PRIVACY / TRANSPARENCY NOTICE

Little St John's Surgery and Your Information

Population Health Management (PHM) Privacy Notice

Under data protection law we must tell you about how we use your personal information. This includes the personal information that we share with other organisations and why we do so. Our main GP practice privacy notice is on our website. This additional privacy notice provides details about Population Health Management.

What is Population Health Management (PHM)?

This work is aimed at improving the health of both local and national populations.

It is about improving the physical and mental health outcomes and wellbeing of people and making sure that access to services is fair and equal. It helps to reduce the occurrence of ill-health and looks at all the wider factors that affect health and care.

Population Health Management requires health and social care organisations to work together with communities and partner agencies. The organisations will share de-identified information (where information about you has been removed) with each other in order to get a view of health and services for the population in a particular area.

Across Ipswich and East Suffolk and North East Essex a population health management programme has been introduced. The programme will combine this de-identified information from GP practices, community service providers, hospitals and other health and care providers to allow a comprehensive picture of health and care needs to be identified and services planned according to need.

How will my Personal Information be used?

The information needed for this Programme will include information about your health and social care. Information about you and your care will be used in the programme, but in a format that does not directly identify you which we refer to within this privacy notice as pseudonymised.

The information will be used for a number of health and social care related activities such as:

improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
monitoring safety
planning services

Your Personal information will be shared with?

Your GP will send the information they hold on their systems to the NHS North of England Commissioning Support Unit (NECS), who are part of NHS England. NHS Digital who already holds information about other health and care attendances, will send the information they hold to NHS North of England Commissioning Support Unit (NECS).

NECS will make the GP data linkable with other local and national data sources to understand the population health more effectively. This process is called Pseudonymisation and any information that identifies you has been removed and replaced with a pseudonym (Unique Code).

The pseudonym will only ever be reidentified if we discover that you may benefit from a particular health intervention, in which case only the relevant staff within your practice will be able to see your personal information in order to offer this service to you.

The pseudonymised data will be sent to a company called Optum. Optum have been commissioned by NHS England to provide specialist analysis of the data to support improvements to the local populations health and to target health and social care resources effectively.

Both NECS and Optum are required to protect your information and maintain confidentiality at all times.

What will happen to my Personal Information when the Project is Finished?

For the NHS England and Improvement/Optum programme, data will be processed only for the duration of the 20-week programme. Once the 20-week programme has completed the information will be securely destroyed from Optum systems.

NECS working on behalf of the practice will retain the practice data as agreed for a maximum of 14 days to ensure that they successfully remove any identifiable data once this is accomplished the identifiable practice data will be securely destroyed. The remaining de-identified data will be used by analysts to provide health and social care statistics for PHM projects for the length of each project as agreed with the practice.

Our legal basis for sharing data

Health Care Providers are permitted by data protection law to use information where it is “necessary for medical purposes”. This includes caring for you directly as well as management of health services more generally.

Sharing and using your information in this way helps to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used where allowed by law and in the majority of cases, anonymised data is used so that you cannot be identified.

Under data protection law, we can only share patient data if we have a legal basis under Articles 6 and 9 of the UK GDPR.

Our legal basis for sharing patient data is Article 6(1)(c) - legal obligation, as we are required under the Health and Social Care 2012 Act.

When we are sharing patient data about health we also need a legal basis under Article 9 of the UK GDPR.

Article 9(2)(h) – as we are sharing patient data for the purposes of providing care and managing health and social care systems and services. This is permitted under paragraph 2 of Schedule 1 of the DPA.

Article 9(2)(i) - as patient data will also be used for public health purposes. This is permitted under paragraphs 3 of Schedule 1 of the DPA.

Article 9(2)(j) - as patient data will also be used for the purposes of scientific research and for statistical purposes. This is permitted under paragraph 4 of Schedule 1 of the DPA.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything.

National Data Opt-out (opting out of NHS Digital sharing your data)

This applies to identifiable patient data about your health which is called confidential patient information. If you don’t want your confidential patient information to be shared by NHS Digital with other organisations for purposes except your own care - either GP data, or other data it holds, such as hospital data - you can register a National Data Opt-out.

If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations, unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus. You can find out more about exemptions on the NHS website.

From 1 October 2021, the National Data Opt-out will also apply to any confidential patient information shared by the GP practice with other organisations for purposes except your individual care. It won’t apply to this data being shared by GP practices with NHS Digital, as it is a legal requirement for us to share this data with NHS Digital and the National Data Opt-out does not apply where there is a legal requirement to share data.

You can find out more about and register a National Data Opt-out, or change your choice on NHS.uk - Your NHS Data Matters or by calling 0300 3035678.

Website Privacy Policy

We are committed to protecting the privacy of all individuals using this website.

This policy explains how we use any personal information we collect from you through this website.

Collection of personal information

You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.

By submitting your personal information, you consent to our use of the information as set out in this privacy policy.

Use of personal information

We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:

We shall use your personal information to administer, and may respond to, your request.

We shall securely store the information you supply together with any response we may provide.

If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.

Website privacy

This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.

Data storage

All data obtained by us is held and used in compliance with the Data Protection Act 2018.

Cookie Policy

Please read our Cookie Policy.

Links

This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.

Access to your personal information

You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.

Menu