Privacy Notice - individual GP level data
This Privacy Notice ensures that NHS Digital meets its legal duty in line with the Data Protection Act 1998, and supports general practices in meeting their legal duty in line with the Data Protection Act 1998.
Introduction and overview
The Department of Health has directed NHS Digital to provide General Practitioners (GPs) and general practices with clinical information on the care provision for their patients. This supports an objective "to improve out-of-hospital care" as set out in the government's NHS mandate for 2017-18.
NHS Digital will collect clinical data for a given set of metrics at the individual GP level and then report this information back to GPs and general practices only.
Each metric will measure how GPs work with their patients, such as the percentage of patients who have received a flu jab during the winter flu season.
This Individual GP Level Data work will effectively be a feasibility study. It will be an assessment of practicality used to test the method of collecting data at the individual GP level and the method of reporting this information back to GPs and general practices in the form of a report.
There will be two data collections in total and GPs and general practices will receive two reports, one for each data collection.
Reporting this information to GPs and general practices is intended to support GPs and general practices in overseeing, reviewing and continuously improving the quality of care that GPs provide for their named patients.
As this work involves NHS Digital collecting personal data, fair processing principles apply. This is why NHS Digital has issued this Privacy Notice.
Purpose of this Privacy Notice
This Privacy Notice serves two purposes:
Firstly, it ensures that NHS Digital meets its legal duty in line with the Data Protection Act 1998.
NHS Digital, as Data Controller of the personal data that are collected, must issue a Privacy Notice to clearly set out how, and why it is using patients' personal data, as well as what personal data are being used.
Secondly, it supports general practices in meeting their legal duty in line with the Data Protection Act 1998.
General practices, as Data Controller of their patients' personal data before these data are collected, must provide adequate fair processing information to their patients regarding the purpose(s) for which, and the manner in which, their patients' personal data will be processed.
It is intended that general practices will be able to link to the information included in this Privacy Notice in performing their legal duty in providing adequate fair processing information to their patients.
Purpose(s) for which, and manner in which, these personal data are processed
The Health and Social Care Act 2012 gives NHS Digital statutory powers to require data from health or social care providers in England where NHS Digital has been directed to do so by the Department of Health (on behalf of the Secretary of State for Health) or NHS England.
The Department of Health has directed NHS Digital to perform this work. Therefore, the collection of these data is mandatory.
General practices must comply with this data collection and provide these data in the form, manner and period as specified in the Data Provision Notice issued by NHS Digital; this Data Provision Notice will be issued at least six weeks before the first data collection takes places.
NHS Digital as the Data Controller
NHS Digital becomes the Data Controller of the patients' personal data once these data have been collected as NHS Digital is the organisation that holds these personal data.
(Please note that these personal data are still held by the general practices as NHS Digital collecting these data involves an extract (a copy) of these data being provided to NHS Digital via the third party IT system suppliers. These data are not physically moved from general practices to NHS Digital and therefore general practices also remain as Data Controller of their patients' personal data.)
General practices as the Data Controller
General practices are the Data Controller of their patients' personal data that they hold as they have overall control of these data.
Most general practices will have data processing arrangements with third party IT system suppliers; however, general practices are Data Controller for the data they hold about their patients and it is the Data Controller that retains responsibility for compliance with the Data Protection Act 1998.
What are general practices required to do?
As Data Controller of their patients' personal data, general practices have a legal duty to provide patients with fair processing information. To meet their legal fair processing duty for this data collection, general practices are required to:
- inform their patients how their personal data will be used (including what type of data will be used) and for what purpose(s) their personal data will be used
- reassure their patients that their personal data will remain safe and confidential and will be used only for its intended purpose
- allow patients to opt-out of sharing their personal data should they choose to do so.
The information included in this Privacy Notice will allow general practices to meet their fair processing duties.
What personal data are being collected?
NHS Digital will collect data at the level of the individual patient (that is: record level data). This will involve a separate row of data being returned for each individual patient.
NHS Digital will collect personal data in the form of patients' NHS Numbers.
The NHS Number is a unique number used to identify patients and match them to their health records. It is an identifiable, personal data item.
No other personal data items, such as Name, Address, Postcode or Date of Birth, will be collected. Similarly, no sensitive data items, such as Ethnicity, Sexual Orientation or Physical or Mental Health Conditions, will be collected.
NHS Digital will also collect other data to facilitate this data collection. This will comprise the individual GP assigned to each patient and whether or not each patient meets the criteria for each of the given metrics. No other data will be collected.
How are these personal data being used?
The collection of patients' NHS Numbers is required for two reasons:
Firstly, to determine the link between individual GPs and the patients they are responsible for within their general practice. The purpose of this data collection is to provide GPs and general practices with clinical data at the level of the individual GP. NHS Digital and the third party IT system suppliers are currently unable to do this without collecting personal data in the form of NHS Numbers.
Secondly, to link the general practice data to hospital data for one of the metrics included in this data collection. This metric involves determining the number of patients who have had an emergency admission to hospital for one, or multiple, specific condition(s), broken down by each individual GP at a general practice.
Patients' NHS Numbers will only be used by NHS Digital for the two reasons stated above. No other organisation will have access to these personal data.
Following the collection of these data, NHS Digital will perform the necessary validation, linkage and analysis of these data. Once these steps are performed and the information is reported back to GPs and general practices, the personal data held by NHS Digital will be deleted.
