Privacy notice

Uses of Information

Although this is not an exhaustive detailed listing, the following are key examples of the purposes and rationale for why we collect and process information:


Hospitals and community setting organisations that provide NHS-funded care must by law submit certain information to NHS England about services provided to you and the population we serve. This information is known as commissioning datasets. The ICB obtains these datasets from NHS England which relate to patients registered with our GP practices. This enables us to plan, design, purchase and pay for the best possible care available for you.

The datasets we receive from NHS Digital have been linked and are in a format that does not directly identify you. Information such as your age, ethnicity and gender as well as coded information about any clinic or accident and emergency attendances, hospital admissions and treatment will be included.

We also receive similar information from the GP Practices within our ICB membership that also does not identify you.

We use these datasets for a number of purposes such as:

  • Performance managing contracts;
  • Reviewing the care delivered by providers to ensure service users are receiving quality and cost effective care;
  • To prepare statistics on NHS performance to understand health needs and support service re-design, modernisation and improvement;
  • To help us plan future services to ensure they continue to meet our local population needs;
  • To reconcile claims for payments for services received in your GP Practice;
  • To audit NHS accounts and services;

Within the ICB Groups work collaboratively to assess the need for services, and to work together in procuring, negotiating and managing contracts with Hospitals, Mental Health Providers and Community Health Providers. This collaboration is known locally as a Host and Associate Agreement and requires the ICB to receive Pseudonymised data (see definitions further on in this document). The information that is shared is governed by a written agreement and a commitment that we will not re-identify it.

The specific terms and conditions and security controls that we are obliged to follow when using those commissioning datasets can also be found on the NHS Digital website.

More information about how this data is collected and used by NHS Digital is available on their website.

Type of information used

Different types of commissioning data are legally allowed to be used by different organisations within, or contracted to, the NHS.

Legal basis

Statutory requirement for NHS England to collect identifiable information.

A Section 251 approval from the Secretary of Stage, through the Confidentiality Advisory Group of the Health Research Authority, enables the use of pseudonymised information about patients included in the datasets, by the organisations who submitted the information.

There is no requirement for a legal basis for use of the aggregated information which is available to the ICB as this does not identify individuals.

Data processing activities

The ICB processes this data internally. Data is also processed by MedeAnalytics and Arden & Gem on behalf of the ICB.

Opt out details

You are able to opt-out of the use of your personal data for research or planning purposes at a national level. 

Get further information or exercise your right to opt-out online.

Alternatively, speak to your GP practice, they can apply a code to your records which will stop your identifiable information being used for this purpose, and be shared with the national register of opt-outs.

How we use information provided by NHS England

We use information collected by NHS England from healthcare providers such as hospitals, community services and GPs, which includes information about the patients who have received care and treatment from the services that we fund. 

The data we receive does not include any direct identifiable information about patients such as names, home addresses, NHS number, postcode, and date of birth but is pseudonymised using a system called Pseudonymisation at Source, for further information please refer to the separate section within this privacy notice. This data includes information on age, ethnicity and gender as well as coded information about your visits to clinics, Emergency Department, hospital admissions and other NHS services.

The Secretary of State for Health has given limited permission for us (and other NHS commissioners) to use certain confidential patient information when it is necessary for our work and whilst changes are made to our systems that ensure de-identified information is used for purposes other than direct care. This approval is given under Regulations made under Section 251 of the NHS Act 2006 and is based on the advice of the Health Research Authority’s Confidentiality and Advisory Group.

In order to use this data, we have to meet strict conditions that we are legally required to follow, which includes making a written commitment to NHS England that we will not use information in any way that would reveal your identity. These terms and conditions can be found on the NHS England website.

Sharing information with other organisations

We commission a number of organisations (both within and outside the NHS) to provide healthcare services to you. We may also share anonymised statistical information with them for the purpose of improving local services, for example understanding how health conditions spread across our local area compared against other areas.

In order to perform our commissioning functions, information may be shared between various organisations including: acute and mental health hospitals, GP practices, community services, other ICBs, commissioning support units (CSU), ambulance services, local councils (social services and public health), voluntary sector and other health organisations.

