Infection Prevention and Control

Data Controller

NHS West Yorkshire Integrated Care Board

Purpose

ICBs collaborate with Public Health services and work closely with the organisations involved in providing patient care, to jointly identify and agree the possible causes of, or factors that contributed to a patient’s infection.

Lawful basis

GDPR Article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’

GDPR Article 9(2)(j) ‘ …necessary for reasons of public interest in the area of public health…or ensuring high standards of quality and safety of health care and of medicinal products or medical devices…’

Related legislation:

The Health and Social Care Act 2008: Code of Practice for the NHS for the Prevention and Control of Healthcare Associated Infections (revised January 2015) and Regulation 3 of The Health Service (Control of Patient Information) Regulations 2002.

Type of information used

Identifiable: Personal (such as name, address, date of birth) and

Special Category (health information)

Who we will share the information with (recipients)

Information may be shared with primary and secondary healthcare providers and with the Local Authorities who are responsible for Public Health within the ICB boundary.

Do we use any processors

The Health Informatics Service (THIS), our IT supplier who store all our information securely on their servers.

Microsoft Azure, supported by IT staff, host our data.

How we collect (the source) and use the information

ICBs participate in Post Infection Review in the circumstances set out in the Post Infection Review Guidance, issued by NHS England.

The ICB receives this information from healthcare providers.

The ICB uses the results of the Post Infection Review to inform the mandatory healthcare associated infections reporting system.

How long we will keep the information

10 years

Your Rights

With regards to Assuring Transformation under the UK GDPR you have the following rights:

The right to be informed about the processing of your data (this notice)
The right of access to the data held about you
The right to have that information amended in the event that it is not accurate
The right to restrict processing
The right to object to processing
Right not to be subjected to automated decision making and profiling
To be notified of data breaches

For more information about these rights, please visit the Information Commissioner's Office website.

<< Back to privacy notice