any other individuals involved in the complaint. It may include special category data about individuals’ heath care.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
Before we proceed with handling a complaint we will obtain the explicit, written consent of the patient involved. We ensure they are aware of how and with whom their data may be shared by us, including if they have a representative they wish us to deal with on their behalf.
Privacy Notice - Covid-19 and Your Information
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available for you to view at www.salfordccg.nhs.uk/about-us/how-we-do-things/how-we-use-your-information entitled ‘Patient Privacy Notice.’
The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
In general as a commissioning organisation we do not process / hold much confidential personal information. However, that being said we recognise we have teams within the CCG that will due to the nature of their role. They are; the NHS Funded Care Team (also known as Continuing Healthcare), Safeguarding and Medicines Optimisation.
Please note that during this time it may also take us longer to respond to Right of Access requests (also known as Subject Access requests) and Freedom of Information requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information with other organisations. We may also be required to share personal confidential information with other organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
We may also use the details we have to send public health messages to you, either by phone, text or email.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms and this is highlighted via one of our team we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.
We hope that this Privacy Notice has been helpful in explaining how we may need to share your information in regards to the Covid-19 outbreak. If you have any further queries / or would like further information, please visit the following website:
Or contact us at:
Sharing your information with other organisations
We share anonymised information with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health. We would not share information about you unless:
•you have asked us to and given us permission;
•we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
•to protect children and vulnerable adults;
•when a formal court order has been served upon us; and/or
•the health and safety of others, for example to report an infectious disease like meningitis or measles
Sharing and linking data
NHS patients and social care service users may receive care and treatment from a number of different places. It is necessary to link this information together to provide the full picture needed to support the activities listed above. In effect, sharing information enables the NHS to improve its understanding of the most important health needs and the quality of the treatment and care we provide to you
We have entered into contracts with other NHS organisations to provide some services to us, which includes processing data on our behalf, including patient information and to provide Human Resources services for our staff. In these instances, we ensure that our partner agencies have contracts which outline that your information is processed under strict conditions and in line with the law. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure and the CCG is responsible for ensuring their staff are appropriately trained and that technical and operational procedures are in place to keep information secure and protect privacy.
Disclosure of Information
We will not disclose your information to organisations/individuals that are not involved in your care, without your permission, unless there are exceptional circumstances or a legal obligation such as;
•there is a risk of harm to someone or the wider community,
•the prevention or detection of a serious crime,
•where we are required to do so by law,
•reporting some infectious diseases.
In the event that we are obligated to release information as described above, this will only be done with the approval of our Caldicott Guardian.
.Keeping information secure and confidential
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff will receive appropriate training on confidentiality of information and staff who have regular access to personal confidential data will have received additional specialist training.
We take relevant organisational and technical measures to ensure the information we hold is secure – such as holding information in secure locations, restricting access to information to authorised personnel, protecting personal and confidential information held on equipment such as laptops with encryption.
Unless required to do so by law, we will not share, sell or distribute any of the information you provide to us with any third party organisations/individuals without your explicit consent.
Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing.
This person is called the *Caldicott Guardian, in NHS Salford CCG this is Francine Thorpe.
Your data is processed within the CCG and by other third parties as stated above who are UK based.
Processing outside of the UK
As detailed in the invoice validation section, NHS Shared Business Services use an offshore service provider called Sopra Steria who is based in India. NHS SBS have confirmed that Sopra Steria have met the necessary information governance standards to process data overseas.
We will not disclose any health information without an appropriate lawful principle, unless there are exceptional circumstances such as when the health or safety of others is at risk, where the law requires it, or to carry out a statutory functions i.e. reporting to external bodies to meet legal obligations.
The CCG hold data in accordance to the retention schedule in the Records Management Code of Practice 2016.
Destruction of data will only happen following a “review” of the information at the end of its retention period. Where data has been identified for disposal we have the following responsibilities:
You have the following rights over your data we hold.
Right of Access
You are entitled you to view/ ask for a copy of the information the CCG hold about you this is known as a Subject Access Request. We request that you provide this in writing / email to us with identification and provide adequate information to help us process your request. If we need further information, we will ask you to provide this.
There is no charge (subject to exemptions) to have a copy of the information held about you.
The CCG hold a limited amount of healthcare data as detailed above. To request access to GP records, please contact your GP practice and to request access to hospital records, please contact the hospital you attended for treatment / care.
You should also be aware that in certain circumstances, your right to see some details in your health records held by the CCG may be withheld. This may be because releasing the information could cause serious harm to your physical or mental health or if there is 3rd party information that cannot be released.
To request a copy of or request access to information we hold about you and / or to request information to be corrected if it is inaccurate, please contact:
NHS Salford Clinical Commissioning Group
St James House
Requests are handled in line with our Subject Access Requests (SAR) Procedure.
If posted, please ensure it is marked to the private and confidential and addressed to the CCG SAR Lead.
