Privacy Notice: NHS Digital
Plain English explanation
NHS Digital is the secure haven* for NHS patient data, a single secure repository where data collected from all branches of the NHS is processed. NHS Digital provides reports on the performance of the NHS, statistical information, audits and patient outcomes (learn more at NHS Digital). Examples include:
- A/E and outpatient waiting times
- The numbers of staff in the NHS
- Percentage target achievements
- Payments to GPs etc and more specific targeted data collections
- Reports such as the Female Genital Mutilation, general practice appointments data and English National Diabetes Audits.
GPs are required by the Health and Social Care Act to provide NHS Digital with information when instructed.
This is a legal obligation which overrides any patient wishes. These instructions are called “Directions”.
More information on the directions placed on GPs can be found at NHS Digital and NHS Data Sharing.
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.
1. Data Controller
Phoenix Medical Practice
33 Bell Lane,
Rochester, Kent ME1 3SX
2. Data Protection Officer
Lolu Adeniji & Patrick Mwondela
NHS Medway Clinical Commissioning Group
Unit A. Compass Centre North
Pembroke Road, Chatham Maritime
Kent ME4 4YG
3. Purpose of the processing
To provide the Secretary of State and others with information and reports on the status, activity and performance of the NHS. The provide specific reporting functions on indentified.
4. Lawful basis for the processing
The legal basis will be:
- Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.”
- Article 9(2)(h) “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
5. Recipient of the processed data
Or categories of recipients of the processed data
The data will be shared with NHS Digital according to directions which can be found at NHS Digital.
6. Rights to object
You have the right to object to some or all of the information being shared with NHS Digital. Contact the Data Controller or the practice.
7. Right to access and correct
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.
8. Retention period
The data will be retained for active use during the processing and thereafter according to NHS Policies and the law.
Right to Complain
You have the right to complain to the Information Commissioner's Office. You can visit the ICO Website or call their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate) There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).
* The BMA has serious concerns regarding the status of NHS Digital as a “safe haven” and is not confident it has acted as a secure repository for patient data.
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.