The law provides some NHS bodies, particularly NHS England ways of collecting and using patient data that cannot identify a person. This information helps commissioners to design and procure the combination of services that best suit the population they serve.

We may also share information with NHS England. If you do not want your information to be used for purposes beyond providing your care you can choose to opt-out. If you wish to do so, please inform your GP practice who will advise you of how to opt out. You can opt out of your data being used for some purposes. You can withdraw your opt-out choice at any time by information your GP Practice. More information is available on NHS Digital Your personal information choices and in the section ‘Your Rights’ below.

NHS England recognises the importance of protecting personal and confidential information in all that they do, directly or through commissioning and takes care to meet its legal duties. Follow the links on the How NHS England uses your information page for more details.

Data may be de-identified and linked so that it can be used to improve health care and development and monitor NHS performance. Where data is used for these statistical purposes, stringent measures are taken to ensure individual patients cannot be identified.

When analysing current health services and proposals for developing future services it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation. This may involve linking primary care GP data with other data such as secondary uses service (SUS) data (hospital inpatient, outpatient and A&E data). In some cases there may also be a need to link local datasets which could include a range of acute-based (hospital) services such as radiology, physiotherapy, audiology etc, as well as mental health and community-based services such as Improving Access to Psychological Therapies (IAPT), district nursing, podiatry etc. When carrying out this analysis, the linkage of these datasets is always done using a unique identifier that does not reveal a person’s identity as the ICB does not have any access to patient identifiable data for this purpose.

We may also contract with other organisations to process data. These organisations are known as data processors. We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. Currently, the external data processors we work with are listed below:

Arden and Greater East Midlands (AGEM) Data Services for Commissioners Regional Office (DSCRO), who provide appropriate data for Secondary Use Services (SUS).

AGEM are approved by NHS England as a Data Services for Commissioning Regional Office (DSCRO). They provide a secure and compliant data processing function of health and social care data sets. This type of processing is to support commissioning and planning. The output data from this process will be anonymised or pseudonymised. The ICB does not receive any personal identifiable information from this service.

AGEM CSU also provide services for the ICB, This includes holding and processing data including patient information on our behalf.

The ICB has engaged the services of NHS Arden and Greater East Midlands Commissioning Support Unit (AGEM CSU) to assist in the processing and analysis of data received from NHS England  (that does not identify individuals) to support the ICB in fulfilling its commissioning responsibilities.

The ICB has entered into a contract with AGEM CSU to ensure there are strong controls in place to ensure that the data remains confidential and secure at all times.

The ICB has also engaged the services of AGEM CSU to support the processing of data for the Population Health Management and Risk Stratification Programme – which analyses data that that does not identify individuals.

MedeAnalytics provide a technical system that uses Pseudonymised data from GP and other health care systems to allow linkage of data in a way that does not involve either MedeAnalytics or the ICB to identify individual patients. The system uses data that is Pseudonymised at Source, for further information please see section below.


To process your personal information if it relates to a complaint where you have asked for our help or involvement.

Legal Basis

We will need to rely on your explicit consent to undertake such activities.

Complaint Processing Activities 

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. 

We will only use the personal information we collect to process the complaint and to check on the level of service we provide.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute.

If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with NHS retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

We will publish service user stories, following upheld complaints, anonymously via our governing body.  The service user stories will provide a summary of the concern, service improvements identified and how well the complaints procedure has been applied.  Consent will always be sought from the service user and carer or both before we publish the service user story.

Risk Stratification

Risk stratification is a process GPs use to help them to identify and support patients with long-term conditions and to help prevent un-planned hospital admissions or reduce the risk of certain diseases developing such as type 2 diabetes. This is called risk stratification for case-finding.  

Risk stratification tools use historic information about patients, such as age, gender, diagnoses and patterns of hospital attendance and admission collected by NHS England from NHS hospitals and community care services. This is linked to data collected in GP practices and analysed to produce a risk score.

