We do not provide services directly to children or proactively collect their personal information. However, we are sometimes given information about children while handling a complaint or conducting an investigation. The information in the relevant parts of this notice applies to children as well as adults.
Automated Decision Making
How we use information provided by NHS Digital
We use information collected by NHS Digital from healthcare providers such as hospitals, community services and GPs, which includes information about the patients who have received care and treatment from the services that we fund.
The data we receive does not include patients’ names or home addresses, but it will usually include information such as your NHS number, postcode, date of birth, ethnicity and gender as well as coded information about your visits to clinics, Emergency Department, hospital admissions and other NHS services.
The Secretary of State for Health has given limited permission for us (and other NHS commissioners) to use certain confidential patient information when it is necessary for our work and unless we have a legal basis to use identifiable data, de-identified information is used for all purposes other than direct care. This approval is given under Regulations made under Section 251 of the NHS Act 2006 and is based on the advice of the Health Research Authority’s Confidentiality and Advisory Group.
In order to use this data, we have to meet strict conditions that we are legally required to follow, which includes making a written commitment to NHS Digital that we will not use information in any way that would reveal your identity.
You can find more information about this in the sections on invoice validations and risk stratification.