Data Protection - Privacy Notice

The aim of NHS Southern Derbyshire Clinical Commissioning Group is to purchase and manage services to provide you with the highest quality healthcare.  To enable us to do this effectively, efficiently and safely, we must keep some records of your treatment. 

NHS health records may be electronic, on paper or a mixture of both. We use a combination of working practices and technology to ensure that your information is kept confidential and secure.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner's Office), Human Rights Act 1998, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.  Our data protection registration with the Information Commissioner's Office (registration number Z3616698) sets out the purposes we hold information for. 

We receive details of patient treatment from healthcare providers whose services we buy, for example hospitals and community services. The data is used for managing the contracts and for planning future services.

The personal data we receive is made anonymous before being used for these purposes.

We may hold your personal and healthcare information to look into any complaint you raise with us, carry out continuing healthcare assessments, deliver a Customer Care Service and carry out investigations.

We employ NHS Greater East Midlands Commissioning Support Unit to provide a range of services to us. For example, holding and analysing the data we collect from healthcare providers, providing Human Resources/Personnel services and handling complaints on our behalf.  We remain accountable for the personal data held on our behalf.

We share anonymous statistical information with other agencies for the purpose of improving local services. For example, understanding how conditions spread across our local area.

We may occasionally share identifiable information with agencies where we are legally permitted to do so, for example, if permission to provide data to a researcher (without seeking patient consent) has been granted by the Health Research Authority's Confidentiality Advisory Group, or with your consent.

All our staff, and those working on our behalf, with access to patient identifiable information have contractual obligations of confidentiality, enforceable through disciplinary procedures.  Staff receive appropriate and on-going training to ensure they are aware of their responsibilities.

Staff are granted access to personal data strictly on a "need to know basis" and management approval is necessary for gaining access to systems which hold personal data.

We will not otherwise share, sell or distribute any of your personal information to any third party without your consent, unless required to do by law.

Each NHS organisation has senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. This person is called the Caldicott Guardian, who in NHS Southern Derbyshire Clinical Commissioning Group is Lynn Woods - Chief Nurse & Director of Quality.

The Care Record Guarantee provides a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

If you have any questions or concerns regarding the use of your information, or you wish to make a subject access request under the Data Protection Act, please contact Information Governance at:


NHS Southern Derbyshire Clinical Commissioning Group

Cardinal Square, First Floor, 10 Nottingham Road, Derby DE1 3QT

Related links

HSCIC Code of Confidentiality 

Caldicott Review


Records Management

Records Management - NHS Code of Practice

Data Sharing

Data Sharing Code of Practice

Advice and Guidance on the Law and Personal Data

The Information Commissioner's Office


Information Security

Information Security Management: NHS Code of Practice

Anonymising Information

Pseudonymisation Implementation Project

Requesting Information Under the Data Protection Act

Information Commissioners Guidance on Subject Access

The Care Record Guarantee

National Care Record Guarantee  

Health research Authority

Confidentiality Advisory Group



choose well Choose the right care

For more information, help and support go to:  You can also find out more about


© NHS Southern Derbyshire CCG 2015 - Developed by