How we use your information

The Clinical Commissioning Group (CCG) is responsible for commissioning (buying) health services from providers, such as hospitals and General Practitioners (GPs), to provide the highest quality of healthcare to people living and working within our area.

The Clinical Commissioning Group (CCG) is responsible for commissioning (buying) health services from healthcare providers, such as hospitals and General Practitioners (GPs), to provide the highest quality of healthcare to people living and working within our area.

The support the CCG in fulfilling its statutory role, it may hold some information about you. This document (which is also known as a privacy notice or fair processing notice) outlines how that information is used, who we may share that information with, how we keep it secure (confidential) and what your rights are in relation to this.

This document is separated into the following sections:

Who we are and what we do

The Leeds Clinical Commissioning Groups (CCGs) are responsible by law for improving health, care and services through planning. CCGs buy services from healthcare providers, such as hospitals and General Practitioners (GPs), to provide the highest quality of healthcare to people living and working within Leeds.

The support the CCGs in fulfilling their statutory role, we may hold some data about you. This document (which is also known as a privacy notice or fair processing notice) details how that data is used, who we may share that data with, how we keep it secure (confidential) and what your rights are in relation to this.

The Kings Fund’s short animation to show how the health service works is available here.

What kind of data do the CCGs use? 

We use three types of data:

Anonymous grouped (or ‘anonymised’ (definition)) data which is about you but from which you cannot be personally identified. This is normally presented as grouped (aggregate) data.

De-personalised (or ‘pseudonymised’) data where any identifiable information (for examples, see below) has been removed and replaced with a unique code (to represent you as an individual) to make it practically impossible to identify you from the remaining information about other people. The CCGs treat this type of data like personally-identifiable information to minimise any risk of this data becoming reidentifiable back to yourself.

Personally-identifiable (or ‘personal’ (definition) or ‘sensitive personal’ data (definition)) from which you and information about you is clearly identifiable back to you. For example, this could include your name, NHS number and address.

What is anonymous grouped data used for?

We use anonymised data to plan health care services.  Specifically we use it to:

  • Check how well/good and successful the health services we commission are
  • Check that the services we commission are performing as intended
  • Work out what illnesses people will have in the future, to plan and prioritise services and ensure these meet the needs of patients in the future
  • Review the care being provided to make sure it is of the highest standard
  • Look at care being provided to see where improvements could be made

Regarding employees, we may publish the total number of sickness days or how many administrative and clerical staff were employed by the CCGs during a financial year.

Please see details of data collected and used for specific purposes for further data.

What is de-personalised (otherwise known as ‘pseudonymised’) data used for?

As an example, when you see your GP, your GP practice provides data to us so we can check the care of people living in our area. We receive that data as de-personalised data.

Data that has been de-personalised ensures that:

  • Only the GP practice is able to identify you. The practice maintains a secure record of unique codes that represent each patient. Using a code in this way means that when data is shared with other organisations, the identity of patient(s) is not revealed. This is useful where data about the same patients is being compared over two different points of time. Exploring whether a course of treatment has benefited patients by checking how they are the start and end of treatment is completed by using this technique.
  • The data we receive from other organisation is usually unidentifiable to us – we have no way to determine who the data relates to: names, address, dates of birth and NHS number have been removed before we see the data.
  • There should only be a negligible risk that the pseudonymised data may reveal a suspected identity – the unique codes are meaningless outside of this purpose, so only if those staff in the practice should be able to identify an individual.
  • We ensure that there are other measures in place to prevent us (or anybody else) from being able to reidentify individuals from the data – for example, if a patient has a rare conditions, then that data is subject to extra precautions to minimise this possibility.
  • Using this type of data improves the CCG’s ability to work out the care needs of people within the local area. Examples of where pseudonymised data have been used include, to:
  • Identify where and why delays in care occur to help ensure patients are treated in a timely manner
  • Identify gaps in services so to explore how new services may improve care
  • Check patients health is improving and to explore how successful services are at improving health

The CCGs utilise pseudonymised data across a variety of areas, such as Inpatient, Outpatient, Accident and Emergency, Out of Hours, Urgent Care, Community Nursing, Community Mental Health, General Practice and Social Care from a variety of health and care providers data. This data is de-personalised/pseudonymised by the Data Services for Commissioning Regional Office (DSCRO) based at North of England Commissioning Support (NECS) in accordance with the requirements of the Health and Social Care Act 2012 or by the healthcare provider themselves.

