Data Controller

NHS West Yorkshire Integrated Care Board

Purpose

ICBs collaborate with Public Health services and work closely with the organisations involved in providing patient care, to jointly identify and agree the possible causes of, or factors that contributed to a patient’s infection.

Lawful basis

GDPR Article 6(1)(e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’

GDPR Article 9(2)(j) ‘ …necessary for reasons of public interest in the area of public health…or ensuring high standards of quality and safety of health care and of medicinal products or medical devices…’

Related legislation:

The Health and Social Care Act 2008: Code of Practice for the NHS for the Prevention and Control of Healthcare Associated Infections (revised January 2015) and Regulation 3 of The Health Service (Control of Patient Information) Regulations 2002.

Type of information used

Identifiable: Personal (such as name, address, date of birth) and

Special Category (health information)

Who we will share the information with (recipients)

Information may be shared with primary and secondary healthcare providers and with the Local Authorities who are responsible for Public Health within the ICB boundary.

Do we use any processors

The Health Informatics Service (THIS), our IT supplier who store all our information securely on their servers.

Microsoft Azure, supported by IT staff, host our data.

How we collect (the source) and use the information

ICBs participate in Post Infection Review in the circumstances set out in the Post Infection Review Guidance, issued by NHS England.

The ICB receives this information from healthcare providers.

The ICB uses the results of the Post Infection Review to inform the mandatory healthcare associated infections reporting system.

How long we will keep the information

10 years

Your Rights

With regards to Infection Prevention and Control, under the UK GDPR you have the following rights: