Fair Processing/Privacy Notice

How your information is used

How We Share Your Information

Who we are

Dudley Clinical Commissioning Group (CCG) is responsible for securing, planning, designing and paying for your NHS services, including planned and emergency hospital care, mental health services, rehabilitation and community services.  This is known as commissioning. We need to use information about you to enable us to do this effectively, efficiently and safely.

For further information please refer to the ‘who we are’ page. http://www.dudleyccg.nhs.uk/our-board/

 

What is this Fair Processing/Privacy Notice about?

This Fair Processing/Privacy Notice is part of our programme to make transparent the data processing activities we are carrying out in order to deliver on our commissioning activities.

This Fair Processing/Privacy Notice tells you about information we collect and hold about you, what we do with it, how we will look after it and who we might share it with.

It covers information we collect directly from you or receive from other individuals or organisations.

This notice does not exhaustive. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent by email to emma.smith@dudleyccg.nhs.uk or by post to: Governance Team, Brierley Hill Health & Social Care Centre, Venture Way, Brierley Hill, West Midlands, DY5 1 RU

 

Reviews of and Changes to our Fair Processing/Privacy Notice

We will keep our Fair Processing/Privacy Notice under regular review. This FPN was last reviewed in October 2016 Version 9

 

What confidential information are we legally able hold about you

In the circumstances where we are required to hold or receive personal information we will only do this if:

  • The information is necessary for the direct healthcare of patients
  • We have received explicit consent from individuals to be able to use their information for a specific purpose
  • There is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime
  • There is a legal requirement that will allow us to use or provide information (e.g. a formal court order or legislation)
  • We have permission to do so from the Secretary of State for Health to use certain confidential patient information when it is necessary for our work and whilst changes are made to our systems that ensure de-identified information is used for all purposes other than direct care

The Health and Social Care Information Centre (HSCIC) has published a guide to confidentiality in health and social care that explains the various laws and rules about the use and sharing of confidential information.

 

Primary and Secondary Care Data

The NHS provides a wide range of services which involve the collection and use of information. Different care settings are considered as either ‘primary care’ or ‘secondary care’.  Primary care settings include GP practices, pharmacists, dentists and some specialised services such as including military health services.  Secondary care settings include local hospitals, rehabilitative care, urgent and emergency care (including out of hours and NHS 111), community and mental health services.

Throughout this Privacy Notice you will see reference to an organisation called NHS Digital who are the national provider of information, data and IT systems for commissioners (such as the CCG), analysts and clinicians in health and social care. NHS Digital provide information based on identifiable information passed securely to them by Primary and Secondary Care Providers who are legally obliged to provide this information.  The way in which NHS Digital collect and use your information can be found here:

 

Our Commitment to Data Privacy and Confidentiality Issues

We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the Common Law Duty of Confidentiality and the Human Rights Act 1998.

Dudley CCG is a Data Controller under the terms of the Data Protection Act 1998 we are legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you is done in compliance with the 8 Data Protection Principles.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is Z3548596 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website

Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.

We would not share information that identifies you unless we have a fair and lawful basis such as:

  • You have given us permission;
  • To protect children and vulnerable adults;
  • When a formal court order has been served upon us;
  • and/or
  • When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
  • Emergency Planning reasons such as for protecting the health and safety of others;
  • When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals.

All information that we hold about you will be held securely and confidentially.  We use administrative and technical controls to do this.  We use strict controls to ensure that only authorised staff are able to see information that identifies you.  Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis.

All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

We will only use the minimum amount of information necessary about you.

We will only retain information in accordance with the schedules set out in the Records Management Code of Practice for Health and Social Care 2016 which concentrates on the management of records through their lifecycle, i.e. from creation to eventual archiving or destruction.

 

Overseas Transfers

 Your information will not be sent outside of the United Kingdom where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.

 

Your Rights 

You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal confidential data we hold about you.

You have the right to privacy and to expect the NHS to keep your information confidential and secure.

You also have a right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered.

These are commitments set out in the NHS Constitution, for further information please visit

https://www.gov.uk/government/publications/the-nhs-constitution-for-england

You have the right to withdraw consent to us sharing your personal information if you do not wish us to process or share your information

If you do not agree to certain information being processed or shared with us or by us, or have any concerns then please let us know. We may need to explain the possible impact this could have on our ability to help you and discuss the alternative arrangements that are available to you.

You have the right to refuse/withdraw consent to information sharing at any time.  The possible consequences can be fully explained to you and could include delays in receiving care. If you wish to discuss withdrawing consent please contact us on Governance Team, Tel: 01384 322040 or

Email: emma.smith@dudleyccg.nhs.uk

 

What is the patient opt-out?

