Privacy Notice
Privacy Notice for the Population Grouping for Health Planning Programme (PGHP) V 1.4 06.09.21
Purpose of programme
Cwm Taf Morgannwg Health Board (CTMUHB) and its partners are committed to delivering sustainable health care and implementing the Regional Partnerships Board “Stay Well in your Community” Programme. As part of this, Penrhiwceiber Medical Centre will start to use patient data to further understand trends in the population and assess individuals’ health risks. This will enable improved health research, service planning, and afford suitable patients the opportunity of anticipatory care, including possible referral to the Community Health and Wellbeing Teams (CHWT). This privacy notice explains the patient data use that is planned in detail and your rights to participate or opt out should you wish to do so.
How we use your health care information
The programme will use existing patient data, as set out within the following section, and will conduct a specialist form of analysis called population segmentation and risk stratification.
- Population segmentation involves the grouping of the local population by what kind of care they need and how often, as well as the number of chronic conditions they have.
- Risk stratification means understanding who, within each segment, has the greatest risk of having a significant health event, is at most risk of getting poorly and/or being admitted to hospital.
Risk stratification is a process for identifying and managing patients who are most likely to need hospital or other healthcare services and help to identify a person’s risks, for example of suffering a particular condition like diabetes. Risk stratification tools used in the NHS help determine a person’s risk of suffering a particular condition and enable us to focus on preventing ill health and not just the treatment of sickness Information about you is collected from a number of sources including NHS Boards and from this GP Practice.
By using selected information from your health records, secure NHS computer systems will look at any recent treatments you have had in hospital or in the surgery, and any existing health conditions that you have. This will alert your doctor to the likelihood of a possible deterioration in your health. The Clinical Team at the surgery will use the information to help you get early care and treatment where it is needed, and possibly refer you to the Community Health and Welfare Team (CHWT) for support.
Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services. Please note that you have the right to opt out of your data being used in this way.
What patient information do we collect in connection with the programme?
The data we process securely includes:
- NHS number
- Patient ID number (taken from the GP clinical system)
- Date of birth
- Gender
- Post code
- Ethnicity
- Episodes of care that have been provided by other NHS organisations, such as hospitals (including A&E attendance) and other primary care services.
- Information relating to which practice a patient is registered with.
This information about your health is already collected from a number of sources including NHS Trusts and all GP Practices. This information will be combined and analysed, for example to identify recent treatments you have had in hospital or in the practice and any existing health conditions that you have or are at risk of developing.
What organisations are working on the programme and what are their roles
GP Practices - submit patient data (where there is no opt out of submission) and receive reports to support patient care. The GP practices link up to the Community Health and Welfare Teams (set up by the Regional Partnership Board) and can make referrals for additional care/support as planned and delivered by those teams.
The Secure Anonymised Information Linkage Database (SAIL) – collect data from GP practices and Cwm Taf Morgannwg University Health Board. All data submitted to SAIL is handled securely. It is pseudonymised, analysed and then re-identified by Digital Health and Care Wales (DHCW) for return to the GPs via a secure Portal. This means that SAIL staff cannot identify you from the information. In addition, each Practice receives their own patient related data only. Data going to the Local Public Health Team is totally anonymised.
The Sollis Partnership (Sollis) - engaged by CTMUHB as a data processor to process the data (population segmentation and risk stratification). The data processed is completely pseudonymised.. This means that Sollis staff cannot identify you from the information. In addition, each practice receives their own patient related data only. Data for the Local Public Health Team is totally anonymised.
The Local Public Health Team, CTM – lead the programme and receive anonymous data only, which they analyse for research, planning and wider reporting to and within the CTMUHB and partners, such as those making up the Regional Partnership Board.
Cwm Taf Morgannwg University Health Board (CTMUHB) – submit secondary care data and receive anonymous reports to support healthcare research and planning.
Digital Health and Care Wales (DHCW) - act as a data processor on behalf of your GP practice and CTMUHB to complete the re-identification process and display this information back to your GP practice so that they can access the additional tool to help to locate those patients who would benefit from timely clinical interventions and support.
The Regional Partnership Board (RPB) – lead for the ‘Stay Well in Your Community Transformation Programme’, of which this programme is an element, as was the completed programme to set up the Community Health and Wellbeing Teams, which the GPs may refer patients to for individual care. The RPB also make progress reports to the Welsh Government, which will monitor and evaluate this programme and its outcomes.
Public Health Wales – support to the project in principle and will seek access to anonymised reports only.