The same unique code is used across these services so that the data may be linked together without actually revealing the identity of the patient. The unique code is not used outside of these sets of data. The CCG handles pseudonymised data to the same level of scrutiny and confidentiality as if it were sensitive personal data and no further data linkages are undertaken outside of the above process.

Please see details of data collected and used for specific purposes for further data.

What is personally-identifiable data used for?

There are some limited exceptions where we may hold and use sensitive personal data about you.  For example the CCG has been required by law to perform certain tasks that involve the processing of sensitive personal data.

The CCG only has access to identifiable data when individuals have consented to this, a law or direction from the Secretary of State for Health explicitly permits this.

The areas where we regularly use sensitive personal data include:

  • Facilitating the process where you or your GP may request special treatments is not routinely funded by the NHS (known as Individual Funding Requests)
  • Assessments for continuing healthcare (for those with complex medical needs) and appeals
  • Responding to your queries, compliments or concerns
  • Assessment and evaluation of safeguarding concerns
  • The data is necessary for your individual care
  • Out of area specialised care case management
  • To co-ordinate Care Treatment Reviews (CTRs) and Care, Education and Treatment Reviews (CETRs) and a community support register
  • To update the Assuring Transformation database
  • Management of patient medication, as a service provided to GP practices
  • Responding to patients, carers or Member of Parliament communication
  • Investigating incidents
  • Investigating the causes of an infection, sometimes contagious, which may be a risk to the public (a Post Infection Review). We do not need to always ask your permission to access your data is there is a wider risk to the public
  • You have freely given your informed agreement (consent) for us to use your data for a specific reason (purpose or project)
  • This is required to perform Human Resource, recruitment and payroll functions
  • To process claims for patients travel costs
  • There is an overriding public interest in using the data e.g. in order to safeguard an individual, or to prevent a serious crime
  • There is a legal requirement that will allow us to use or provide data (e.g. a formal court order)
  • For the purposes of security, crime prevention and detection CCTV is in operation on the CCG premises
  • Where there is a Section 251 exemption permitting the use of sensitive personal data under specific conditions, for example to:
  • Understand the local population needs and plan for future requirements, which is known as “Risk Stratification for commissioning”:
    Data health and social care records are looked at by the CCG to identify groups of patients who would benefit from some additional help from their GP or care team. The aim is to prevent ill health and possible future hospital visits, rather than wait for patients to become more poorly. Typically, the CCG only use the NHS number to identify patients for this purpose. Only the GP/care team is able to see who actually requires additional help and there are strict rules in place to ensure this.
  • Ensure that the CCG is billed accurately for the treatment of its patients, which is known as “Invoice Validation”:
    Where the CCG pay for care, particularly where different providers are caring for the same patient, we may ask for evidence before paying, or we may design a service where the payment is all or partly based on the providers ensuring the service user’s health improves. When processing invoices for payment of treatment or procedures you have received – data such as NHS number, name, address and date of treatment might be used by the CCG. Where this happens, these details are held within a secure environment and kept confidential; such data is only used to validate invoices and not shared for any other purpose
  • Monitor access to services, waiting times and particular aspects of care, for which the CCG is considered to be an “Accredited Safe Haven

Please see details of data collected and used for specific purposes for further data.

When do the CCGs link/join data together, including where data held by other organisations? 

Data linkage is the process of linking data together from different places. Within the CCG, this is only done using pseudonymised codes. This allows the CCG to see the wider patient experience and outcomes through the different types of care that are provided to identify issues and improvements. An example of this is where hospital and primary care (GP) data is linked to better understand patterns in healthcare provision and to plan and evaluate services. For example, the CCG might look at whether certain newly introduced falls services for older people have reduced this need to attend Accident and Emergency.

