Privacy of your information
For the purposes of the Data Protection Act 2018 (DPA 2018) (the “Act”);
The Data Controller is Enfield Clinical Commissioning Group, 116 Holbrook House Cockfosters Road, Barnet EN4 0DR.
The Data Protection Officer is Dayo Adebari
Email address: email@example.com
Telephone number 07872 891 829
Your privacy is extremely important to us. We only use the information you provide about yourself when using this website to answer your enquiry or to help us to improve our service to you. We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
The information we collect
We may collect and process the following data about you:
- Information that you provide by filling in forms on our website at www.enfieldccg.nhs.uk (our “Website”). This includes information provided when completing our enquiry form or submitting feedback on a consultation. This may include your name, your organisation’s name, your position, email address, business address and contact telephone number. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- Enfield Clinical Commissioning Group may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site including, but not limited to, web server statistics, traffic data, location data and details of the web pages and resources that you access.
We may collect information about your computer, including where available your IP address, operating system and browser type via the web server log files, for system administration and to analyse aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
These uses are in line with the purposes outlined in our registration with the Information Commissioner’s Office, the reference number is ZA007873
Your information may be used to help assess the needs of the general population both on a local, regional and national level to help make informed decisions about the provision of future services. Information can also be used to conduct health research and development, monitor NHS Performance in order to allow the NHS to plan for future. As part of our planning Enfield CCG will identify areas to concentrate on concerning the health of Enfield residents.
Information sharing with other NHS agencies and non-NHS organisations
We may share your information for health purposes and for your benefit with other organisations such as NHS England, NHS Trusts, and also general practitioners (GPs), etc. We may also need to share information with our partner organisations.
Information may also need to be shared with other non-NHS organisations, from which you are receiving care, such as The London Borough of Enfield, Enfield Community Health Services and other providers from which we commission services.
Where information sharing is required with third parties, we will always have relevant contractual obligations and data sharing agreements in place and will not disclose any health information without your explicit consent unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it or to carry out a statutory function.
In some exceptional circumstances we do not require your explicit consent to share information. This would be in cases, for example, notification of new births, a public interest issue, when the health and safety of others is at risk, fraud prevention and investigation, protecting children and vulnerable adults from harm or where the law requires it (a formal court order has been served requiring us to do so).
In these cases, permission to share must be given by our Caldicott Guardian, who is the senior person in the CCG with responsibility for ensuring the protection of confidential patient and service user information. We are obliged to tell you that we have shared your information unless doing so would put you or others at risk of harm.
The law provides some NHS bodies, particularly the Health and Social Care Information Centre (NHS Digital), with permission to collect and use patient data to help commissioners to design and procure the combination of services that best suit the population that they serve. The patient data that is supplied is not in a form that will identify you.
Enfield CCG as a health care organisation is required to support the public sector, including police, in their work. This may include the provision of personal information about patients or staff. There are legal constraints to the information that may be shared depending on the circumstances further information is available on this link: Disclosure of personal information to the police.
Specialist advice on the handling of patient information is provided by the Information Governance team within the North and East London Commissioning Support Unit to ensure all legal requirements are met when handling information.
National fraud initiative
Enfield CCG is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds or where undertaking a public function in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises. Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information, such as key payroll data and contact details. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018. Data matching by the Cabinet Office is subject to a Code of Practice.
View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.
Further information about countering fraud in the NHS is available on the Enfield CCG staff intranet site here.
How we keep your information confidential
It is everyone's legal right to expect that information held and used about you is safe and secure and is only used for the agreed purpose (s).
Everyone working for the NHS is subject to the Common Law Duty of Confidentiality. The information we hold about you, whether in paper or electronic form, is protected from unauthorised access. Under the NHS Confidentiality Code of Conduct, all our staff are required to protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared. All Enfield CCG staff receive annual training on how to do this. This is monitored by the CCG and can be enforced through disciplinary procedures.
Information provided in confidence will only be used for the purpose(s) advised with consent given by the patient, unless there are other specific circumstances covered by the current General Data Protection Regulation (GDPR) and UK legislations.
