Information we hold

Your Information – what we hold, how we use it and keep it confidential and secure

This privacy notice tells you about information we collect and hold about you, what we do with it, how we will look after it and who we might share it with. It covers information we collect directly from you or receive from other individuals or organisations.

This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address in the “Further Information and Complaints” section, below.

We keep our privacy notice under regular review: it was last reviewed in September 2016.

Who we are

NHS Nottingham City Clinical Commissioning Group (CCG) has many different roles and responsibilities. A major part of our work is effective planning, buying and monitoring of services from healthcare providers, such as hospitals and GP Practices. This means making sure that the NHS services that people need locally are available and making sure that those services are high quality and value for money, and is known as “commissioning”.

For more information please see our about us section

Personal information we hold about you

As a commissioner, we do not routinely hold or have access to your medical records. However, we may need to hold some information about you, for example:

  • If you have made a complaint to us about healthcare that you have received and we need to investigate

  • If you have made a ‘subject access’ request for personal information held about you

  • If you ask us to provide funding for Continuing Healthcare or personal health budget services

  • If you ask us for our help or involvement with your healthcare, or where we are required to fund specific specialised treatment for a particular condition that is not already covered in our contracts with organisations that provide NHS care

  • If you ask us to keep you regularly informed and up-to-date about the work of the CCG, or if you are actively involved in our engagement and consultation activities or service user participation groups

  • In exceptional circumstances where our safeguarding staff are involved in the most serious cases.

Our records may include relevant information that you have told us, information provided on your behalf by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment. Our records may be held on paper or in a computer system.

NHS data that we receive about service users that we are responsible for

Organisations providing NHS services keep records that contain information about you and your health, and the care and treatment they have provided or plan to provide to you. This information is held as either paper or computerised records and is used to support decisions made by you and the healthcare professionals looking after you to make sure your care is safe and effective.

Hospitals and community organisations that provide NHS-funded care must submit certain information to NHS Digital (formerly known as the Health and Social Care Information Centre) about services provided to our service users. This information is generally known as ‘commissioning datasets’. These datasets are used in a format that does not directly identify you, for wider NHS purposes such as managing and funding the NHS, monitoring activity to understand and plan the health needs of the population and to gain evidence that will improve health and care through research.

The CCG obtains these datasets from NHS Digital which relate to service users for whom we have a commissioning responsibility. The datasets include information about the service users who have received care and treatment from those services that we are responsible for funding. The CCG is unable to identify you directly from these datasets: they do not include your name, home address or date of birth. However, information such as your NHS number or postcode, along with age, ethnicity and gender as well as coded information about any clinic or accident and emergency attendances, hospital admissions and treatment may be included.

More information about how this data is collected and used by NHS Digital is available on their website. 

We also receive datasets directly from NHS providers and GP Practices within our CCG membership but these are anonymised and do not identify you.

How we use your information

We use the following types of information/data:

• Identifiable - containing details that identify individuals

• Pseudonymised - about individuals, but with identifying details (such as name or NHS number) replaced with a unique code

• Anonymised - about individuals, but with identifying details removed

• Aggregated - anonymised information, grouped together so that it doesn't identify individuals


The CCG uses the data it receives for a number of purposes such as:

• To support your GP Practice to provide the most effective patient care and use of resources

• Performance managing contracts with our local hospitals and other providers of healthcare

• Reviewing the care delivered by providers to ensure service users are receiving quality and cost-effective care

• To prepare statistics on NHS performance to understand health needs and support service re-design, modernisation and improvement

• To help us plan future services to ensure they continue to meet the needs of our local population

• To reconcile claims for payments for services received in your GP Practice

• To audit NHS accounts and services.

When analysing current health services and proposals for developing future services, it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking primary care GP data with other data such as secondary uses service (SUS) data (inpatient, outpatient and A&E). In some cases there may also be a need to link local datasets which could include a range of acute-based services such as radiology, physiotherapy, audiology etc, as well as mental health and community-based services such as Improving Access to Psychological Therapies (IAPT), district nursing, podiatry etc. When carrying out this analysis, the linkage of these datasets is always done using a unique identifier that does not reveal a person’s identity as the CCG does not have any access to patient identifiable data (i.e. pseudonymised data).

We use pseudonymised, anonymised or aggregated data that cannot be linked back to your identity, wherever possible (this is known as de-identified data). However, there are limited circumstances when it is necessary for us to use identifiers, such as your NHS number. We will only do this if:

• The information is necessary for the direct healthcare of patients
• We have received explicit consent from individuals to be able to use their information for a specific purpose
• There is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime
• There is a legal requirement that will allow us to use or provide information (e.g. a formal court order or legislation)
• We have permission to do so from the Secretary of State for Health to use certain confidential patient information when it is necessary for our work, for purposes other than direct care.

