
15.Details of information used for specific purposes : Serious Incident reports
Details of information used for specific purposes : Serious Incident reports
Data Controller(s) |
NHS Sheffield CCG |
Purpose |
The CCG collects and uses information from Serious Incident reports from Primary and Secondary Care Providers to ensure incidents are dealt with appropriately and lessons learnt. |
Type of information Used |
Identifiable: Personal (such as name, address, date of birth) and Special Category (health information) |
Legal basis |
GDPR Article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’ Related legislation: NHS Act 2006/Health and Social Care Act 2012. GDPR Article 9(2)(h) processing is necessary for the purposes of the provision of health or social care or treatment or the management of health or social care systems and services. |
How we collect (the source) and use the information |
We are statutorily required to fully investigate and review incidents and will receive information from Primary and Secondary Care Providers. Where there is a requirement to provide incident reports externally, the information will be anonymised unless there is a legal requirement to provide your details. You will be kept informed of the requirements we are required to meet where information is to be shared externally. |
Data Processors |
None |
Your Rights |
With regards to Serious Incident Reports under GDPR you have the right:
|
How long we will keep the information |
30 Years from Date of Incident |
Who we will share the information with (recipients) |
Your information may be shared with Primary and Secondary healthcare providers involved in the incident. |