What should individuals do if they wish to opt-out of this data collection?
Individuals who wish to opt-out of this data collection should contact their general practice in order to register a Type 1 opt-out. This is an objection that prevents an individual's personal confidential information from being shared outside of their general practice except when it is being used for the purposes of direct care, or in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease.
NHS Digital will uphold Type 1 opt-outs in collecting these data from general practices (that is: any patients who have registered a Type 1 opt-out prior to the point in time at which this data collection takes place will not be included in this data collection).
A Type 2 opt-out is an objection that prevents an individual's personal confidential information from being shared outside of NHS Digital, except when it is being used for the purposes of direct care. Type 2 opt-outs do not apply to this data collection as no personal data will leave NHS Digital. Instead, the information that is reported back to GPs and general practices will include percentages (and associated counts) of patients who fall into each of the metrics.
Further information is available on the your personal information choices page.
How will NHS Digital collect these data?
These data will be collected via NHS Digital's General Practice Extraction Service (GPES). This will involve an extract (a copy) of these data that are held by general practices being provided to NHS Digital via the third party IT system suppliers.
The third party IT system suppliers work as the Data Processors on behalf of the general practices and NHS Digital.
Data processing activities performed by NHS Digital
The process of NHS Digital collecting these data will involve one data file per general practice being sent to GPES. These data files will be checked as part of the data collection process and, once this checking is complete, they will be loaded into the Data Management Service (DMS), which is NHS Digital's single, standardised, secure method for capturing, storing, managing and distributing data. Data will not be held in GPES as this is only the mechanism for collecting these data; instead, these data will be held within DMS.
Further data checks, including checking whether or not patients' NHS Numbers are valid, will be performed within DMS. A report will be produced on any data checking failures and this information will be included in the information that is reported back to GPs and general practices. All invalid data will be removed from the data set before any data linkage and analysis takes place.
One of the metrics included in this data collection involves linking these data that are collected from general practices to hospital data (that is: Hospital Episode Statistics Admitted Patient Care data), which are already held by NHS Digital. These hospital data will only include patients who were admitted to hospital as an emergency and who had a primary diagnosis of one, or more, of the conditions covered by this metric.
The data linkage between these general practice data and these hospital data will be performed using the NHS Number data item only. There must be an exact match on the patient's NHS Number in the general practice data and the patient's NHS Number in the hospital data. This data linkage will follow the NHS Digital standard approach for data linkage.
Following the data linkage for the one metric that involves data linkage, all of the data will then be analysed appropriately. This will involve transforming the record level data into aggregate level data (that is: counts of patients) so as to determine the numbers of patients who fall into the numerators and denominators for each of the given metrics. Dividing each numerator count by its equivalent denominator count will give the percentage of patients for each given metric.
These analysed data will then be used to populate automated reports. There will be one report produced for each general practice; this will include the metrics for all of the GPs who are registered at that general practice. Each report will only include data concerning the patients registered at that general practice, along with comparative Clinical Commissioning Group (CCG) level and national level information. Data concerning patients registered at other general practices will not be included in these reports except in the form of this comparative information.
How will NHS Digital ensure that patients' data are kept safe and confidential?
NHS Digital is the trusted national provider of high-quality information, data and IT systems for health and social care. Information is the core business of NHS Digital and it is NHS Digital's duty to keep information safe.
NHS Digital will hold these data as an information asset within DMS. As with all other information assets created and held by NHS Digital, the information asset for this data collection will be assigned an Information Asset Owner (IAO). An IAO is a senior member of NHS Digital staff who is responsible for the management of the information asset created and utilised by their team. The IAO role is mandatory across all government departments.
The information asset for this data collection will be managed by the DMS team. Access to this information asset will be provided on a restricted basis and only the appropriate NHS Digital staff members (that is: information analysts working within the IAO's team) will be given access to these data. Each NHS Digital staff member who does access these data must agree to only using these data for their intended purpose by signing a clear data access request form. This form will require the approval of the IAO before the appropriate NHS Digital staff member can be granted access to these data. This restricted access will be audited on a monthly basis so as to ensure only the necessary NHS Digital staff members have access to these data.
All patient data regarding this data collection will be kept safe and confidential at all times.
How long will patients' personal data be held by NHS Digital?
In line with the Data Protection Act 1998, NHS Digital will hold patients' personal data for no longer than is necessary to fulfil the purposes of this work. Once the information has been reported back to GPs and general practices, NHS Digital will permanently delete all personal data that were collected as part of this work.
When will these data be collected?
Details of when these data will be collected will be listed in the Data Provision Notice issued by NHS Digital. This document will be issued on the NHS Digital Data Provision Notices gov.uk webpage.
What information will be reported back to GPs and general practices?
This work will involve NHS Digital collecting patients' personal data (in the form of patients' NHS Numbers), yet the information that is reported back to GPs and general practices will not include any personal data.
The information that is reported back to GPs and general practices will be in the form of a report. This will include the metrics for all of the GPs who are registered at a general practice. The information that is included in this report will be percentages (and associated counts) of patients who meet the specific criteria for each of the given metrics (that is: aggregate level data). This information will not include patients' NHS Numbers.
GPs and general practices will receive information that concerns their own patients within each general practice; they will not receive information that concerns patients from other general practices except in the form of comparative CCG level and national level information. The information that is reported back to GPs and general practices will not be published or shared with any other organisation.