To ensure that the NHS continues to run lawfully and efficiently, the Secretary of State for Health has given limited permission for us (and other NHS commissioners) to use certain confidential patient information without explicit consent, but only when it is necessary for the work listed above. We have to meet strict conditions that are set out in section 251 of the NHS Act 2006, and approval is given based on the advice of the Health Research Authority’s Confidentiality and Advisory Group

Invoice validation

Invoice validation is an important process in ensuring that your care is paid for correctly. It involves using your NHS number to check that we are the CCG that is responsible for paying for your treatment. We can also use your NHS number to check whether your care has been funded through specialist commissioning, which NHS England will pay for. 

The process makes sure that the organisations providing your care are paid correctly. All information with NHS numbers collected to validate invoices is held within a secure, controlled environment within the CCG. The use of personal data by CCGs for invoice validation has been approved by the Confidentiality Advisory Group of the Health Research Authority and it is anticipated this will be in place until at least end of March 2017. This approval provides the legal basis for the CCG to process personal data for invoice validation purposes.

Risk stratification and proactive care management

Risk stratification is a proactive case finding process for identifying and caring for patients with long term conditions, ill or at high risk of emergency hospital admission. NHS England encourages CCGs and GPs to use risk stratification tools to help them support patients with long-term conditions and to help prevent hospital admissions that could be avoided. Understanding the number of patients who are chronically ill and which conditions are most common will help us commission the right services to help prevent ill health and improve the quality of services.

Risk stratification tools use a mix of historic information about patients, such as age, gender, diagnoses and patterns of hospital attendance and admission as well as data collected in GP practices. The CCG will use data which cannot be tracked back to individuals to understand the local population needs. The GPs can use their data to identify which of their patients would benefit from a certain preventative service, and offer it to them.

We are committed to conducting risk stratification effectively, in ways that are consistent with the laws that protect your confidentiality. The use of personal data by CCGs and GPs for risk stratification has been approved by the Confidentiality Advisory Group of the Health Research Authority and it is anticipated this legal basis will be in place until at least end of March 2017.

If you do not wish your Personal Information to be included in any of these datasets, please contact us or your GP Practice to discuss the possible implications this may have for your care. Your GP Practice can apply a code to your records that will stop your information from being included – see “Your Rights”, below, for further details.

Complaints made to us

When we receive a complaint from a person, we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

We will publish service user stories anonymously, following upheld complaints, via our Governing Body. The service user stories will provide a summary of the concern, service improvements identified and how well the complaints procedure has been applied. Consent will always be sought from the service user, carer, or both, before we publish the service user story.

National registries

National registries (such as the Learning Disabilities Register) have statutory permission under Section 251 of the NHS Act 2006 to collect and hold service user identifiable information without the need to seek informed consent from each individual service user.

Clinical audit

Clinical audit can provide direct benefit to individuals ensuring that they are getting high quality and effective care, and indirect benefit to the population as a whole. Where identifiable data is needed for clinical audit purposes outside of your care team, we will always seek explicit consent to do so. 


Research can provide direct benefit to individuals who take part in medical trials, and indirect benefit to the population as a whole. Service user records can also be used to identify people to invite them to take part in clinical trials, other interventional studies or studies purely using information from medical records. Where identifiable data is needed for research, service users will be approached by the organisation where treatment was received, to see if they wish to participate in research studies. Your consent will be obtained by the organisation holding your records before identifiable information about you is disclosed for research.

Sometimes, research can be undertaken using information that does not identify you. The law does not require us to seek your consent in this case, but the organisation holding your information will make notices available on the premises and on the website about any research projects that are undertaken.

If you do not wish your information to be used for research, whether identifiable or non-identifiable, please let you GP Practice know. They will add a code to your records that will stop your information from being used for research.

How long we hold information for and our destruction arrangements 

All records held by the CCG will be kept for the duration specified by national guidance from the Department of Health, found in the Records Management Code of Practice for Health and Social Care 2016.

Data received from NHS Digital for commissioning purposes will be stored in accordance with the agreed contractual retention terms.

In all circumstances data will be retained in accordance with data protection requirements and ‘kept for no longer than is absolutely necessary’.

Once data is no longer required it will be destroyed securely:

For paper records or information this will be destroyed in line with international standards, incinerated, pulped or shredded, using a cross cutter. Where external confidential waste suppliers are used these will be under contract and assurance that destruction meets the necessary legal requirements and standards.

For digital media permanent destruction will be achieved by over writing the media a sufficient number of times or physical destruction of media by breaking it up into small pieces.

Sharing your information with other organisations or individuals (third parties)

If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.

We would not share information that identifies you unless;

• You have given us permission
• This is anonymised and therefore non personal data
• We are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
• It is necessary to protect children and vulnerable adults from harm
• A formal court order has been served upon us; and/or
• For the health and safety of others, for example to report an infectious disease like meningitis or measles.

Other organisations that provide services for us

We have entered into contracts with other NHS organisations to provide other services for us. These include holding and processing data including patient information on our behalf in provision of Information Technology (IT) services or providing human resources services for our staff. These services are subject to the same legal rules and conditions for keeping personal information confidential and secure. We are responsible for making sure that staff in those organisations are appropriately trained, that procedures are in place to keep information secure and protect privacy.

