​​​​​​​​​How we use your information​

Fair Processing Notice

The Fair Processing Notice reminds you of your rights under the Data Protection Act 1998 and tells you how NHS Southwark Clinical Commissioning Group (CCG) processes information about you in accordance with the Act.

The collection of accurate information about you is vital in assisting your GP, primary care team and the CCG in providing you with the right services and health care for your needs. This enables you to be given appropriate information about your care, to make informed choices and where possible improve the services you receive.

Your primary care provider and the CCG aim to share information about you only with those involved in your care, for example, the out-of-hours service, 111 or other NHS health professionals and NHS health organisations for the purposes of assessing and improving overall services and care to the public.

It may also be necessary to share your information with non-NHS services or health providers but only in accordance with the rights of the individual and statutory obligations or by law.

Southwark CCG -Fair Processing Notice - NHS Digital Final.pdf

Sharing and consent

Your information will only be shared in accordance with your rights under the Data Protection Act 1998, the Common Law duty of confidentiality, the NHS Constitution and in keeping with the NHS Codes of Practices that guide the use of information. 

Where required, your explicit consent will be sought before any such sharing takes place in respect to your confidential or sensitive information. You have the right to withhold consent to share your information but be aware that this may adversely affect the care you receive.  Always consult your GP or relevant health professional before deciding to withhold consent to sharing your information, as they will be able to advise you on the possible outcomes of this decision.

At times your information will be used in a de-identified or anonymised form to assist the NHS, Department of Health and health care partners for purposes other than direct clinical care for example, statistical and analytical information. Information provided in this way is the responsibility of the Health and Social Care Information centre (HSCIC).

Circumstances may arise where the sharing of personal information needs to take place without the explicit consent of an individual in order to ensure i.e. the safety of a child, vulnerable adult or where the public may be at risk. 

Confidential information

Everyone working for or on behalf of the NHS has a legal duty to protect your confidential information in accordance with the NHS Constitution, Code of Practices, the Data Protection Act 1998 and the common law duty of confidentiality.

Much of the information held about you may be confidential, such as records kept by health professionals you are seeing, services you use or treatment you receive.

You have a right to privacy and confidentiality and it is important that these rights are respected.

Your health record

Your health record may be held in different formats, hand written (manual record) or held on computer (electronic). Collectively known as your health record.
This will include:

  • personal information, i.e. your address, date of birth and NHS number
  • Contacts with healthcare, i.e. clinic visits and doctors' appointments
  • Notes, reports and decisions about your treatment and care
  • Results of tests, i.e. X-rays, blood tests or scans.

It may include:

  • Information from other health professionals, relatives or carers.  Your care provider and the CCG will endeavour to ensure that your health record is accurately maintained, adequately protected and appropriately accessible to those involved in your care.

How your information is used

Your health record is used to provide your doctor, nurse or other healthcare professional with accurate information to assess your health and decide together with you, appropriate care for you. It will be used to ensure:

  • your care is safe and effective
  • other doctors or specialists have relevant details
  • our staff can book appointments and communicate with you and other parts of the NHS
  • any concerns you have are investigated in relation to queries or complaints.

Our partners in maintaining your health and wellbeing

Our partners include other NHS organisations such as NHS England, Public Health England (PHE), NHS Direct, NHS 111, hospitals, GPs and ambulance services, as well as local authorities (LAs) public health, social services, education and voluntary or private care provider services. We may need to share information about you so that we can work together for your benefit and wellbeing.

Other ways the NHS uses your information

Your information may be used to help us in:

  • determining the general health needs of the population
  • ensuring that our services meet future patient needs
  • teaching and training healthcare professionals
  • investigating complaints, legal claims
  • conducting health research and development
  • preparing statistics on NHS performance
  • auditing NHS accounts and service
  • paying your health care provider.

Risk stratification

Your GP uses your data to provide the best care they can for you. As part of this process, your GP will use your personal and health data to undertake risk stratification, also known as case finding.

Risk stratification entails applying computer based algorithms, or calculations to identify those patients registered with the GP surgery who are most at risk from certain medical conditions and who will benefit from clinical care to help prevent or better treat their condition.

To identify those patients individually from the patient community registered with your GP would be a lengthy and time-consuming process which would by its nature potentially not identify individuals quickly and increase the time to improve care.

Your GP surgery uses the services of a health partner, NHS NEL Commissioning Support Unit (CSU) to identify those most in need of preventative or improved care. This contract is arranged by NHS Southwark CCG.

Neither NHS Southwark CCG nor NHS NEL CSU will at any time have access to your personal or confidential data. They act on behalf of your GP to organise this service with appropriate contractual and security measures only.

NHS NEL CSU will process your personal and confidential data. Typically this will process your data using indicators such as your age, gender, NHS number and codes for your medical health to identify those who will benefit from clinical intervention. Processing takes place automatically and without human or manual handling. Data is extracted from your GP computer system, automatically processed and only your GP is able to view the outcome, matching results against patients on their system.

We have implemented strict security controls to protect your confidentiality and recommend this as a secure and beneficial service to you. At all times, your GP remains accountable for how your data is processed. However, if you wish, you can ask your GP for your data not to be processed for this purpose and your GP will mark your record as not to be extracted so it is not sent to NHS South East CSU for risk stratification purposes.

How you can access your information

You have a right to see your health record. An application to access your health record is known as a Subject Access Request.

  • Your request must be made in writing to the records manager at your health centre, GP Practice or health professional in charge or your care.
  • You will need to provide details to enable the relevant organisation to identify you and locate your health records.
  • It will assist those responsible for providing you with access if you are able to specify what it is within your record you want to see.
  • There may be a charge to have a printed copy of the information held about you (maximum cost £50).
  • It is important that you are aware there may be circumstances when information within your health record may be limited or withheld such as when it is in reference to a third party or where the concern is for your well-being or the well-being of others.
  • Facilities may be available to allow you to view parts of your health record via computer.

If you have concerns about your information

It is important that your information is accurate and up-to-date. In order to ensure the accuracy of your information is maintained, you are required to keep those responsible for your care informed of any changes in your circumstances, e.g. address, phone number. If you should feel at any time that your record is in some way inaccurate or incorrect, you are entitled to have this information reviewed, amended or corrected in agreement with the relevant health professional.

Caldicott Guardian

Each NHS organisation and general practice is required by mandate to have a Caldicott Guardian who has responsibility for satisfying the highest practical standards for handling patient identifiable, confidential and sensitive information.  The Caldicott Guardian also actively supports work to enable information sharing where it is appropriate and advises on options for lawful and ethical processing of patient information.


Your care provider and CCG will endeavour at all times to comply with the statutory duties, laws and NHS policy which govern their use of personal and confidential information. These include the following:

  • the NHS Constitution
  • the Care Records Guarantee
  • Data Protection Act 1998
  • Health and Social Care Act 2012
  • Freedom of Information Act 2000
  • Children's Act 2004
  • NHS Confidentiality Code of Conduct
  • Common Law Duty of Confidentiality
  • Access to Health Records Act 1990.

Further information and help

Please speak to the health professional in charge of your care, facility e.g. hospital your or GP practice manager if you:

  • would like to know more about how we use your information
  • do not wish to have your information used in any of the ways described in this leaflet
  • would like to raise any concerns about the information in your health record.

 If you would like to find out more please contact: nelcsu.Information-Governance@nhs.net