There is currently s251 support in place for the ICB to be able to receive data with the NHS Number as an identifier from both NHS England and your GP Practice to enable this work to take place.  The Data is sent directly into a risk stratification tool from NHS England /GP Practices to enable the data to be linked and processed as described above.  Once the data is within the tool ICB staff only have access to anonymised or aggregated data. 

GPs are able to identify individual patients from the risk stratified data when it is necessary discuss the outcome and consider preventative care.

Type of information used

Different types of commissioning data are legally allowed to be used by different organisations within, or contracted to, the NHS.

Information put into the risk stratification tools used by the ICB: 

  • Age
  • Gender
  • GP Practice and Hospital attendances and admissions
  • Medications prescribed
  • Medical conditions (in code form) and other things that affect your health.

Legal basis

Statutory requirement for NHS England to collect identifiable information.

A Section 251 approval (CAG 2-03(a)/2013) from the Secretary of Stage, through the Confidentiality Advisory Group of the Health Research Authority, enables the use of pseudonymised information about patients included in the datasets.

There is no requirement for a legal basis for use of the aggregated information which is available to the ICB as this does not identify individuals.

Data processing activities

The ICB processes this data internally. Data is also processed by Arden & GEM Commissioning Support Unit and Prescribing Services Ltd on behalf of the ICB.

Opt out details

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do not wish your data to be included in the risk stratification service (even though it is in a format which does not directly identify you) you can choose to opt-out. 

In this case, because pseudonymised data is being used, the National Data Opt-Out does not apply. Instead, please inform your GP practice who will apply an opt-out code to your record to ensure that your information is not included in the programme.

Invoice Validation

Where we pay for care, particularly where different providers are caring for the same person, we may ask for evidence before paying, or we may commission a service where the payment is all or partly based on the providers ensuring the service user has a healthy outcome. We need to ensure that we are paying the right amount of money for the right services to the right people.

These invoices are validated within a special secure area known as a Controlled Environment for Finance (CEfF) to ensure that the right amount of money is paid, by the right organisation, for the treatment provided.

A small amount of information that could identify an individual is used within this secure area (such as NHS number or date of birth and postcode). The process followed ensures that only the minimum amount of information about individuals is used by a very limited number of people. The process is designed to protect confidentiality.

Organisations that provide treatment submit their invoices to the ICB for payment. The secure area (Controlled Environment for Finance, within the ICB) receives additional information, including the NHS Number, or occasionally the date of birth and postcode, from the organisation that provided treatment.

Our Providers send information into our secure area, which includes the NHS number and details of the treatment received. The information is then validated ensuring that any discrepancies are investigated and resolved between the Controlled Environment for Finance and the organisation that submitted the invoices. The invoices will be paid when the validation is completed.

Type of information used

Identifiable – (name, DOB, GP, NHS number) within the Controlled Environment for Finance, for invoice validation.

Pseudonymised, anonymised or aggregated - within the ICB, for commissioning purposes such as financial planning, management and contract monitoring.

Legal basis

A Section 251 approval from the Secretary of State, through the Confidentiality Advisory Group of the Health Research Authority enables the ICB to process identifiable information without consent for the purposes of invoice validation within a Controlled Environment for Finance – CAG 7-07(a)(b)(c)/2013.

Data processing activities

This data is processed in house by Hertfordhire & West Essex ICB. Only authorised staff are able to access this information.

Opt out details

National data opt-out does not apply

Additionally, your GP practice can apply a code which will stop your identifiable information being used for this purpose.

Additional information is also available from the NHS England website.

Funding Treatments

We will collect and process your personal information where we are required to fund specific treatment for you for a particular condition that is not already covered in our contracts. 

This may be called an “Individual Funding Request” (IFR). 

Type of Information Used

Identifiable – such as NHS number, DOB, Name, registered GP to make payments 
Anonymous – to provide reports for analysis of payments made 

Legal Basis 

Direct Care and Administration UK GDPR/DPA 2018

  • Article 6 1 (e)
  • Article 9 2 (h)

And common law duty of confidence

How We Collect and Use Information in relation to Funding Treatments

Information required to make payments in relation to Funding Treatments is provided by you, along with relevant information from primary and secondary care with regard to the referral for specialist treatment.

