Who we are
East Riding Clinical Commissioning Group (CCG) is responsible for securing, planning, designing and paying for your NHS services, including planned and emergency hospital care, mental health services, rehabilitation and community services. We need to use information about you to enable us to do this effectively, efficiently and safely. For more detailed information please click here.
This page provides information:
How we use your information
Reviews of and Changes to our Privacy Notice
Types of Information we collect and hold about you
Legal obligations to collect and use information
Primary and Secondary Care Data
Our Commitment to Data Privacy and Confidentiality Issues
Confidentiality Advice and Support
Details of information collected and used for specific purposes
Sharing information - with external health and social care organisations
Trade Union (Facility Time) Regulations 2017
How to contact us
This Privacy Notice (or sometimes called Privacy Notice) tells you about the information we collect and hold about you, what we do with it, how we will look after it and who we might share it with. It also explains the choices you can make about the way in which your information is used and how you can opt-out of any sharing arrangements that may be in place.
It covers information we collect directly from you or collect indirectly from other individuals or organisations for the CCG’s registered population.
This notice is not exhaustive. However, we are happy to provide any additional information or explanation needed – see our contact details at the end of this notice.
This Privacy Notice applies to all information held by the CCG relating to individuals, whether you are a patient, service user or a member of staff.
We will keep our privacy notice under regular review. This privacy notice was last reviewed in March 2017.
We need to use information in various forms about you and will only use the minimum amount of information necessary for the purpose. Where possible, we will use information that does not identify you.
The CCG processes several different types of information:
1. Identifiable – containing details that identify individuals. The following are data items that are considered identifiable: name, address, NHS Number, full postcode, date of birth
2. Pseudonymised information - individual-level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity
3. Anonymised – about individuals but with all identifying details removed
4. Aggregated – statistical information about multiple individuals that has been combined to show general trends or values without identifying individuals within the data.
Our records may be held on paper or in a computer system.
Whilst we have made this Privacy Notice as easy to read and understandable for you as we can there are some legal concepts / terms which will be used further in the Notice which may require further explanation. These are explained in Further Definitions and Terms.
In the circumstances where we are required to use personal identifiable information we will only do this if:
- The information is necessary for your direct healthcare, or
- We have received explicit consent from you to use your information for a specific purpose, or
- There is an overriding public interest in using the information:
- in order to safeguard an individual,
- to prevent a serious crime o in the case of Public Health or other emergencies, to protect the health and safety of others, or
- There is a legal requirement that allows or compels us to use or provide information (e.g. a formal court order or legislation), or
- We have permission from the Secretary of State for Health to use certain confidential patient identifiable information when it is necessary for our work
The NHS provides a wide range of services which involve the collection and use of information. Different care settings are considered as either ‘primary care’ or ‘secondary care’. Primary care settings include GP practices, pharmacists, dentists and some specialised services such as military health services. Secondary care settings include local hospitals, rehabilitative care, urgent and emergency care (including out of hours and NHS 111), community and mental health services. Throughout this Privacy Notice you will see reference to an organisation called NHS Digital. They are the national provider of information, data and IT systems for commissioners (such as the CCG), analysts and clinicians in health and social care. NHS Digital provides information based on identifiable information passed securely to them by Primary and Secondary Care Providers who are legally obliged to provide this information. The way in which NHS Digital collect and use your information can be found here.
We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the Common Law Duty of Confidentiality and the Human Rights Act 1998. The various laws and rules about using and sharing confidential information, with which the CCG will comply, are available in “A guide to confidentiality in health and social care” which is published on the NHS Digital website.
East Riding Clinical Commissioning Group East Riding CCG is a Data Controller under the terms of the Data Protection Act 1998 we are legally responsible for ensuring that whenever we collect, use, hold, obtain, record or share personal confidential data about you, we do it in compliance with the 8 Data Protection Principles. All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities.
Our ICO Data Protection Register number is Z3527002. View the CCG's Notification online.
Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.
