Product description
The Health Decision Suite (HDS) is a digital area where the Trust stores your information which can then be used for the evaluation of the services you receive, reporting and analysis when lawfully allowed to do so.
Trusts will be using this product to support their requirement to produce statutory reports that are mandated by NHS England at a time when their data warehouse is unable to cope with additional demand.
What are the purposes for processing my personal data in this Product?
This product processes personal information (called ‘personal data’ under data protection laws) about patients are receiving care or using services at the Trust in order to support the new Patient Administration System. This also means that the national reports can be generated which are required by NHS England. None of the information being provided to NHS England contains personal data.
The product enables the Trust to safely and securely store data to make sure that the Patient Administration System operates fully. This helps the Trust to make sure that the services you receive are provided in the right way.
What personal data about me is processed in this Product?
Personal data which directly identifies you (we call this directly identifiable data) will be processed by the Trust about patients who are under their care of or receiving treatment from them, for the purposes above. Data that is processed by hospitals that use this Product may include a patient's:
- name
- address including postcode
- date of birth and age
- sex and gender
- marital status
- living habits
- mobile and home number
- physical description
- NHS number or hospital record number
- health information, including information about your medical condition, symptoms, diagnosis and treatment
- racial and ethnic origin
Personal data about members of staff involved in the delivery of care may also be processed when using this Product, including the names of staff involved in providing care and their email address
Who is my personal data shared with?
Your personal data is accessed and used by health care professionals in the hospital who are providing you with individual care and treatment, and support staff who need to support health care professionals to administer your care journey.
Your personal data will not be shared with any other organisations as part of this Product.
UK GDPR Information
Controllers of your personal data
Under data protection law the Trust's using the Product are the legal controllers of your personal data under data protection laws. The specific Trust's using the Product are listed on the Product Description page of the NHS England website.
Legal grounds for processing your personal data
The processing of personal data by the Trust's for the purposes explained above is permitted under the following legal grounds under data protection law (this is UK GDPR and the Data Protection Act 2018 (DPA2018)):
- Public Task - Article 6(1)(e) of UK GDPR ‘necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
- Health Care - Article 9(2)(h) of UK GDPR ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...” In addition, the legal grounds under paragraph 2 of Part 1 of the DPA 2018 apply (health care purposes).
The personal data processed about patients by the Trust for the purposes above is also confidential data. As the Trust is processing your confidential data to provide you with individual care, it is relying on your implied consent to do this, as you would reasonably expect the hospital to process your personal information this way to provide you with care. The Trust will keep your personal data confidential and only use and share it with other members of the care team to provide you with care, where you would reasonably expect them to, and subject to strict confidentiality controls to ensure your information remains confidential.
Processor acting on behalf of Trusts
The data platform contractor, Palantir Technologies UK LTD is a processor acting on behalf of the Trust's who are using this Product. They provide the data platform and the technology that the Product uses and only act on the instructions of the Trust.
Your rights under UK GDPR
You have the following rights under UK GDPR in relation to the processing of your personal data by the Trust for the purposes above:
- Right to be informed
- Right of access
- Right to rectify
- Right to object
Further information about these rights is in the NHS Federated Data Platform privacy notice. Your Trust will also have a Privacy Notice on its own website which will explain more about how the Trust processes your personal data, your rights and how to exercise them.
Contact details for data protection officers in the Trust's using this Product.
Does the National Data Opt Out or any other opt out apply to this Product?
The National Data Opt Out does not apply to the processing of your personal data by the Trust for the purposes explained above. This is because the Trust is processing your personal data to provide you with individual care and treatment and the National Data Opt Out does not apply in these circumstances. Additionally, Type 1 Opt Outs do not apply to the processing of your personal data by the Trust as this confidential data is not received from your GP Practice.
More information
For more information about how personal data is processed within the Federated Data Platform please see the NHS Federated Data Platform privacy notice.