Home  »  About us  »  Our policies  »  Fair processing notice

Fair processing notice

What is a fair processing notice?

A fair processing notice is a statement that individuals are given when information is collected about them. It explains who we are, what we do, what happens to the information we collect about you and also who it is shared with. Its primary purpose is to make sure that information is collected and used fairly and to communicate this to you in an understandable way.

A commitment to protecting your rights to confidentiality

We are committed at all times to protecting your privacy and will only use information ethically and lawfully in accordance with the Data Protection Act 1998, the Human Rights Act 1998 and the common law duty of confidentiality.
All NHS organisations have to follow the principles and values set out in the NHS Constitution when using and sharing confidential personal information.
The following explains why we use information, who we share it with, how we protect your confidentiality and your legal rights and choices.
We want patients to understand:

• How the CCG uses and shares information
• How GPs use and share your information
• Your health record, what it contains and how you can access it
• When you can choose to opt-out

The HSCIC has produced a guide that explains the laws and rules about the use and sharing of confidential information. You can find the guide here.

Your information – what you need to know

Who are we?

Bedfordshire Clinical Commissioning Group
Capability House
MK45 4HR

What do we do
We are responsible for buying health services for the population of Bedfordshire from providers such as:
• GP Practices
• Hospitals
• Dentists
• Pharmacists

We also monitor the performance of the services which includes responding to any concerns from our patients may have about the service they have received.

Why we collect information about you

As part of this role, we may collect information about you which helps us respond to your queries or to help secure specialist services you may need. We may keep your information is paper form and on a computer. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments.

How your records are used to help the NHS
Your information may be used to help us identify the health needs of the general population in Bedfordshire/Luton so we can make informed decisions about future services. Your data may also be used to conduct research and development as well as monitoring the performance of your local NHS.

When data is used for statistical analysis, confidentiality is maintained and tightly controlled processes are used to ensure that patients cannot be identified.

Should the use of anonymised data not be suitable - personal identifiable data may be used but only when it is required for direct patient care. This is only done when absolutely necessary and always with your consent.

There may be times when personal data is shared when for example the law requires us to or it is passed on to improve public health or is in the public interest.


Keeping your records confidential
Everyone who works for the NHS is subject to the Common Law Duty of Confidentiality and the Data Protection Act.

Information provided in confidence will only be used for the purposes advised and consented to by the patient, unless there are other circumstances covered by the law.
Under the NHS Confidentiality Code of Conduct, all staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

The NHS has produced a leaflet and video called “Better information means better care” which explains how information is shared:

Other organisations we may share your data with
We may share your information for health purposes with other organisations such as:
Where necessary or required we share information with:
• our patients
• family, associates and representatives of the person whose personal data we are processing
• staff
• current, past or potential employers
• healthcare social and welfare organisations
• suppliers, service providers, legal representatives
• auditors and audit bodies
• educators and examining bodies
• survey and research organisations
• people making an enquiry or complaint
• financial organisations
• professional advisers and consultants
• business associates
• police forces
• security organisations
• central and local government
• voluntary and charitable organisations

Specific organisations we share with

• MedeAnalytics
• South Central and West Commissioning Support Unit
• North East London Commissioning Support Unit

Why do we share data with these organisations?
We process personal information to enable us to provide healthcare services for patients, personal information data sharing and data matching under the national fraud initiative; research; supporting and managing our employees, maintaining our accounts, records and auditing; advertising, marketing and public relations; education; consultancy and advisory services; information and databank administration and the use of CCTV systems for crime prevention.

Type/classes of information processed
We process information relevant to the above reasons/purposes. This may include:
• personal details
• family details
• education, training and employment details
• financial details
• goods and services
• lifestyle and social circumstances
• visual images, personal appearance and behaviour,
• details held in the patients record
• responses to surveys

We also process sensitive classes of information that may include:
• racial and ethnic origin
• offences and alleged offences
• criminal proceedings, outcomes and sentences
• trade union membership
• physical or mental health details
• religious or similar beliefs
• sexual life

Who the information is processed about

We process personal information about:
• our patients
• suppliers
• employees
• complainants, enquirers
• survey respondents
• professional experts and consultants
• individuals captured by CCTV images

There are some circumstances when we are required by law to report certain information to the appropriate authorities. These include:

• Notification of births
• Infectious diseases which may be a danger to others (please note that HIV/AIDS is not included here)
• Where a formal court order has been issued.

Sharing your information with non-NHS organisations
Occasionally we may need to share your data with non-NHS organisations from which you receive care. This will always be done with your consent.

Your right to withdraw consent for us to share your personal information
At any time, you have the right to refuse or withdraw consent to us sharing your data. The possible consequences of this will be explained to you but could result in delays to your receiving care.

Information Sharing agreements
The organisation is bound by a number of information sharing agreements which are in place to ensure data is shared in an appropriate manner and one which meets current legislation. These may be NHS and non-NHS organisations and may include, but are not restricted to:
• Social services
• Education services
• Local authorities
• Police
• Public health

We may be asked to share basic information about you for direct patient care. This includes your name and address. This allows these organisations to perform their statutory duties. In these circumstances where it is not practical to obtain your explicit consent we inform you of this via this Privacy Notice under the Data Protection Act.

Accessing your records
Under the Data Protection Act 1998 you have the right to see your health records. You do not have to give a reason but you may be charged a fee. If you wish to see your records you should make a written request to the organisation where you are being (or have been) treated.

Can I see my own records?
Under the Data Protection Act 1998 you have the right to see or have a copy of your health records. You do not need to give a reason for this, but it is possible you will charged a fee to do so. If you wish to view your records you should make a written request to the NHS unit where you are being (or have been) treated.

Protecting your confidentiality
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. All NHS organisations are required to have a Caldicott Guardian in post.

The Caldicott Guardian for Bedfordshire CCG is Jane Meggitt.

More information about the role of the Caldicott Guardian.

May 2016


Site design and maintenance by CRB Associates