Enfield CCG takes this responsibility very seriously and has ensured that it has robust and effective processes and procedures in place to achieve this expectation for you and the information we hold and process about you.
Enfield CCG, working with our network service provider, North East London CSU ensures that information is held in secure locations with restricted access to authorised persons only. We protect any personal information that is held on our systems with encryption so that it cannot be accessed by those who do not have access rights.
How we use the patient information that we collect
Enfield CCG has safeguards in place to prevent its staff from identifying individuals from the data that we receive, using information from services we commission in Enfield or indirectly via the Data Services for Commissioners Regional Offices using national information from various NHS organisations as outlined in the previous section.
Information from your health and social care records will be received into Data Services for Commissioners Regional Offices and any information that might allow others to identify you is removed. This means that no one can know:
- your name
- your exact date of birth (this is replaced with just the year of birth)
- your postcode (this is replaced with a national standard area code that is based on the total population and number of houses in an area)
- The information from your health and social care records may also contain more sensitive information about your health and also information such as outcomes of needs assessments but these are mainly coded.
To comply with EU legislation we are required to tell you about the cookies used on this website.
A cookie is a small text file that is placed on your computer when you visit a website. Cookies help websites function usefully and can provide information to website owners.
Cookies do not place viruses on your computer and cannot run programs.
Our cookies do not provide us with any private or personally identifiable information about you. All data that is gathered is anonymous.
Some of the cookies we use collect information about how visitors use our site.
For example, one of our cookies counts the number of visitors to the site and notes which pages they visited. This anonymous information helps us to compile statistical reports, which can help us to improve the site.
Your web browser gives you the ability to accept or decline cookies. Generally, web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, some useful features of this website will not work.
For example, there is the option to view this website as text only, with no graphics. The 'useTextOnly' and 'set String' cookies remember that you have chosen to view this site with no graphics. If you choose to decline cookies you will have to select the text only option every time you view a new page.
The cookies we use and what they do
The cookies we use and what they do
|useTextOnly||This is used to store whether you are using the site in textOnly mode or not.
Persistent for three months.
|setString||This is used to store user preferences for viewing sites in textOnly mode e.g. font-size and colour.|
|cookieconsent_status||This is used to store whether the site will display the consent message.
Persistent for one year.
|These cookies are used to collect information about how visitors use our site. This information can be used to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Click here for an overview of privacy at Google
Places to go to find out more about cookies
You can find out more about cookies, including how to see what cookies have been set and how to manage and delete them, at these sites:
How we protect your information
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we use strict internal procedures and security features to prevent unauthorised access.
There are facilities within this web site which allow you to type in information and send it to Enfield Clinical Commissioning Group. You should be aware that such transmissions are not subject to any encryption and could, in theory, be intercepted and read by someone. Therefore you may wish to avoid including information which you consider to be private. Any information you supply to NHS Enfield Clinical Commissioning Group via this web site will be handled in accordance with our policies and procedures for data protection.
We also keep your information confidential. The internal procedures of Enfield Clinical Commissioning Group cover the storage, access and disclosure of your information.
How we use your information
We use information held about you in the following ways:
- To provide you with information, services that you request from us
- To carry out our obligations arising from any contracts entered into between you and us.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.
Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The Data Protection Act 2018 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.
CCG oversight and responsibility
The CCG’s Caldicott Guardian and Senior Information Risk Owner (SIRO) have overall responsibility of information risks with the CCG.
The CCG is provided with specialist data protection advice from its Information Governance Manager and Data Protection Officer, with the support from the Information Governance Team within the North and East London CSU to ensure all legal requirements are met when handling information.
The Senior Information Risk Officer for the CCG is Deborah McBeal, Director of Primary Care Commissioning & Deputy Chief Operating Officer. The SIRO’s email address is Deborah.firstname.lastname@example.org
The Caldicott Guardian for the CCG is Dr Mateen Jiwani, Medical Director. The Caldicott Guardian’s email address is email@example.com
The Data Protection Officer for the CCG is Dayo Adebari, Information Governance & FOI Manager for North Central London CCGs. The DPO’s email address is firstname.lastname@example.org