Why we share your personal information
We may share your personal information with other organisations for these reasons:
We would not share information that identifies you unless you have given us permission. However, there are certain circumstances where we will process/share personal information without your consent. This is where we have another lawful basis such as:
Where this is necessary, we are required to comply with all aspects of Data Protection law.
Who we may share your personal information with
Where necessary or required we may share information with:
If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.
We commission a number of organisations (both within and outside the NHS) to provide healthcare services to you. We may also share anonymised statistical information with them for the purpose of improving local services, for example understanding how health conditions spread across our local area compared with other areas.
The law allows some NHS bodies, particularly NHS Digital (Health and Social Care Information Centre), to collect and use patient data which does not identify a person, to help Commissioners to design and procure the combination of services that best suit the population they serve.
We may also share information with NHS England and NHS Digital. If you do not want your information to be used for purposes beyond providing your care, you can choose to opt-out by contacting your GP practice.
In the usual course of our business, we may use other third party organisations known as ‘data processors’ under data protection law to support the delivery of our services. These organisations process your personal information on our behalf. When we share your information with our approved third party providers, our contractual relationship with them prevents them from using your information for any other purpose outside of our instructions to them. They may use their own third party data processors but are always required to meet the same legal requirements as the CCG does.
Currently, the external data processors we work with are:
|Data Processor||Function they carry out on behalf of the CCG|
|South Central & West Commissioning Support Unit||Provision of core DCS services for the Business Intelligence and Commissioning function|
|BDO||Internal Audit related purposes|
|TIAA Ltd.||Counter fraud investigations|
|NHS Shared Business Service||Invoicing|
|Dorset Healthcare University NHS Foundation Trust||Staff payroll, occupational health services|
|Thames Valley and Wessex Leadership Academy||Provision of training for specific courses|
|Giltbyte||Provision and management of online expenses system; EASY Expenses|
|Optum Health Solutions (UK) Ltd.||20 week population health management programme, ending June 2019|
We may use your personal information to tell you about relevant services offered by the CCG. We can only use your personal information to send you updates about our services if we have your consent.
We will ask for your consent to send you any information about:
You can withdraw your consent or ask us to stop sending you any marketing messages at any time. If you want to do so, please contact us by:
NHS Dorset CCG will never share or sell your information to external companies for their own marketing purposes.