PHM Privacy Policy

NHSE/I Population Health Management Development Programme

Cambridgeshire and Peterborough CCG

Population Health Management (PHM) Privacy Notice Suggestion

Under data protection law we must tell you about how we use your personal information. This includes the personal information that we share with other organisations and why we do so. Our main GP practice privacy notice is on our website. This additional privacy notice provides details about Population Health Management.

What is Population Health Management (PHM)?

PHM is about improving the physical and mental health outcomes and wellbeing of people and making sure that access to services is fair, timely, and equal. It helps to reduce the occurrence of ill-health and looks at all the wider factors that affect health and care.

This programme of work is aimed at improving the health of both local and national populations. It is being implemented across the NHS and this Practice is taking part in a programme extending across Cambridgeshire and Peterborough.

Population Health Management requires health and social care, to work together with communities and partner agencies, for example, GP practices, community service providers, hospitals and other health and social care providers. The organisations will share and combine de-identified information (where information identifying you has been removed) with each other in order to get a view of health and services for the population in a particular area. This information sharing is subject to robust security arrangements and risk assessments.

How will my Personal Information be used?

The information needed for this Programme will include information about your health and social care. Information about you and your care will be used in the programme, but in a format that does not directly identify you which we refer to within this privacy notice as pseudonymised. This information will be combined and anything that can identify you (like your name or NHS Number) will be removed and replaced with a unique code. This means that the people working with the data will only see the code and cannot see which patient the information relates to.

The information will be used for a number of health and social care related activities such as:

  • Identifying groups of patients that could benefit from direct interventions
  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

If the PHM programme sees that an individual might benefit from some additional care or support, the programme will send the information back to your GP or hospital provider and they will use the code to identify you and offer you relevant services.

Who will my personal information be shared with?

Your GP and other care providers will send the information they hold on their systems to the North of England Commissioning Support Unit (NECS) https://www.necsu.nhs.uk/ , who are part of NHS England. NHS Digital (who already holds information about other health and care attendances), will also send the information they hold to NECS. Social care data will also be provided by the Local Authority.

NECS will then de-identify (pseudonymise) all the data before sharing the data with Optum Health Solutions UK https://www.optum.co.uk/ who have been contracted by NHS England to link, combine, and analyse the data during the programme.

Both NECS and Optum are legally obliged to protect your information and maintain confidentiality in the same way that your GP or hospital provider is.

What will happen to my Personal Information when the Project is Finished?

On completion of the 22 week programme all data will be securely destroyed from NECS and Optum servers and a certificate of destruction provided to you GP surgery and other healthcare provider. This will not affect personal information already held by your GP or other health and social care providers.

Is using my personal data in this way lawful

Health Care Providers are permitted by data protection law to use information where it is “necessary for medical purposes”. This includes caring for you directly as well as management of health services more generally.

Sharing and using your information in this way helps to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used where allowed by law and in this case, anonymised data is used so that you cannot be identified.

This programme’s legal basis for sharing your information is GDPR Article 6 (1) (e)  “Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” and Article 9 (2) (h) “Processing is necessary for the purpose of …the provision of health or social care or treatment or the management of health or social care systems”.

In addition we uphold our duty of confidentiality to you by ensuring the appropriate de-identification of your information, ensuring you are made aware of how your information is used and giving you the choice to object to this use (see below).

Can I object to my data being used as part of this programme.

Yes. You have the right to opt out of sharing your personal data being used in this way. You can do this in two ways:

  1. Opt out of all sharing of your data for other uses outside your GP Practice

This is called a Type 1 opt out and you should request this directly to us, your GP practice. This will be applied not only to this programme but to any others we take part in.

  • National Data Opt-out (opting out of NHS Digital sharing your data)

You can find out more about and register a National Data Opt-out, or change your choice on nhs.uk/your-nhs-data-matters or by calling 0300 3035678.

This applies to identifiable patient data about your health which is called confidential patient information. If you don’t want your confidential patient information to be shared by NHS Digital with other organisations for purposes except your own care – either GP data, or other data it holds, such as hospital data – you can register a National Data Opt-out.

If you have registered a National Data Opt-out, NHS Digital won’t share any confidential patient information about you with other organisations, unless there is an exemption to this, such as where there is a legal requirement or where it is in the public interest to do so, such as helping to manage contagious diseases like coronavirus. You can find out more about exemptions on the NHS website.