Data Controller
NHS West Yorkshire Integrated Care Board
Purpose
ICBs collaborate with Public Health services and work closely with the organisations involved in providing patient care, to jointly identify and agree the possible causes of, or factors that contributed to a patient’s infection.
Lawful basis
GDPR Article 6(1)(e) - ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority’
GDPR Article 9(2)(j) ‘ - necessary for reasons of public interest in the area of public health…or ensuring high standards of quality and safety of health care and of medicinal products or medical devices’
Related legislation:
The Health and Social Care Act 2008: Code of Practice for the NHS for the Prevention and Control of Healthcare Associated Infections (revised January 2015) and Regulation 3 of The Health Service (Control of Patient Information) Regulations 2002.
Type of information used
Identifiable: Personal (such as name, address, date of birth) and
Special Category (health information)
Who we will share the information with (recipients)
Information may be shared with primary and secondary healthcare providers and with the Local Authorities who are responsible for Public Health within the ICB boundary.
Do we use any processors
The Health Informatics Service (THIS), and West Yorkshire ICB Leeds IT and Leeds City Council IT Integrated Digital Service (IDS) our IT suppliers who store all our information securely on their servers.
Microsoft Azure, supported by IT staff, host our data.
How we collect (the source) and use the information
ICBs participate in Post Infection Reviews in the circumstances set out in the Post Infection Review Guidance, issued by NHS England.
The ICB receives this information from healthcare providers.
The ICB uses the results of the Post Infection Review to inform the mandatory healthcare associated infections reporting system.
How long we will keep the information
10 years
Your rights
Under the UK General Data Protection Regulation all individuals have certain rights in relation to the information which the ICB holds about them. Not all rights apply equally to all our processing activities as certain rights are not available depending on the lawful basis for the processing.
If you require further detail each link below will take you to the Information Commissioner’s Office website where further detail is provided in the section ‘When does the right apply’.
These rights are:
- The right to be informed about the processing of your data
- The right of access to the data held about you
- The right to have that information amended in the event that it is not accurate
- The right to have the information deleted
- The right to restrict processing
- The right to have your data transferred to another organisation (data portability)
- The right to object to processing
- Rights in relation to automated decision making and profiling
Under the NHS Constitution you have the right to privacy and to expect the NHS to keep your information confidential and secure.
If you have an enquiry in relation to your data protection rights please contact wyicb.