NHS Sheffield Clinical Commissioning Group

We want you to have more care closer to your home...

branch graphic

How we use your information

4. How we use your information

Information used to support your care

When you see a doctor, nurse or any other health professional, they ask you to give them information about yourself.  This helps them decide what treatment and care is best for you. They keep a record of any relevant information, which may be written down or held on computer.  This record is then known as your health or medical record.

Your medical record may include:

  • Basic details about you such as name, address and next of kin
  • Details of any diagnosis and treatment you receive including drug prescriptions
  • Results of investigations such as blood tests and X-rays
  • Details of contact you have with other health professionals such as visits to clinics
  • Relevant information from other professionals and those who care for you

Different health professionals involved in your care will make their own notes, so you may have medical records in different parts of the NHS.


How we use information provided by NHS Digital

Note the Health and Social Care Information Centre (HSCIC) became known as NHS Digital on 1 April 2016. 

We use information collected by NHS Digital from healthcare providers such as hospitals, community services and GPs, which includes information about the patients who have received care and treatment from the services that we fund. 

The data we receive does not include patients’ names or home addresses, but it may include information such as your NHS number, postcode, date of birth, ethnicity and gender as well as coded information about your visits to clinics, Emergency Department, hospital admissions and other NHS services.  

The Secretary of State for Health has given limited permission for us (and other NHS commissioners) to use certain confidential patient information when it is necessary for our work and whilst changes are made to our systems that ensure de-identified information is used for all purposes other than direct care. This approval is given under Regulations made under Section 251 of the NHS Act 2006 and is based on the advice of the Health Research Authority’s Confidentiality and Advisory Group. 

In order to use this data, we have to meet strict conditions that we are legally required to follow, which includes making a written commitment to NHS Digital that we will not use information in any way that would reveal your identity. These terms and conditions can be found on the NHS Digital website

Below are examples of section 251 approvals: 

Invoice Validation 

CCGs and NHS England, which includes Commissioning Support Units, do not have a legal right to access personal confidential data (PCD) for the purpose of validating invoices. On 22 November 2013, the Secretary of State for Health approved applications from NHS England for section 251 support for PCD to be used to validate invoices lawfully, without the need to obtain explicit consent from the individual patient at a local level. 

Invoice Validation is an important process which the CCG carries out. This involves using your NHS number to establish which CCG is responsible for paying for your treatment. The process also ensures that those who provide you with care are reimbursed correctly for the care and treatment they have provided. The invoice validation process is carried out by Sheffield CCG staff using the Rotherham CCG CEfF facility. Rotherham CCG are registered as a Controlled Environment for Finance (CEfF) which ensures that procedures and systems for managing invoices on behalf of the CCG is in line with national requirements. This is done in line with the ‘Who Pays Invoice Validation Guidance’ issued by NHS England. 

Risk Stratification (Pro-Active Care Management) 

Risk Stratification is a process GPs and other health and care professionals use to help them to identify and support patients with long-term conditions; to help prevent un-planned hospital admissions or reduce the risk of certain diseases developing such as type 2 diabetes. This is called risk scoring for case-finding.  

The CCG also uses risk stratified data to understand the health needs of the local population in order to plan and commission the right services. This is called risk stratification for commissioning.  The CCG does not have access to your personal data.  This information is de-identified / pseudonymised. 

Pseudonymisation (sometimes known as de-identification) is a process where identifiable information such as name, address, date of birth and NHS Number is removed and replaced with a code which makes it anonymous to the CCG, but would allow others such as those responsible for providing care to identify an individual. It allows records for the same patient from different sources to be linked to create a full record of that patient’s condition, history and care without identifying the patient to anyone other than the GP or appropriate health or care professional.

The CCG uses a Data Services for Commissioners (DSCRO) service hosted by North of England Commissioning Support (NECS) to assist in the process of Risk Stratification. NECS process personal confidential data on behalf of the CCG under a contract agreement with the CCG that mandates that robust technical and organisational measures are in place to ensure the security and protection of the information. 

Linkage of data from different health and social care data sources is undertaken enabling the processing of data and provision of appropriate analytical support for GPs and CCGs whilst protecting the privacy and confidentiality of the patient(s). 

Robust access controls are in place to ensure only GPs or appropriate health or care professionals are able to re-identify information about their individual patients when it is necessary for the provision of their care. GPs will be able to identify which of their patients are at risk in order to offer a preventative service to them, but the CCG will only have access to pseudonymised information to understand the local population needs. 

Handling Continuing Healthcare (CHC) Applications 

If you make an application for Continuing Healthcare (CHC) funding, Sheffield CCG will use the information you provide and where needed, request further information from other health and care professionals to identify eligibility for funding. If agreed, arrangements will be put in place to arrange and pay for the agreed funding packages with appointed care providers. This process is nationally defined and follows a standard process and Sheffield CCG use standard information collection tools to decide whether someone is eligible.

Handling Individual Funding Requests (IFR) Applications 

An Individual Funding Request (IFR) is a request to fund a healthcare intervention that falls out of the range of services and treatments that the Clinical Commissioning Group (CCG) has agreed to commission. If you make an Individual Funding Request then Sheffield CCG will use the information you provide and where needed, request further information from care providers to identify eligibility for funding. If agreed, arrangements will be put in place to arrange and pay for the agreed funding packages with appointed care providers. We will always seek your consent to use your information for this purpose. When your request is shared with the Sheffield CCG decision-making panel only health information required to inform the decision is shared.  Personal identifying information such as name, NHS Number, or address are redacted from this shared information.

Supporting Medicines Management 

CCGs support local GP practices with prescribing queries which generally don’t require identifiable information. 

Sheffield CCG process funding requests for high cost drugs. Any personal identifying information is not shared with the CCG for this. 


Advice and guidance is provided to care providers to ensure that adult and children’s safeguarding matters are managed appropriately. Access to identifiable information will be shared in some limited circumstances where it’s legally required for the safety of the individuals concerned. 

Post Infection Reviews 

CCGs collaborate with Public Health services and work closely with the organisations involved in providing patient care, to jointly identify and agree the possible causes of, or factors that contributed to a patient’s infection. 

CCGs participate in Post Infection Reviews in the circumstances set out in the Post Infection Review Guidance, issued by NHS England. They will be able to use the results of the Post Infection Review to inform the mandatory healthcare associated infections reporting system. 

Incident Management 

Sheffield CCG is accountable for effective governance and learning following all Serious Incidents (SIs) and work closely with all provider organisations as well as commissioning staff members to ensure all SIs are reported and managed appropriately. The Francis Report (February 2013) emphasised that commissioners should have a primary responsibility for ensuring quality, as well as providers. 

NHS Sheffield Clinical Commissioning Group

722 Prince of Wales Road
S9 4EU