Sharing Information with Health and Care organisations

Information Sharing Agreements and contracts will be in place ensuring that where we share information, this meets both the requirements of the Health and Social Care Act 2012 and the current Data Protection legislation ensuring that your confidentiality and rights are not breached.

The CCG is actively working with health and social care partners to ensure that where you receive a referral, for example for community services, all the relevant information that organisation requires in order to offer you the right service is available. We are also working with the hospitals that provide services to our population to ensure that if you find yourself in an emergency situation, relevant and potentially lifesaving information from your GP record will be available, showing any latest tests and any allergies you may suffer from, which the hospital clinicians will need to know.

Whenever a new arrangement is made to share information externally, both with health and social care organisations and with third party suppliers, we will ensure that a legal basis has been identified, using a tool called a Data Protection Impact Assessment, which will highlight any risks to your information and ensure they are resolved before any sharing takes place.

Our Commitment to Data Privacy and Confidentiality

We are committed to protecting your privacy and will only process personal confidential data in accordance with the General Data Protection Regulation, the Data Protection Act 2018, the Common Law Duty of Confidentiality, Professional Codes of Practice and the Human Rights Act 1998.

In the circumstances where we are required to use personal identifiable information we will only do this if:

• The information is necessary for your direct healthcare, or
• We have received explicit consent from you to use your information for a specific purpose, or
• There is an overriding public interest in using the information:
  • In order to safeguard an individual,
  • To prevent a serious crime or in the case of Public Health or other emergencies, to protect the health and safety of others, or
• There is a legal requirement that allows or compels us to use or provide information (e.g. a formal court order or legislation), or
• We have permission from the Secretary of State for Health and Social Care to use certain confidential patient identifiable information when it is necessary for our workEveryone working for the NHS has a legal and contractual duty to keep information about you confidential.All identifiable information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. All health and social care organisations are required to provide annual evidence of compliance with applicable laws, regulations and standards through the Data Security and Protection toolkit.   
• http://www.sheffieldccg.nhs.uk/about-us/publications-scheme.htm
• The CCG maintains a set of regularly updated policies and procedures covering all aspects of information governance. These can be found here:
• Your information will not be sent outside of the United Kingdom, unless your privacy is protected to the same extent as the law in the UK. We will never sell any information about you.
• Our staff, contractors and committee members receive appropriate and ongoing training to ensure that they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Staff are trained to ensure how to recognise and report and incident and the organisation has procedures for investigating, managing and learning lessons from any incidents that occurred 

Your Rights

Under the General Data Protection Regulation all individuals have certain rights in relation to the information which the CCG holds about them. Not all rights apply equally to all our processing activity as certain rights are not available depending on the lawful basis for the processing.

When you view an entry in our ‘Use of Personal and Sensitive Information’, we have highlighted which rights apply and which may not. To help understand why some may not apply the following should help.

Examples of where rights may not apply - where our lawful basis is:

• Processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller - then rights of erasure, portability do not apply.
• Legal Obligation - then rights of erasure, portability, objection, automated decision making and profiling do not apply.If you require further detail each link below will take you to the Information Commissioner’s Office’s website where further detail is provided in section ‘When does the right apply’. 

These rights are:

• The right to be informed about the processing of your data
• The right of access to the data held about you
• The right to have that information amended in the event that it is not accurate
• The right to have the information deleted
• The right to restrict processing
• The right to have your data transferred to another organisation (data portability)
• The right to object to processing
• Rights in relation to automated decision making and profilingUnder the NHS Constitution you have the right to privacy and to expect the NHS to keep your information confidential and secure.You have the right to be informed about how your information is used.You have the right to request that your confidential information is not used beyond your own care and treatment, and to have your objections considered and where your wishes cannot be followed, to be told the reasons including the legal basis.There is a new national opt-out that allows people to opt out of their confidential patient information being used for reasons other than their individual care and treatment. The system offers patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. Details of the national patient opt out can be found here: https://www.nhs.uk/your-nhs-data-matters/