The Programme Team can be contacted via the Programme Manager, Julie Kelly on e-mail julie.kelly@nhs.wales.uk Phone – 07773 370571
Lawful basis for the processing
This project is allowed on the following legal basis
- It is a task carried out in the public interest or in the exercise of official authority – Art 6(1)(e)
- It seeks to deliver the provision of preventative or occupational medicine, health or social care or treatment, or the management of health or social care systems – Art 9(2)(h)
Data security and keeping your information safe
Appropriate contractual and security measures are in place and processing takes place automatically. Only your GP is able to view the outcome, matching results against patients on their system. We have implemented strict security controls to protect your confidentiality and recommend this as a secure and beneficial service to you. At all times, your GP remains accountable for how your data is processed and any treatment given.
However, if you wish, you can ask your GP for your data not to be processed for this purpose and your GP will mark your record so that it cannot be extracted or used in connection with this programme. If you wish to raise your preferences in relation to the use of your personal data for the purposes of this programme, then please contact your GP or the practice manager about this. The contact details of the Practices Data Protection Officer are at the foot of this document.
Your rights in relation to the programme
The United Kingdom General Data Protection Regulations (UK GDPR) includes a number of rights for individuals. We must generally respond to requests in relation to your rights within one month, although there are some exceptions to this. The availability of some of these rights depends on the legal basis that applies in relation to the processing of your personal data. For this programme, the following rights are listed and how they apply are described below.
Right to be Informed
Your right to be informed is met by the provision of this privacy notice, and similar information when we communicate with you directly – at the point of contact.
Right of Access
You have the right to obtain a copy of personal data that we hold about you and other information specified in the UK GDPR, although there are exceptions to what we are obliged to disclose. A situation in which we may not provide all the information is where in the opinion of an appropriate health professional disclosure would be likely to cause serious harm to your, or somebody else’s physical or mental health.
Right to Rectification
You have the right to ask us to rectify any inaccurate data that we hold about you.
Right to Restriction of Processing
You have the right to request that we restrict processing of personal data about you that we hold. You can ask us to do this for example where you contest the accuracy of the data.
Right to Object
You have the right to object to processing of personal data about you on grounds relating to your particular situation. The right is not absolute, and we may continue to use the data if we can demonstrate compelling legitimate grounds, unless your objection relates to marketing.
Right to Complain to the Information Commissioner
You have the right to complain to the Information Commissioner if you are not happy with any aspect of practice’s processing of personal data or believe that we are not meeting our responsibilities as a data controller. The contact details for the Information Commissioner are:
Information Commissioner’s Office
Wycliffe House
Water Lane,
Wilmslow SK9 5AF
Website: www.ico.org.uk
Tel: 0303 123 1113
In addition to the above rights under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, you also have the right to:
- Opt-out from the programme and have your data withheld from analysis. If you wish to opt-out, and then please contact your GP, practice manager or the practice staff who will be able to process your opt-out preferences. The opt-out will then be applied by assigning a code to withdraw your data from being shared and subsequently used for this programme. Please note that withdrawal of your data will entail removal of your data from subsequent rounds of data extraction following your notification. You are able to reverse your decision at any time by again contacting the practice manager/staff.
- Request rectification where you believe the processing or any outcomes are not as they should be; again, you should speak to your GP or the practice staff.
Retention period
Your GP will retain relevant clinical information within your GP clinical record concerning all your care and treatment including any care and treatments offered as a result of data analysis, in line with the record management code of practice.
Risk stratified data held will only be retained for Your GP will retain relevant clinical information within your GP clinical record concerning all your care and treatment including any care and treatments offered as a result of risk stratification processes. In line with the record management code of practice.
Risk stratified data held will only be retained for seven years (the current year plus six financial years).
Records will not be kept after the retention period unless:
- The record is the subject of live litigation or a request for information. In these circumstances, destruction should be delayed until the litigation is complete or the relevant complaint procedure has been exhausted, at which time a new trigger point and retention period is created.
- The record has long-term value for the organisations statutory functions.
- The record has been or should be selected for permanent preservation
- The whole or part of the record may be extrapolated in order to preserve health and social care activity as part of a Welsh residents Health & Social Care Record - Retention values in these circumstances will be different from those described for operational use
Contact details of our Data Protection Officer and further information
The Practice is required to appoint a Data Protection Officer (DPO). This is an essential role in facilitating practice accountability and compliance with UK Data Protection Law.
Our Data Protection Officer is:
NHS Wales Informatics Service (NWIS) Information Governance
Data Protection Officer Support Service
4th Floor
Ty Glan-yr-Afon
21 Cowbridge Road
East Cardiff
CF11 9AD
Email the NWIS Team (mailto:nwisinformationgovernance@wales.nhs.uk )
Privacy Notice for the Population Grouping for Health Planning Programme (PGHP) V 1.4 06.09.21
We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.