The Fair Processing Notice is available by clicking here. This document reminds you of your rights under the Data Protection Act 1998 and tells you how NHS West Norfolk Clinical Commissioning Group (WNCCG) processes information about you in accordance with the Act.
Links to information on locally commissioned providers' fair processing notices or details of what information is provided to patients regarding what happens with their information can be found here.
The Fair Processing Notice for the Norfolk Continuing Care Partnership in relation to continuing healthcare provision can be found here.
Who are we?
NHS West Norfolk Clinical Commissioning Group (WNCCG) is a local membership organisation led by family doctors that is responsible for planning and paying for healthcare services. We do not provide healthcare like a GP Practice or hospital. Our role is to make sure the appropriate NHS care is in place for the people of West Norfolk, within the budget we have.
Why we collect Information about you
In carrying out some of these roles we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or on a computer.
The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments.
How your records are used to help the NHS
Your information may be used to help assess the needs of the general population and make informed decisions about the provision of future services.
Information can also be used to conduct health research and development, monitor NHS performance, to help the NHS plan for the future and to investigate complaints in respect of the services we commission.
Where information is used for statistical purposes, stringent measures are taken to ensure individual patients cannot be identified.
We will not publish any information that identifies you or routinely disclose any information about you without your express permission. At any time you have the right to refuse/ withdraw consent to information sharing. The possible consequences will be fully explained to you, such as potential delays in receiving care and negative impacts on the services and responses we can offer you.
There may be circumstances where we are bound to share information about you owing to a legal obligation, such as for the benefit of public health in the event of a pandemic.
Anyone who receives information from us is also under a legal duty to keep this information confidential.
Security of Information
Everyone working for the NHS is subject to the Common Law Duty of Confidence. The information we do hold about you, whether in paper or electronic form, is therefore protected from unauthorised access. Under the NHS Confidentiality Code of Conduct, all our staff are also required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
We will use limited information about individual patients when validating invoices received for healthcare provided, to ensure the invoice is accurate and genuine. This will be performed in a secure environment and will be carried out by a limited number of authorised staff, these activities and all identifiable information will remain within a CEfF (Controlled Environment for Finance) approved by NHS England.
National Fraud Initiative
WNCCG is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Audit Commission appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other compute records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Audit Commission currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Audit Commission for matching for each exercise, and these are set out in the Audit Commission's guidance, which can be found at www.audit-commission.gov.uk/nfi.
The use of data by the Audit Commission in a data matching exercise is carried out with statutory authority under its power in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by the Audit Commission is subject to a Code of Practice. This may be found at http://www.audit-commission.gov.uk/national-fraud-initiative/code-of-data-matching-practice/
For further information on the Audit Commission's legal powers and the reasons why it matches particular information, see http://www.audit-commission.gov.uk/national-fraud-initiative/fair-processing-notice-full-text/. For further information on data matching at this authority please contact:
Head of Corporate Affairs
Email: contact.wnccg [at] nhs.net
Access to your Information
Under the Data Protection Act 1998 you have the general right to see or be given a copy of personal data held about you. This right can be exercised via submission of a Subject Access Request (SAR) to NHS WNCCG.
Any requests made will be jointly managed by both the CCG and NHS Arden & GEM Commissioning Support Unit staff unless you specifically state in your request that you do not wish this to happen. You do not need to give a reason.
If you want to access your records/ information you should make a written request to:
NHS Arden and GEM Commissioning Support Unit
We are able to charge a reasonable fee for the administration of the request, however these fees are set down in law as follows:
We may charge up to £10 for complying with a SAR relating to health records if the information is only held electronically.
We may charge up to £50 for complying with a SAR relating to health records if those records are held either wholly or partly in non-electronic form.
Further information on Subject Access Requests can be found via the Information Commissioners Office (ICO): https://ico.org.uk/for-the-public/personal-information/
Complaints / Appeals
In the event that you believe the NHS WNCCG has not complied with the Data Protection Act, either in responding to a Subject Access Request or in the way we have processed your personal information, you have the right to make a complaint by contacting the Head of Governance at:
NHS Arden & GEM Commissioning Support Unit
Telephone: 01603 257017
If you wish to raise a complaint or make an appeal to an independent body, you may do so by contacting the Information Commissioner's Office in writing to the following address:
Information Commissioners Office
Enquiry Line: 01625 545700
If you would like to know more about how WNCCG uses your information please use the Contact Us section of our website.
Further information can also be obtained from the following links:
Organisations that share information with NHS West Norfolk Clinical Commissioning Group
In order for WNCCG to perform its commissioning functions, information is shared from various organisations, which include: general practice, acute and mental health hospitals, others CCGs, community services, walk in centres, nursing homes, directly from service users and many others.
Information may also need to be shared for your benefit with other non-NHS organisations, from which you are also receiving care, such as social services and other providers from which we commission services. Where information sharing is required with third parties, we will not disclose any health information without your explicit consent unless there are exceptional circumstances such as when the health and safety of others is at risk, where the law required it or to carry out a statutory function.