All identifiable information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you. A limited number of authorised staff have access to information that identifies you, but only where it is appropriate to their role and strictly on a need-to-know basis. All health and social care organisations are required to provide annual evidence of compliance with applicable laws, regulations and standards through the Information Governance Toolkit. This shows our current level of compliance as ‘Satisfactory’ and provides assurance to you on how we protect your information. Further information regarding Information Governance and the Information Governance Toolkit can be found in the Definitions and Terms.
All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. All staff are trained to ensure they understand how to recognise and report an incident and the organisation has procedures for investigating, managing and learning lessons from any incidents that occur. We will only retain information in accordance with the schedules set out in the Records Management Code of Practice for Health and Social Care 2016 The CCG’s Records Management Policies include guidance around the secure destruction of information in line with the Code of Practice. Your information will not be sent outside of the United Kingdom where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.
The CCG has a Caldicott Guardian who is a senior person responsible for protecting the confidentiality of service user information and enabling appropriate and lawful information-sharing. Further information about the role of the Caldicott Guardian can be found in Further Definitions and Terms.
You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any identifiable information we hold about you. These are called Subject Access Requests and more information about this can be found here.
You have the right to privacy and to expect the NHS to keep your information confidential and secure.
You also have a right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered.
If we do hold identifiable information about you, you can ask us to correct any mistakes by contacting us at the address below.
East Riding of Yorkshire Clinical Commissioning Group
Grange Park Lane
Or by email: ERYCCG.AccesstoRecords@nhs.net
You have the right to refuse/withdraw consent to information sharing at any time.
The possible consequences will be fully explained to you but could include delays in receiving care. Details of the national opt-out programme can be found in, what is the patient opt-out?
We have provided details of information collected and used for specific purposes with information on how to withdraw consent specific to each purpose and details of the possible impact this may have on you if you are to opt-out.
These are commitments set out in the NHS Constitution, for further information please click here.
The CCG aims to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive on this subject very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. Contact details for complaints to either ourselves or the ICO can be found at the end of this notice.
Although this is not an exhaustive detailed listing, the following table lists key examples of the purposes and rationale for why we collect and process information. For each purpose we have provided information for you on the purpose, including benefits to you as a patient; the type of information used (see definition above); the legal basis identified for the collection and use of information; how we collect and use the information required; data processing activities – listing any third parties we may use for each purpose and information on how to opt out of your information being used for each purpose.
- Funding Treatments
- Continuing Healthcare
- Risk Stratification
- Patient and Public Involvement
- National Registries
- Serious Incident Reports
- Clinical audit
In 2012 a new Health and Social Care Act was introduced which ensures that all health and social care organisations involved in your care are working collaboratively to ensure you receive the best possible care with the services available through different organisations. You can find more information about how we share information with other organisations here.
The CCG as NHS Employers needs to process information in relation to staff. This information is used in a variety of ways to ensure staff are paid, that the CCG complies with employment law, or to provide other services related to their employment. For more details about how staff data is used, click here.
The trade union (facility time publication requirements) regulations 2017 came in to force on 1 April 2017. In line with these new regulations, all organisations employing more than 49 staff, must publish information on facility time which is agreed time off from an individual's job to carry out a trade union role. There is a legal requirement to publish:
the number of trade union representatives in the organisation
the percentage of time spent on facility time
the amount spent on facility time
the percentage of paid facility time spent on paid trade union activities
Click here to see the CCG’s published information as at July 2018. Further information can be found in the statutory instrument and the explanatory memorandum on the government website and the government guidance on facility time.
If you have any questions or concerns regarding how we use your information, please contact us at:
East Riding of Yorkshire Clinical Commissioning Group
Grange Park Lane
or email General Enquiries at: ERYCCG.ContactUs@nhs.net
Tel: 01482 650700
Our Caldicott Guardian is: Paula South, Director of Quality & Integrated Governance/ Executive Nurse
For independent advice about protection, privacy or data sharing issues, you can contact:
The Information Commissioner
Phone: 08456 306060 or 01625 545745