Personal Information We Collect And Hold About You

As a commissioner, we do not routinely hold or have access to your medical records. However, we may need to hold some personal information about you, for example:

  • If you have made a complaint to us about healthcare that you have received and we need to
  • If you ask us to provide funding for Continuing Healthcare
  • If you ask us for our help or involvement with your healthcare, or where we are required to fund specific specialised treatment for a particular condition that is not already covered in our contracts with organisations that provide NHS care.
  • If you ask us to keep you regularly informed and up-to-date about the work of the CCG, or if you are actively involved in our engagement and consultation activities or service user/Patient Participation

Our records may include relevant information that you have told us, or information provided on your behalf by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment.

Our records may be held on paper or in a computer system.

The Types of Information that we may Collect and use Include the Following:


This is data which contains details which can identify individuals such as name, address, date of birth, postcode

Pseudonymised Information

This is data that has undergone a technical process that replaces your identifiable information such as NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual to those working with the data.

Anonymised Information

This is data rendered into a form which does not identify individuals and where there is little or no risk of identification (identification is not likely to take place).


This is anonymized data which is grouped together so that it does not identify an individual

Personal Confidential Data

This term describes personal information about identified or identifiable individuals, which should be kept private or secret. For the purposes of this notice ‘personal’ includes the Data Protection Act definition of personal data, but it is adapted to include dead as well as living people. ‘Confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’ and is adapted to include ‘sensitive’ as defined in the Data Protection Act and is used interchangeably with ‘confidential’ in this document.

Sensitive Personal Data

The Data Protection Act defines “sensitive personal data” as information about an individual’s: Racial or ethnic origin; political opinions; religious beliefs; trade union membership; health; sexual life; alleged criminal activity; or court proceedings.