The NHS Constitution states “You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered”. If you do not wish your confidential information to be used for anything except your direct health care you are able to ‘opt-out’. As your data may be used in a variety of ways and for a variety of purposes you are able to opt-out of some of these but remain ‘in’ for others e.g. you may not wish a sub-set of your data being uploaded to the National Spine so you would opt-out of this, but may wish your anonymised data to be used for research purposes so you would not opt-out of this. You can discuss this with your GP Practice who will explain the different options you have.

There may be occasions when it is not possible to exercise your right to “opt out”, such as when we have an obligation by law or for the purposes of safeguarding adults and children.

There are several forms of opt- outs available at different levels. These include for example:

        a) Information directly collected by the CCG:

Your choices can be exercised by withdrawing your consent for the sharing of information that identifies you, unless there is no overriding legal obligation

        b) Information not directly collected by the CCG, but collected by organisations that provide NHS services.

 

Type 1 opt-out

If you do not want personal confidential data information that identifies you to be shared outside your GP practice, for purposes beyond your direct care you can register a type 1 opt-out with your GP practice. This prevents your personal confidential information from being used other than in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease.

Patients are only able to register the opt-out at their GP practice.

Records for patients who have registered a type 2 opt-out will be identified using a particular code that will be applied to your medical records that will stop your records from being shared outside of your GP Practice.

Type 2 opt – out

The Health and Social Care Information Centre (HSCIC) collects information from a range of places where people receive care, such as hospitals and community services.

To support those NHS constitutional rights, patients within England are able to opt out of their personal confidential data being shared by the HSCIC for purposes other than their own direct care, this is known as the ‘Type 2 opt-out’

If you do not want your personal confidential information to be shared outside of the HSCIC, for purposes other than for your direct care you can register a type 2 opt-out with your GP practice.

Patients are only able to register the opt-out at their GP practice.

 

Further Information and Support about Type 2 opt-outs

For further information and support relating to type 2 opt-outs please contact  the HSCIC contact centre at enquiries@hscic.gov.uk referencing ‘Type 2 opt-outs – Data requests’ in the subject line; or

Alternatively, call the HSCIC on (0300) 303 5678; or

Alternatively visit the website http://www.hscic.gov.uk/article/7092/Information-on-type-2-opt-outs.

 

Complaints or questions

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. Contact details for complaints to either ourselves or the ICO can be found at the end of this notice.

Subject Access Requests

Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information in an intelligible form.

To make a request to any personal information we may hold you need to put the request in writing to our contact address provided further below.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting us at the contact address further below.

 

Confidentiality Advice and Support

The CCG has a Caldicott Guardian who is a senior person responsible for protecting the confidentiality of service user and service user information and enabling appropriate and lawful information-sharing.

The CCG’s Caldicott Guardian is Dr Jonathan Darby and he can be contacted via the contact details at the end of this notice.

 

Personal Information we collect and hold about you

As a commissioner, we do not routinely hold or have access to your medical records.  However, we may need to hold some personal information about you, for example:

  • if you have made a complaint to us about healthcare that you have received and we need to investigate
  • if you ask us to provide funding for Continuing Healthcare services
  • if you ask us for our help or involvement with your healthcare, or where we are required to fund specific specialised treatment for a particular condition that is not already covered in our contracts with organisations that provide NHS care.
  • if you ask us to keep you regularly informed and up-to-date about the work of the CCG, or if you are actively involved  in our engagement and consultation activities or service user participation groups

Our records may include relevant information that you have told us, or information provided on your behalf by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment.

Our records may be held on paper or in a computer system. The types of information that we may collect and use include the following:

 

Personal Confidential Data: This term describes personal information about identified or identifiable individuals, which should be kept private or secret. For the purposes of this guide ‘personal’ includes the DPA definition of personal data, but it is adapted to include dead as well as living people. ‘Confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’ and is adapted to include ‘sensitive’ as defined in the Data Protection Act. Used interchangeably with ‘confidential’ in this document.

 

Pseudonymised Information: This is Personal Confidential Data that has undergone a technical process that replaces your identifiable information such as a NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual patient to those working with the data.

 

Anonymised Information: This is data rendered into a form which does not identify individuals and where there is little or no risk of identification (identification is not likely to take place).

 

Invoice Validation

Invoice validation is an important process. It involves using your NHS number, as an identifier and other identifiable data to check that we are the CCG that is responsible for paying for your treatment. We can also use this information to check whether your care has been funded through specialist commissioning, which NHS England will pay for. The process makes sure that the organisations providing your care are paid correctly.

