Section Navigation

Our Commitment to Data Privacy and Confidentiality Issues

Retention of RecordsDestruction of Paper RecordsOverseas Transfers

We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the Common Law Duty of Confidentiality and the Human Rights Act 1998.

NHS Oxfordshire CCG is a Data Controller under the terms of the Data Protection Act 1998. We are legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you, is done in compliance with the 8 Data Protection Principles.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is  Z3620231  and  our  entry  can  be  found  in  the  Data  Protection  Register  on the Information Commissioner’s Office website.

Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.

We would not share information that identifies you unless we have a fair and lawful basis such as:

  • You have given us permission;
  • To protect children and vulnerable adults;
  • When a formal court order has been served upon us;
  • and/or
  • When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
  • Emergency Planning reasons such as for protecting the health and safety of others;
  • When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals

All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis.

All of our staff, contractors and committee members receive appropriate and on- going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

We will only use the minimum amount of information necessary about you.

Retention of Records

We will only retain information in accordance with the schedules set out in the Records Management Code of Practice for Health and Social Care 2016.

Top of page

Destruction of Paper Records

The normal destruction method used within the CCG for confidential / sensitive Information is by shredding. All confidential waste will be placed in the allocated “Shred-it” consoles or confidential waste bins / sacks.  Shredding of confidential information is carried out on site using an accredited mobile shredding company, a certificate is issued once completed.

Top of page

Overseas Transfers

Your information will not be sent outside of the United Kingdom where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.

Top of page
Copyright 2017 © Oxfordshire Clinical Commissioning Group