The information we hold, how we use it, and keep it confidential and secure
This privacy notice tells you about information we collect and hold about you, what we do with it, how we will look after it and who we might share it with. It covers information we collect directly from you or receive from other individuals or organisations.
This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address in the “Further Information and Complaints” section, below.
We keep our privacy notice under regular review: it was last reviewed in June 2017.
Digital Notts is a partnership between the NHS and social care organisations that are responsible for planning, delivering and funding services for the people of Nottingham and Nottinghamshire, Digital Notts is not a legal entity and is hosted on behalf of health and care organisations by NHS Rushcliffe CCG. We were formed in 2013 to ensure that the development of digital technology and the management of health information and data supports the needs of patients, families, carers and health and social care professionals. We plan, deliver and invest in technology that will improve health. Our role is to coordinate the delivery of the Digital Notts programme, providing a clear decision making structure and framework for the organisations involved. Our plans, targets and priorities are agreed by the two Health and Wellbeing Boards for Nottingham and Nottinghamshire.
Personal information we hold about you
We do not routinely hold or have access to personal information. However, from time to time we may need to hold some information about you, for example:
We may use the following types of information/data:
Digital Notts uses the data it receives for a number of purposes such as:
When we receive a complaint from a person, we try to resolve your complaint or query relating to the remit of Digital Notts, if the complaint is outside the remit of Digital Notts we will refer your complaint onto the relevant organisation with your permission.
We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
All records held by the Digital Notts will be kept for the duration specified by national guidance from the Department of Health, found in the Records Management Code of Practice for Health and Social Care 2016.
Once data is no longer required it will be destroyed securely:
For paper records or information this will be destroyed in line with international standards, incinerated, pulped or shredded, using a cross cutter. Where external confidential waste suppliers are used these will be under contract and assurance that destruction meets the necessary legal requirements and standards.
For digital media permanent destruction will be achieved by overwriting the media a sufficient number of times or physical destruction of media by breaking it up into small pieces.
Sharing your information with other organisations or individuals (third parties)
We do not share information that identifies you unless;
We are committed to protecting your privacy and will only process personal information in accordance with the Data Protection Act 1998, the Human Rights Act 1998 and the common law duty of confidentiality.
As Digital Notts is not a legal entity it does not act as a data controller and as such has not been registered as a data controller. As host to Digital Notts NHS Rushcliffe CCG is a Data Controller under the terms of the Data Protection Act 1998 and are legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you is done in compliance with the eight Data Protection Principles. All data controllers must notify the Information Commissioner’s Office of all personal information processing activities. The CCGs registration number is Z3610590 and the entry can be found in the Data Protection Register on the Information Commissioner’s Office website
All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. All of our staff, contractors and board members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. We will only use the minimum amount of information necessary about you. Where possible we will use information that does not directly identify you, but when it becomes necessary for us to know or use personal information about you, we will only do this when we have either a legal basis or have your consent. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you, where it is appropriate to their role, and is strictly on a need-to-know basis
If you do not agree to certain information being processed or shared with us or by us, or have any concerns then please let us know. We may need to explain the possible impact this could have on our ability to help you, and discuss the alternative arrangements that are available to you.
You have certain legal rights, including:
These are commitments set out in the NHS Constitution, for further information please visit: https://www.gov.uk/government/publications/the-nhs-constitution-for-england
Individuals can find out if we hold any personal information about them by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
To make a request for any personal information we may hold you need to put the request in writing to the address provided below (see “Contact us”).
If we do hold information about you and you consider it to be inaccurate, you can ask us to correct any mistakes by, once again, contacting us at the address below.
We will only retain information for as long as necessary. Records are maintained in line with the Department of Health retention schedule which determines the length of time records should be kept.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.