Any information utilised for the purposes of invoice validation will only be retained for the length of time required to validate the invoice to which it relates. After this time the information will be securely destroyed by the CCG.

Legal Basis

A Section 251 approval from the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority enables the Arden and GEM CSU CEfF (see below) to process identifiable information without consent for the purposes of invoice validation within a Controlled Environment for Finance – CAG 7-07(a)(b)(c)/2013.

 

Our Uses of Information

Although this is not an exhaustive detailed listing, the following table lists key examples of the purposes and rationale for why we collect and process information:

 

Complaints

To process your personal information if it relates to a complaint where you have asked for our help or involvement.

Type of Information Used

Identifiable

Legal Basis

We will need to rely on your explicit consent to undertake such activities.

Complaint Processing Activities

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute.

If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with NHS retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

We will publish service user stories, following upheld complaints, anonymously via our governing body. The service user stories will provide a summary of the concern, service improvements identified and how well the complaints procedure has been applied.  Consent will always be sought from the service user and carer or both before we publish the service user story.

Opt out details

If you do not want information identifying you to be disclosed we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

 

Funding treatments

We will collect and process your personal information where we are required to fund specific treatment for you for a particular condition that is not already covered in our contracts.

This may be called an “Individual Funding Request” (IFR).

Type of Information Used

Identifiable – to make payments

Anonymous – to provide reports for analysis of payments made

Legal Basis

The clinical professional who first identifies that you may need the treatment will explain to you the information that we need to collect and process in order for us to assess your needs and commission your care and gain your explicit consent.

How We Collect and Use Information in relation to Funding Treatments

Information required to make payments in relation to Funding Treatments is provided by you, along with relevant information from primary and secondary care with regard to the referral for specialist treatment.

Opt out details

Payments will not be able to be made if you choose not to provide identifiable information. Alternative arrangements will need to be considered.

 

Continuing Healthcare

We will collect and process your identifiable information where you have asked us to undertake assessments for Continuing Healthcare (a package of care for those with complex medical needs) and commission resulting care packages.

Type of Information Used

Identifiable

Legal Basis

The clinical professional who first sees you to discuss your needs will explain to you the information that they need to collect and process in order for us to assess your needs and commission your care and gain your explicit consent.

How We Collect and Use Information in relation to Continuing Healthcare

The assessment team will collect, use, share and securely store information from / with the Local Authority (Social Services) and other organisations or individuals that are either directly or indirectly involved in the assessment, decision making process, the arranging of care, the funding and payment of care and appropriate monitoring of and audit of the safety and quality of care.

Data Processing Activities

The CCG has engaged the services of NHS Arden and Greater East Midlands Commissioning Support Unit to provide this service on our behalf.

Opt out details

A Continuing Healthcare Assessment will not be able to be carried out if you choose not to provide identifiable information. Alternative arrangements will need to be considered.

 

Safeguarding

We will collect and process identifiable information where we need to assess and evaluate any safeguarding concerns.

Type of Information Used

Identifiable

Legal Basis

Because of public Interest issues, e.g. to protect the safety and welfare of vulnerable children and adults, we will rely on a statutory basis rather than consent to process information for this use

How We Collect and Use Information in relation to Safeguarding

The CCG may receive information relating to Safeguarding concerns from yourself directly or relatives or through notification of concerns from other Health and Social Care organisations. All Health and Social Care professionals have a legal requirement to share information with appropriate agencies where Safeguarding concerns about children or adults have been received.  Where it is appropriate to do so the sharing organisations will keep you informed of when information is required to be shared to provide with assurance regarding the security of that sharing and the benefit to you or the person you are raising Safeguarding concerns about. Access to this information is strictly controlled and where there is a requirement to share information e.g with police or social services, all information will be transferred safely and securely ensuring that only those with a requirement to know of any concerns are appropriately informed.

Opt out details

We have a legal requirement to provide information where there are Safeguarding concerns due to public interest issues, e.g. to protect the safety and welfare of vulnerable children and adults.

 

Risk stratification

Risk stratification is a process for identifying and managing patients who are at high risk of emergency hospital admission.

Type of Information Used

Different types of data are legally allowed to be used by different organisations within, or contracted to, the NHS.

Identifiable – when disclosed from GP Practices and NHS Digital to a Risk Stratification supplier (see below, Data Processing Activities)

Aggregated – the CCG can only receive this information in format which cannot identify you.

Pseudonymised – GP’s are provided with pseudonymised data for risk stratification planning purposes, however, where a direct care impact is identified on a patient through the process the GP will be able to re-identify the patient concerned.

Legal Basis

We are committed to conducting risk stratification effectively, in ways that are consistent with the laws that protect your confidentiality.