Right to Rectification
The correction of personal data when incorrect, out of date or incomplete which must be acted upon within 1 calendar month of receipt of such request. Please ensure the CCG has the correct contact details for you.
Right to Erasure (‘forgotten’)
Only if we have your explicit consent for any processing we do, you have the right to withdraw that consent at any time and have the right to request this data to be deleted / erased. Please note this will not apply where healthcare data is processed.
Right to Data Portability
Only if we have your explicit consent for any processing we do, you have the right to have data provided to you in a format you have requested such as an excel spreadsheet, csv file.
Right not to be subject to a decision based solely on automated processing
The CCG do not process data using this method, so this right will not apply to our data processing activities.
Right to object to processing
You have the right to object to processing. However please note if we can demonstrate compelling legitimate grounds which outweighs the interest of you then processing can continue. If we didn’t process any information about you and your health care (where the CCG process health data) it would be very difficult for us to care and treat you.
Objections to processing for secondary care purposes
The NHS Constitution states that "You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered".
In line with this there are choices you can make about how your information is used, and you can choose to opt out of your information being shared or used for any purpose beyond providing your care. Please note that choosing not to share your information may have an impact on your care and by sharing your information you can help to improve NHS services and the experience of treatment and care for all patients.
How to opt out
If you do not want your personal information being shared and used for purposes other than your care and treatment, then you should contact.
More information can be found on the link: https://www.nhs.uk/your-nhs-data-matters/
This should not affect the care and treatment you receive.
Information directly collected by the CCG
If you wish for the CCG to stop processing information about you (in any of the ways detailed above) please contact the CCG on:
(Please note this email account is accessed by a number of personnel therefore consider the information provided when contacting)
The CCG is a Data Controller and under the terms of Data Protection Regulation and are legally responsible for ensuring that all personal information we process is in compliance with the law. All data controllers must notify with the Information Commissioners Office (ICO) who is the UKs independent body set up to uphold information rights, of all personal information processing activities.
Salford CCG has dutifully notified and our ICO Notification number is ZA008141 you can access this notification via the ICO website at www.ico.org.uk.
If you feel that your personal data we hold at the CCG has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of personal data, please contact our Data Protection Officer at the following contact details. Under GDPR all public bodies must nominate a Data Protection Officer. The DPO is responsible for advising on compliance, training and awareness is the main point of contact with the Information Commissioner.
Data Protection Officer
Head of Business Information and Information Technology
St James House
If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact us at:
Senior Corporate Services Officer
NHS Salford Clinical Commissioning Group
St James House
To contact the Caldicott Guardian, please contact us at: firstname.lastname@example.org
(Please note this email account is accessed by a number of personnel therefore consider the information provided when contacting and please state that the email is for the Caldicott Guardian of Salford CCG).
For independent advice about data protection, privacy and data-sharing issues, you
can contact the Information Commissioners Office (ICO)
Personal confidential data is a term used in the Caldicott Information Governance Review and describes personal information about identified or identifiable individuals, which should be kept private or secret and includes dead as well as living people.
Information Commissioner’s Office – https://ico.org.uk/
HRA – https://www.hra.nhs.uk/
NHS Digital – Guide to Confidentiality in Health and Social Care - https://digital.nhs.uk/media/12822/Guide-to-confidentiality-in-health-and-social-care/pdf/HSCIC-guide-to-confidentiality.pdf
Information Governance Alliance – http://systems.digital.nhs.uk/infogov/iga
NHS Care Record Guarantee - http://systems.digital.nhs.uk/rasmartcards/documents/crg.pdf
The NHS Constitution - https://www.gov.uk/government/publications/the-nhs-constitution-for-england/the-nhs-constitution-for-england
Records Management Code of Practice for Health and Social Care 2016 - http://systems.digital.nhs.uk/infogov/iga/rmcop16718.pdf
Sharing your vital patient information is critical in supporting your care and treatment, especially in situations such as the COVID-19 pandemic. To support this, in Greater Manchester we’ve developed the GM Care Record to support your care wherever and whenever you may need it.
The GM Care Record allows workers in health or social care easy access to your patient information to help them understand your needs and to support them in making the best decisions for your care.
It shares important information about your health and care including:
The record includes patient information from across health and care including from your GP, hospitals and social care. It means that if you happen to end up in A&E, they can see what existing health issues you may have. Or it could mean that test results are shared much quicker with your GP through the record.
It’s an extension of integrated care records already live in each locality of Greater Manchester (e.g. Manchester Care Record, Bolton Care Record etc). However, it collates patient information from across Greater Manchester into one place, making it easily accessible for health and care workers to inform your care across health and care organisations.
The creation of the GM Care Record follows all the latest rules and legislation to ensure your data is protected and is only used for the purposed of your direct care.
Two years of technical development has been crammed into two months to support Greater Manchester’s response to Covid-19 and ultimately, the GM Care Record will provide a combined care record for all Greater Manchester’s 2.8m citizens.
Find out more at: https://healthinnovationmanchester.com/thegmcarerecord/