The CCG also has shared data management arrangements with the other five Nottinghamshire CCGs, the services that support this function are provided by a Joint Data Management Team (hosted by NHS Rushcliffe CCG). These services are also subject to the same legal rules and conditions for keeping personal information confidential and secure. Where possible a pseudonymisation technique (whereby identifiable information is replaced with an alias) is used so that those other NHS staff processing data on our behalf do not have access to information such as the NHS number and data cannot be tracked back to individuals.

We will not otherwise share, sell or distribute any of your personal information to any third party (other person or organisation) without your consent, unless required by law. Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK, unless rigorous checks on the security and confidentiality of that data are carried out in line with the requirements of the Data Protection Act 1998 (Principle 8).

Details of our Data Processors and the function that they carry out on our behalf can be found in Appendix A.

Protecting your privacy

We are committed to protecting your privacy and will only process personal information in accordance with the Data Protection Act 1998, the Human Rights Act 1998 and the common law duty of confidentiality. 

NHS Nottingham City CCG is a Data Controller under the terms of the Data Protection Act 1998 we are legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you is done in compliance with the eight Data Protection Principles. All data controllers must notify the Information Commissioner’s Office of all personal information processing activities. Our registration number is Z3632381 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website.

All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. We will only use the minimum amount of information necessary about you. Where possible we will use information that does not directly identify you, but when it becomes necessary for us to know or use personal information about you, we will only do this when we have either a legal basis or have your consent. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you, where it is appropriate to their role, and is strictly on a need-to-know basis.

The CCG has a Caldicott Guardian (see “Contact us”, below) who is a senior person responsible for protecting the confidentiality of service user information and enabling appropriate and lawful information sharing. There are specific processes which are followed to ensure the continuing security and confidentiality of information.

If you do not wish us to process or share your information

If you do not agree to certain information being processed or shared with us or by us, or have any concerns then please let us know. We may need to explain the possible impact this could have on our ability to help you, and discuss the alternative arrangements that are available to you.

Your rights

You have certain legal rights, including:

• to have your information processed fairly and lawfully
• to request access any personal information we hold about you
• the right to privacy, and to expect the NHS to keep your information confidential and secure
• to request that your confidential information is not used beyond your own care and treatment and to have your objections considered
• to request that any inaccurate data that we hold about you is corrected.

These are commitments set out in the NHS Constitution, for further information please visit:

Subject access requests and requests to correct errors

Individuals can find out if we hold any personal information about them by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

• Give you a description of it
• Tell you why we are holding it
• Tell you who it could be disclosed to; and
• Let you view or have a copy of your personal information in an intelligible form.

To make a request for any personal information we may hold you need to put the request in writing to the address provided below (see Contact us).

If we do hold information about you and you consider it to be inaccurate, you can ask us to correct any mistakes by, once again, contacting us at the address below.

We will only retain information for as long as necessary. Records are maintained in line with the Department of Health retention schedule which determines the length of time records should be kept.

Opting out

If you do not wish your data to be used for purposes beyond your direct care, there are two types of objections that you can ask your GP Practice to record:

Type 1 objections: patients can object to Personal Information about them leaving a General Practice in identifiable form for purposes other than direct care.

Type 2 objections: patients can object to Personal Information collected from healthcare providers by NHS Digital being used for purposes other than their direct care.

Type 1 and 2 objections will be respected, except in very limited circumstances such as:

• You have given explicit permission for a particular use of data (e.g. a research project)
• Data is anonymised and therefore non personal data
• We are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
• It is necessary to protect children and vulnerable adults from harm
• A formal court order has been served upon us
• For the health and safety of others, for example to report an infectious disease like meningitis or measles.

You have the right to refuse/withdraw consent to information sharing at any time. The possible consequences will be fully explained to you and could include delays in receiving care or omission from health screening programmes. If you wish to discuss withdrawing consent please contact us (see Contact us, below), or speak to your GP.

Contact us

If you have any questions or concerns regarding how we use your information, please contact us at:

You can contact NHS Nottingham City Clinical Commissioning Group at:

1 Standard Court
Park Row

Telephone: 0115 845 4545

The contact details for the CCG’s Caldicott Guardian are:

Sally Seeley, Director of Quality and Personalisation: This email address is being protected from spambots. You need JavaScript enabled to view it.

Complaints or questions

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Further information

The links below give more information about your rights and the ways that the NHS uses personal information:

NHS Care Record Guarantee
NHS Constitution
Confidentiality: The NHS Code of Practice
Health Research Authority’s Confidentiality and Advisory Group
An independent review named Information: To share or not to share? The Information Governance Review was conducted in 2012.
Better Data, Informed Commissioning, Driving Improved Outcomes: Clinical Data Sets provides more information about the data used to support commissioning
NHS England advice for CCGs and GPs on information governance and risk stratification
NHS Digital
The Information Commissioner (the Regulator for the Data Protection Act 1998, who can offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information)


docxAppendix A