The use of identifiable data by CCGs and GPs for risk stratification has been approved by the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority and this approval has been extended to April 2017.

Commissioning Benefits

Typically this is because patients have a long term condition such as Chronic Obstructive Pulmonary Disease. NHS England encourages CCGs and GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable admissions.

Knowledge of the risk profile of our population will help the CCG to commission appropriate preventative services and to promote quality improvement in collaboration with our GP practices.

Data Processing activities for Risk Stratification

The service provider for Risk Stratification purposes for Dudley registered patients is EMIS Health which uses your NHS number as a unique identifier.

The risk stratification tool use various combinations of historic information about patients, for example, age, gender, diagnoses, patterns of hospital attendance and admission and primary care data collected in GP practice systems.

All data is held within the EMIS Web system which the CCG will use pseudonymised information to understand the local population needs, whereas GPs will be able to identify which of their patients, by the use of your NHS number as the identifier, are at risk in order to offer a preventative service to them.

The risk scores are only made available to authorised users within the GP Practice where you are registered via a secure portal.

This portal allows only the GPs to view the risk scores for the individual patients registered in their practice in identifiable form.

If you do not wish information about you to be included in our risk stratification programme, please contact your GP Practice.  They can add a code to your records that will stop your information from being used for this purpose.

 Opt out details

Type 1 and Type 2 opt-outs apply.

Additionally, your GP practice can apply a code which will stop your identifiable information being used for this purpose.

Further information about risk stratification is available from: https://www.england.nhs.uk/ourwork/tsd/ig/risk-stratification/

 

Patient and Public Involvement

If you have asked us to keep you regularly informed and up to date about the work of the CCG or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you share with us.

Type of Information Used

Identifiable

Legal Basis

We will rely on your consent for this purpose

Benefits

Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.

Opt out details

You can opt out at any time by contacting us

 

Commissioning

To collect NHS data about service users that we are responsible for.

Type of Information Used

Different types of commissioning data are legally allowed to be used by different organisations within, or contracted to, the NHS.

Identifiable – when disclosed from Primary and Secondary Care Services to NHS Digital

Aggregated – the CCG can only receive this information in aggregated format which does not identify individuals

Legal Basis

Our legal basis for collecting and processing information for this purpose is statutory.

Processing Activities

Hospitals and community organisations that provide NHS-funded care must submit certain information to the Health and Social Care Information Centre (HSCIC) about services provided to our service users. This data is held securely and processed by a system called the Secondary Uses Service (SUS) which anonymises the data so that we, the CCG, cannot identify any patients by the data we receive from SUS.

This information is generally known as commissioning datasets. The CCG obtains these datasets from the HSCIC and they relate to service users registered with GP Practices that are members of the CCG.

These datasets are then used in a format that does not directly identify you, for wider NHS purposes such as managing and funding the NHS, monitoring activity to understand and plan the health needs of the population and to gain evidence that will improve health and care through research.

The datasets include information about the service users who have received care and treatment from those services that we are responsible for funding. The CCG is unable to identify you from these datasets. They do not include your name, home address, NHS number, post code or date of birth.  Information such as your age, ethnicity and gender as well as coded information about any clinic or accident and emergency attendances, hospital admissions and treatment will be included.

The specific terms and conditions and security controls that we are obliged to follow when using those commissioning datasets can also be found on the HSCIC website.

More information about how this data is collected and used by the Health and Social Care Information Centre (HSCIC) is available on their website http://www.hscic.gov.uk/patientconf

We also receive similar information from GP Practices within our CCG membership that does not identify you. We use this dataset for a number of purposes such as:

Performance managing contracts;

  • Reviewing the care delivered by providers to ensure service users are receiving quality and cost effective care;
  • To prepare statistics on NHS performance to understand health needs and support service re-design, modernisation and improvement;
  • To help us plan future services to ensure they continue to meet our local population needs;
  • To reconcile claims for payments for services received in your GP Practice;
  • To audit NHS accounts and services;

Opt out details

Type 1 and Type 2 opt-outs apply.

If you do not wish your information to be included in these datasets, even though it does not directly identify you to us, please contact your GP Practice and they can apply a code to your records that will stop your information from being included.

The specific terms and conditions and security controls that we are obliged to follow when using those commissioning datasets can also be found on NHS Digital website.

More information about how this data is collected and used by NHS Digital is available on their website http://www.hscic.gov.uk/patientconf

 

National Registries

National Registries (such as the Learning Disabilities Register) have statutory permission under Section 251 of the NHS Act 2006, to collect and hold service user identifiable information without the need to seek informed consent from each individual service user.

