Privacy Notice: NHS Digital

NHS Digital is the secure haven for NHS patient data, a single secure repository where data collected from all branches of the NHS is processed.

NHS Digital provides reports on the performance of the NHS, statistical information, audits, and patient outcomes. Visit NHS Digital to learn more

Examples include A&E and outpatient waiting times, the numbers of staff in the NHS, percentage target achievements, payments to GPs etc and more specific targeted data collections and reports such as the Female Genital Mutilation, general practice appointments data and English National Diabetes Audits. GPs are required by the Health and Social Care Act to provide NHS Digital with information when instructed.

Additionally, GP practices are required by law to provide data extraction of their patients' personal confidential information for various purposes to NHS Digital. The objective of this data collection is on an ongoing basis to identify patients registered at General Practices who fit within a certain criterion, in order to monitor and either provide direct care or prevent serious harm to those patients.

Below is a link to the differing purposes for the data extraction, by using the link you can find out the detail behind each data extraction and how your information will be used to inform this essential work: Data collection and curation - NHS Digital

This is a legal obligation which overrides any patient wishes. These instructions are called “Directions”. More information on the directions placed on GPs can be found using the link above.

1) Controller contact details

The Westwood Surgery
24 Westwood Lane 
Welling 
Kent
DA16 2HE
020 8303 5353

2) Data Protection Officer contact details

GP Data Protection Officer
gpdpo@selondonics.nhs.uk

3) Purpose of the processing

To provide the Secretary of State and others with information and reports on the status, activity and performance of the NHS. 

4) Lawful basis for processing

The legal basis will be

Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.”

And

Article 9(2)(h) “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”

OR

When we are directed or requested to establish information systems for the collection and analysis of information under sections 254 and 255 of the Health and Social Care Act 2012:

All GP Practices in England are legally required to share data with NHS Digital for this purpose under section 259(1)(a) and (5) of the 2012 Act Further detailed legal basis can be found in each link.

5) Recipient or categories of recipients of the processed data

The data will be shared with NHS Digital according to directions which can be found at Data collection and curation - NHS Digital

6) Rights to object

You have the right to object to some or all of the information being shared with NHS Digital. Contact the Controller or the practice.

7) Right to access and correct

You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.

8) Retention period

The data will be retained for active use during the processing and thereafter according to NHS Policies and the law.

9) Right to Complain.

You have the right to complain to the Information Commissioner's Office

Or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)