We respect your right to privacy and keep all your health information confidential and secure. It is important that the NHS keeps accurate and up-to-date records about your health and treatment so that those treating you can give you the best possible care.
This information may be used for management and audit purposes. However, it is usually only available to, and used by, those involved in your care. You have the right to know what information we hold about you. If you would like to see your records please contact the Practice Manager.
| PRIVACY NOTICE – THE NATIONAL DIABETES AUDIT | |
| The National Diabetes Audit (NDA) is a way to measure the quality of diabetes healthcare in England and Wales against guidelines and standards issued by the National Institute for Health and Care Excellence (NICE). Reports are produced and used to drive changes and improve the quality of services and health outcomes for people with diabetes. | |
| Data being collected | What data is collected? Data about individual patients is collected and analysed but the outputs (the reports produced) do not identify individuals.
The following identifiable data for people with diabetes are collected by the audit: NHS number, postcode, gender, date of birth, GP practice code.
Names are not collected.
Why is data collected? These fields are used to link multiple records across the care pathway (how patients are assessed, treated and followed-up) to account for duplicate records, understand complication rates (the proportion of patients that experience adverse events or problems during a medical procedure or treatment) and to link to Office for National Statistics data to determine mortality rates (the number of deaths in a particular population).
Following the linkage of data, the minimum amount of identifiable data required is used in subsequent analysis. For example, postcode is converted to Lower Super Output Area (LSOA – a statistical area that allows local insights but avoids identifying individuals). GP practice codes are used to distinguish data submissions from individual practices and to group patients by practice or Local Health Board to allow comparisons of patient outcomes (the results or effects of care and treatment).
|
| How data is used and disclosed | Digital Health and Care Wales (DHCW) is a Special Health Authority with specific responsibilities for health data in Wales. DHCW extracts relevant information from GP systems and provides it to NHS England, which analyses the data and produces the reports for all of England and Wales. This is an established process.
GPs are responsible for data held on GP systems. When they have lawfully disclosed data (as they do for the NDA) other organisations take responsibility; · DHCW for the data collection and provision of data to NHS England; · NHS England for the security and confidentiality of the data they hold for analysis purposes. NHS England’s role in the NDA is established by a formal request, known as a ‘section 255 request’.[i]
|
| Legal basis for processing | Welsh Ministers, via the Chief Medical Officer for Wales, have instructed Local Health Boards (LHBs) in Wales to participate in all national clinical audits, including the NDA, listed in the National Clinical and Outcome Review Plan.
As the commissioners of primary care services in their area, LHBs have instructed GP practices to allow DHCW to extract data relevant to the NDA. Without this data the NDA could not be delivered. GPs are required to allow access under the provisions of the Regulations that govern their contracts with LHBs[ii].
DHCW is directed to collect and process the relevant information from GPs for the purposes of delivering the NDA. DHCW’s role is consistent with its Establishment Order and Ministerial Directions[iii].
The UK General Data Protection Regulation (UK GDPR) allows organisations to process data that identifies individuals (personal data) and special categories of personal data (including health data) when certain conditions are met. These are commonly referred to as the ‘lawful basis’ for processing. In relation to the NDA, your GP’s lawful basis for processing this information are: · For personal data, Article 6(1)(e) of the UK GDPR; the performance of a tasks carried out in the public interest or in the exercise of official authority, and · For special categories of personal data, Article 9(2)(h) of the UK GDPR; the provision of health or social care, or treatment, or the management of health and social care systems.
|
| How your information is stored and protected | Your personal information is protected in a number of ways. The information required will be securely extracted from the practice system and stored by DHCW on computer systems that have been tested to make sure they are secure, and which are kept up-to-date to protect them from viruses and hacking.
Data is transferred to NHS England by secure mechanisms, which has its own systems that are secure and protected from viruses and hacking. Only staff who have been specifically trained in data protection and confidentiality will access data and controls are in place to make sure all these people can only see the minimum amount of personal information they need to do their job. |
| Your Rights over your information | Under data protection law, you have a number of rights over your personal information. You have the right to: – ask for a copy of any information we hold about you – ask for any information we hold about you that you think is inaccurate to be changed – ask us to restrict our use of your information, for example, where you think the information we are using is inaccurate – object to us using any information we hold about you, although this is not an absolute right and we may need to continue to use your information – we will tell you why if this is the case – delete any information we hold about you, although this is not an absolute right and we may need to continue to use your information – we will tell you why if this is the case – ask us not to use your information to make automated decisions about you without the involvement of one of our staff You can access any of your rights by contacting your GP practice. |
