Keeping your information confidential and secure

NHS Dorset Clinical Commissioning Group recognises the importance of protecting personal and confidential information in all that we do, and takes care to meet our legal duties under Data Protection Law. The CCG puts in place all reasonable technical, security and procedural controls required to protect your personal information for the whole of its life, in whatever format we hold that information in.

Within the health sector, we have to follow the Common Law Duty of Confidentiality, which means that where identifiable information about you has been given in confidence, it should be treated as confidential and only shared for the purpose of providing direct healthcare. The NHS Care Record Guarantee and the NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

Everyone working in, or for, the NHS Dorset CCG must use personal information in a secure and confidential way.  We are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All CCG staff, contractors and Governing Body members are mandated to attend annual training to ensure they are aware of their personal responsibilities and contractual obligations to uphold confidentiality. This is monitored by the CCG and can be enforced through disciplinary procedures. We ensure that any external companies who support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

We also ensure that the information we hold is kept in secure locations, and restrict access to information to authorised personnel only. We use administrative and technical controls to do this. We protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it). We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis.

The CCG has a Director responsible for protecting the confidentiality of patient information, called the Caldicott Guardian. This role is carried out by the Director of Nursing and Quality who can be contacted by emailing dataprotection.requests@dorsetccg.nhs.uk or by telephoning 01305 368070.

Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it outside of the CCG. The reasons why the CCG may process your personal information are:

If we transfer information outside of the UK, we will make ensure that appropriate safeguards are in place. We will only send your personal information to countries outside of the UK to:

We will always use one or more of these safeguards:

We will only keep your personal information in accordance with the national guidance from the Department of Health set out in the Records Management Code of Practice for Health and Social Care 2021.