The CCG utilises NHS Digital and their Data Services for Commissioners Regional Office (DSCRO), which presides within North of England Commissioning Support to process data to perform these data linkages. The Health and Social Act 2012 and later directions of NHS Digital established the Data Services for Commissioners (DSfC) programme (whereby the DSCRO act as an accredited secure facility to process personal confidential data (PCD) for purposes beyond direct patient care). This approach ensures that the CCG does not receive any identifiable data. The CCG does not perform any data linkages of identifiable data and the only data linkages performed on its behalf are processed within the DSCRO.

For further data, please see examples included within the What do we use de-personalised data for section. Please see details of data collected and used for specific purposes for further data.

How do the CCGs share data about you with other organisations? 

We commission a number of organisations (both within and outside the NHS) to provide healthcare services and work with other organisations. We may share anonymised statistical data with them for the purpose of improving local services, for example to understand how health conditions in across our local area compare against other areas.

Laws are in place that permit NHS Digital and some other NHS bodies to process identifiable patient data, however such data is only provided to organisations, such as CCGs, normally in a pseudonymised/deidentified format (see What do we use de-personalised data for). This flow of data assists CCGs to design and buy the combination of services that best suit the local area.

For more data please see our leaflet Sharing Healthcare Records.

  • Who do the CCGs use to processing data on their behalf (data processors)?

As a data controller, we may also contract other organisations to process data on our behalf. We ensure that these organisations handle data under strict conditions and in line with the law. We will have in place agreements and contracts to ensure this.

Please see details of data collected and used for specific purposes for further data.

  • National Fraud Initiative Data Sharing

The CCG has a duty to protect the public funds it administers and as such participates in the National Fraud Initiative. This is an electronic data matching exercise conducted by the Cabinet Office, under statutory powers, for the purposes of preventing and detecting fraudulent and erroneous payments from the public purse. The exercise is run every two years.

The Cabinet Office’s data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal data. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

Participation in the data matching exercise assists in the prevention and detection of fraud and involves the provision of particular sets of data to the Minister for the Cabinet Office for matching for each exercise, and these are set out in the Cabinet Office’s guidance, which can be found at

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Cabinet Office is subject to a Code of Practice. This may be found at For further data on the Cabinet Office’s legal powers and the reasons why it matches particular data see

The key contact for the CCG is Steven Moss, Counter Fraud Manager, and if you have any queries regarding the exercise he can be contacted by:


Post: Steven Moss, Park House, Bridge Lane, Wigginton Road, York, YO31 8ZZ

Phone: 01904 725145 or 01423 554548

Declarations of Interests, Gifts, and Hospitality Publication

The CCG is required to maintain and publish on its website registers of interests, gifts and hospitality for all staff of the CCG defined as decision makers, as well as its Members, Governing Body and Committee Members. In exceptional circumstances, where the public disclosure of data could lead to a real risk of harm or is prohibited by law, a person’s name or other data may be withheld from the published registers. If staff feel that substantial damage or distress may be caused to them or somebody else by the publication of data in the registers, they are entitled to request that the data is not published. Such requests are made in writing to the CCG via the contact details provided below.

How do the CCGs protect the data they hold about you? 

We only use data that may identify you in accordance with the General Data Protection Regulation (EU) 2016/679, Data Protection Act 1998, Human Rights Act 1998 and Common Law Duty of Confidentiality. The General Data Protection Regulation requires us to have an appropriate justification (lawful basis) if we wish to use/process any personal data. This means that we cannot collect data without the purpose of this being clearly identified and we can only do this where a law that gives us permission to do this.

As required by the General Data Protection Regulation, when processing personal data we are obliged to ensure that we keep patients and staff aware of how we are using their data.

Within the health sector, we also have to follow the common law duty of confidence, which means that identifiable data about patients provided or collected during their care should be treated as confidential and only shared for the purpose of providing direct care.

We handle data in accordance with the Confidentiality NHS Code of Practice, Guide to Confidentiality, Caldicott Principles and professional standards in addition to the above legal requirements.

We also ensure the data we hold is kept in secure locations, restrict access to data to authorised personnel only, protect personal and confidential data held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it).

All CCG staff are expected to make sure data is kept confidential and receive annual training on how to do this. This is monitored by the CCG and can be enforced through disciplinary procedures.

The CCG has an executive director responsible for protecting the confidentiality of patient data. This person is called the Caldicott Guardian, they can be contacted using the details below.

