Information We Hold

The purpose of NHS Erewash CCG is to purchase and manage services to provide patients in our area with the highest quality of healthcare.  To do this, we must keep records about you, your health and the care we have provided or plan to provide to you.

We hold information centrally which is used for statistical purposes to allow the NHS to plan the services it provides.  Examples of this include details of patient treatment from healthcare providers whose services we buy – for example hospitals and community services.

NHS records may be electronic, on paper or a mixture of both, and we may use a combination of working practices and technology to ensure that your information is kept confidential and secure.

NHS Erewash CCG is committed to protecting your privacy. We will only ask you for the minimum amount of information which will be collected lawfully in accordance with the Data Protection Act 1998. We undertake not to use any information we may hold about you for any purpose other than that for which it was collected, unless we have obtained your consent.

We are not permitted to use your personal data for buying and managing clinical services so we remove your personal identifiers wherever possible. We may also use de-identified data for research, audit and public health purposes.

We do not routinely hold medical records, but may hold other personal information relating to complaints, investigations, independent funding requests you may make, continuing healthcare funding, or reviews that we are carrying out on your behalf.

We will not share information about you for any reason unless:

  • You ask us to do so
  • Where a formal court order has been served on  us
  • In order to assist the police in the prevention and detection of crime
  • To protect children and vulnerable adults
  • We have special permission for health and research purposes(granted by the Health Research Authority) or
  • For the health and safety of others, for example to report an infectious disease such as meningitis or measles.

We work with a number of other NHS and partner agencies to provide healthcare services to you.  In order to protect your identity, your postcode or NHS number will be used to link your records in a secure system across the organisations where care is received.  Sharing information across organisations can be used in order to:

  • plan and improve services in response to the needs of local patients
  • find more effective ways of preventing, treating and managing illnesses
  • help us understand and compare the care received between geographical areas.
  • support public health by anticipating risks of particular diseases and conditions and enable us to take preventative measures

We also contract with other organisations to provide a range of services to us, for example holding and analysing the data we collect from other healthcare providers and for providing human resource services for our staff.  In these instances we ensure that our partner agencies handle our information under strict conditions and in line with the law.

If you do not want your information to be shared across organisations you will need to inform your GP practice or the service where you have been seen. This will be recorded within your medical record and will ensure that your confidential information is not being used other than where is necessary by law.

All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures.  Staff with access to personal confidential data have received appropriate on-going training to ensure they are aware of their responsibilities and staff are granted access to personal data on a need-to-know basis only.

Data collected will not be sent to countries where the laws do not protect your privacy to the same extent as the law in the UK. Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us with any third party without your consent.

The Care Record Guarantee is our commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.  Everyone who works for the NHS or for organisations delivering services under contract to the NHS has to comply with this guarantee.

In return, we ask you to:

  • Give us accurate information; and tell us as soon as possible if there are any changes, such as a new address.  This helps us to keep your information reliable and up to date.

Each NHS organisation has a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing.  This person is called the Caldicott Guardian, who in NHS Erewash CCG is Dr Markus Henn.

If you have any questions or concerns regarding the information we hold on you or the use of your information, please contact us at:

NHS Erewash Clinical Commissioning Group
Toll Bar House
1 Derby Road

For independent advice about data protection, privacy and data-sharing issues, you

can contact the Information Commissioner at: Wycliffe House, Water Lane, Wilmslow,

Cheshire, SK9 5AF. Phone: 08456 30 60 60 or 01625 54 57 45 Fax: 01625 524510



Related links
Confidentiality Confidentiality: The NHS Code of Practice

Caldicott Review: Information Governance in the Health and Social Care System

Records Management Records Management Code of Practice
Data Sharing Data Sharing Code of Practice
Advice and Guidance on the Law and Personal Data The Information Commissioner’s Office


Information Security Information Security Management: NHS Code of Practice
Anonymising Information Pseudonymisation Implementation project
Requesting Information Under the Data Protection Act Information Commissioners Guidance on Subject Access
The Care Record Guarantee National Care Record Guarantee
Health Research Authority Confidentiality Advisory Group,