Continuing Healthcare

We will collect and process your identifiable information where you have asked us to undertake assessments for Continuing Healthcare (a package of care for those with complex medical needs) and commission resulting care packages.

Type of Information Used

Identifiable – such as name, address, DOB, NHS number

Legal Basis

Direct Care and Administration GDPR/DPA 2018

  • Article 6 1 (e)
  • Article 9 2 (h)

And common law duty of confidence

How We Collect and Use Information in relation to Continuing Healthcare

The assessment team will collect, use, share and securely store information from / with the Local Authority (Social Services) and other organisations or individuals that are either directly or indirectly involved in the assessment, decision-making process, the arranging of care, the funding and payment of care and appropriate monitoring of and audit of the safety and quality of care.


We will collect and process identifiable information where we need to assess and evaluate any safeguarding concerns.

Legal Basis

Because of our duty to protect the safety and welfare of vulnerable children and adults, we will rely on a statutory basis rather than consent to process information for this use.

Patient and Public Involvement

If you have asked us to keep you regularly informed and up to date about the work of the ICB or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you share with us.

Legal Basis

We will rely on your consent for this purpose


Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.

Fraud Prevention

The ICB is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

The Cabinet Office conducts data matching exercises to assist in the prevention and detection of fraud. This is one of the ways in which the Minister for the Cabinet Office takes responsibility within government for public sector efficiency and reform. The Minister for the Cabinet Office is also the Chair of the Fraud, Error and Debt Taskforce, the strategic decision-making body for all fraud and error, debt and grant efficiency initiatives across government.

Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the UK GDPR / Data Protection Act 2018.

All bodies participating in the Cabinet Office’s data matching exercises receive a report of matches that they should investigate, so as to detect instances of fraud, over- or under-payments and other errors, to take remedial action and update their records accordingly.

Serious Incident Reports

The ICB collects and uses information from Serious Incident Reports from Primary and Secondary Care Providers to ensure incidents are dealt with appropriately and lessons learnt. 

Legal Basis 

Explicit consent 

How We Collect and Use Information in relation to Serious Incident Reports

We are statutorily required to fully investigate and review incidents. Where there is a requirement to provide incident reports externally the information will be anonymised unless there is a legal requirement to provide your details. You will be kept informed of the requirements we are required to meet and asked for consent where information is to be shared externally

Pseudonymisation at source

The ICB has been working closely with MedeAnalytics to develop systems that provide the data we and the GPs need to do our work, but in ways that do not involve MedeAnalytics or the ICB using information that can identify individual patients.

Pseudonymisation is a technical process that replaces identifiable information such as NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identify of the individual patient to those working with the data. It allows records for the same patient from different sources to be linked to create a complete longitudinal record of the patient’s condition, history and care.

Linkage of data from different health and social care data sources is undertaken enabling the processing of data and provision of appropriate analytical support for GPs and ICBs whilst protecting the privacy and confidentiality of the patient(s). Technical and organisation measures are in place to ensure the security and protection of information. Robust access controls are in place to ensure only GPs are able to re-identify information about their individual patients when it is necessary for the provision of care.

MedeAnalytics Pseudonymisation at Source system has been confirmed by the Information Commissions Office as sufficiently de-identifying patient identifiers before it leaves the originating source to make it impossible to re-identify the individual concerned, as well as receiving approval from the Confidentiality Advisory Group which provide guidance to the Secretary of State for Health

Primary and Secondary Care Data

The NHS provides a wide range of services which involve the collection and use of information. Different care settings are considered as either ‘primary care’ or ‘secondary care’. 

Primary care settings include GP practices, pharmacists, dentists and some specialised services such as military health services. Secondary care settings include local hospitals, rehabilitative care, urgent and emergency care (including out of hours and NHS 111), community and mental health services. 

Throughout this Privacy Notice you will see reference to an organisation called NHS England. They are the national provider of information, data and IT systems for commissioners (such as the ICB), analysts and clinicians in health and social care. NHS England provides information based on identifiable information passed securely to them by Primary and Secondary Care Providers who are legally obliged to provide this information. 

Get more information on the way NHS England collects and uses your information.