The CCG is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website – by searching for “Leeds Clinical Commissioning”.

How long do the CCGs hold confidential data for?

All records held by the CCG will be kept for at least the duration specified by national guidance from the Information Governance Alliance (see  Records Management Code of Practice for Health and Social Care 2016 Retention Schedule). Once the retention period is complete, the data will be reviewed as to whether it can then be securely destroyed.

What rights do you have regarding the data held by the CCGs? 

You have the right to:

  • have data about you processed fairly and lawfully, and to be able to access any personal data about you held by the NHS.
  • privacy, and can expect the NHS to keep data confidential and secure.
  • request that your confidential data is not used for purposes other than your own care and treatment, and to have your objections considered.

These rights are set out in the NHS Constitution.

  • View the data we hold about you (Subject Access Request)

The CCG does not directly provide health care services and therefore you may need to contact your GP Practice or healthcare provider to see or be provided with copies of your medical record.

You can view or request copies of the data about you that we may hold (by making a “Subject Access Request”) however, by emailing (or using the contact details below). If you wish to have a copy of the data we hold about you, this will usually be provided free of charge.

  • Request updates or corrections are made to the data held about you

You can request data found to be factually inaccurate or incorrect be corrected.

  • Right to be forgotten

You can check that data about you will not be kept for longer than necessary for the purposes specified above.

  • Withdraw your consent to data being processed about you

You are able to change your mind about consent you have provided to permit the CCG to process data about you. Once data has been either anonymised or published (with your agreement) this is no longer possible however.

  • Opt-out (stop) of data about you being processed beyond direct care

If you do not want the NHS to use data about you, which has been collected by your GP then you can opt out by completing an opt-out form and returning it to your GP practice. There are different types or levels of opt-out available – type 1 and type 2. If you do not want data that identifies you to be shared outside your GP practice, for purposes beyond your direct care, you can register a type 1 opt-out with your GP practice. NHS Digital collects data from a range of places where people receive care, such as hospitals and community services. If you do not want your personal confidential data to be shared outside of the NHS Digital, for purposes other than for your direct care you can register a type 2 opt-out with your GP practice. Further data about these types is available from the NHS Digital National Data Opt-out Programme and NHS Digital Data Choices webpages.

Depending on the type of opt out you may choose, this will prevent your data being shared outside of your GP practice or NHS Digital for purposes beyond your direct care (except in special circumstances allowed by law, such as when there is a public health emergency or safeguarding issue).

Please be aware that the CCG does not hold or commission the retention of identifiable historical data (such as in an ‘data warehouse’) and therefore any opt-out will already be applied to the data provided by NHS Digital and the Data Services for Commissioner’s Regional Office (DSCRO).

It is entirely up to you whether the NHS can use your data or not – and if you choose to opt out this will not in any way affect the care or treatment they receive as a patient. Please note that if you choose to opt-out of your data being used for Risk Stratification however, this could affect your direct care (as this data is used for ‘case management’ to assist GPs in identifying the care needs of their patients), you will need to discuss this with your GP to be clear of the possible consequences of this.

Please contact your GP practice, the hospital or healthcare provider if you wish for them to stop processing about you that is not for your direct care. It is not possible to request a care provider by stop processing data about you as this would prevent them caring for you and may prevent important data being shared with other professionals involved in providing care to you.

Please see details of data collected and used for specific purposes for further data. If you wish the CCG to stop processing data about you then please contact

  • Freedom of Information

The Freedom of Information Act 2000 (FOIA) provides the public with the right to access data held by the CCG (subject to a number of exemptions). To make a request for data please email or telephone 01274 256089.

What to do if you have any queries, requests and/or complaints 

If you have any questions or complaints regarding the data we hold on you or the use of your data, please contact us:

Data Protection Officer

NHS Leeds CCGs Partnership

Suites B5 – B9, Wira House, West Park Ring Road, LEEDS, LS16 6EB

Telephone: 0113 843 5470



For independent advice or to escalate concerns about data protection, privacy, data sharing issues and your rights you can contact:

Information Commissioner’s Office

Wycliffe House, Water Lane, WILMSLOW, Cheshire, SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745



Updated: 30/01/18