Type of Information Used

Identifiable and pseudonymised – dependant on purpose.

Legal Basis

A Section 251 approval from the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority enables NHS Digital to process identifiable information without consent for the purposes of approved National Registries.

How We Collect and Use Information in relation to National Registries

The GP Practices within our CCG membership provide this information to NHS Digital using a secure transfer method.

Opt out details

Type 1 and Type 2 opt-outs apply.

Additionally, your GP practice can apply a code which will stop your identifiable information being used for this purpose.

 

Research

To support research oriented proposals and activities in our commissioning system

Type of Information Used

Identifiable and anonymised – dependant on the purpose.

Legal Basis

Your consent will be obtained by the organisation holding your records before identifiable information about you is disclosed for any research.

Sometimes research can be undertaken using information that does not identify you. The law does not require us to seek your consent in this case, but the organisation holding your information will make notices available on the premises and on the website about any research projects that are undertaken.

Benefits

Researchers can provide direct benefit to individuals who take part in medical trials and indirect benefit to the population as a whole.

Service user records can also be used to identify people to invite them to take part in clinical trials, other interventional studies or studies purely using information from medical records.

Processing Activities 

Where identifiable data is needed for research, service users will be approached by the organisation where treatment was received, to see if they wish to participate in research studies.

Opt out details

Where consent is required to take part in a research project you will also be provided with details by the organisation holding your records on how to opt out at any time.

Where s251 approval has been granted you can request that your identifiable information is not included. The Register of current s251 approval across England and Wales can be found here:

The organisation holding your records will provide notices on their premises and websites about any research projects being undertaken which will provide opt out details.

Your GP practice can apply a code which will stop your identifiable information being used for this purpose.

 

Other organisations who provide support services for us

This involves other organisations processing data on our behalf.

Legal Basis

We have entered into contracts with other NHS organisations to provide some services for us or on our behalf. These organisations are known as “data processors”.

Below are details of our data processors and the function that they carry out on our behalf:

  • Arden & GEM CSU – Individual Funding Requests
  • Iron Mountain – Archiving of Records
  • 360 Assurance – Internal Audit related purposes
  • NHSLA – Claims Management
  • Datashred – The CCG’s Confidential Waste Disposal Company
  • Dudley MBC – Assessments and evaluation of safeguarding concerns for individuals through the Dudley Multi Agency Safeguarding Hub (MASH)
  • Qualified Clinicians – Incident investigation by appointed specialists
  • Midlands & Lancashire CSU – To identify specific patient groups and enable clinicians with the duty of care for the patient to offer appropriate care and treatment; this is known as risk stratification
  • University Hospitals Birmingham NHS Trust – Staff Payroll & Occupational Health Services

 

Midlands & Lancashire CSU are an NHS England approved Data Services for Commissioning Regional Office (DSCRO). They provide a secure and compliant data processing function of health and social care data sets. This type of processing is to support commissioning, planning, risk stratification, patient care and paying and validating invoices. The output data from this process will be anonymised or pseudonymised. The CCG does not receive any personal identifiable information from this service.

Benefits

These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.

Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.


Contact us

If you have any questions or concerns regarding how we use your information, please contact us at:

 

Governance Team

Brierley Hill Health & Social Care Centre,

Venture Way, Brierley Hill,

West Midlands, DY5 1 RU

Phone: 01384 322040

Email: emma.smith@dudleyccg.nhs.uk

 

For independent advice about data protection, privacy and data-sharing issues, you can contact the:

 

Information Commissioner

Wycliffe House, Water Lane,

Wilmslow, Cheshire, SK9 5AF.

Phone: 08456 30 60 60 or 01625 54 57 45

Website: www.ico.gov.uk

 

 

Further information

Further information about the way in which the NHS uses personal confidential data and your rights in that respect can be found in:

 

 

http://www.hscic.gov.uk/confguideorghttp://www.hscic.gov.uk/confguideorghttp://www.hscic.gov.uk/confguideorghttp://www.hscic.gov.uk/confguideorg

 

 

 

  • Please visit the Health and Social Care Information Centre’s website for further information about their work. Information about their responsibility for collecting data from across the health and social care system can be found at: http://www.hscic.gov.uk/collectingdata

 

  • The Information Commissioner’s Office is the Regulator for the Data Protection Act 1998 and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information. For further information please visit the Information Commissioner’s Office website at http://www.ico.org.uk.

 

  • The Heath Research Authority (HRA) has been established to promote and protect the interests of patients, streamline regulation and promote transparency in health and social care research. http://www.hra.nhs.uk

 

 

 

Click to view our latest video

Patient Opinion