Fair Processing, Data Protection and Caldicott

Privacy notice – how we use your information

The purpose of this notice is to inform you of the type of information (including personal information) that NHS Doncaster Clinical Commissioning Group (CCG) holds, how that information is used, who we may share that information with, how we keep it secure and confidential, and reminds you of your rights under current Data Protection Legislation. Please see the attached notice for further information.

DCCG Children’s Privacy Notice

Privacy Notice Covid-19 April 2020

Privacy Notice Doncaster CCG

Data Protection – how we protect your information

NHS patients and social care service users may receive care and treatment from a number of different places. It can be necessary to link this information together to provide the full picture needed to support the activities listed above. In effect, sharing information enables the NHS to improve its understanding of the most important health needs and the quality of the treatment and care we provide to you.  As part of the process, providers undertake Data Protection Impact Assessments to ensure that risks to the rights and privacy of individuals are minimised while allowing the aims of services to be met whenever possible.  The CCG has a standardised approach towards identifying, assessing and mitigating data protection and privacy, ensuring it meets its legal statutory requirements. The latest DPIA list is available on our website by following this link under the heading ‘Data Protection Impact Assessment (DPIA)’.

Subject Access Requests

The current Data Protection Legislation gives everyone the right to see, or have a copy of, any personal information held about them. This is known as a Subject Access Request. Please see our attached leaflet for information on how to make a request to NHS Doncaster CCG.

If you require access to your health records, then you will need to submit your request in writing to the appropriate organisation such as:

      • Your local GP surgery, optician, dentist or pharmacist.
      • Your local Community or Mental Health Trust for care provided by that Trust.
      • Your local Hospital Trust for care provided by that Trust.

All requests for access to personal data held by NHS Doncaster CCG are dealt with by the Information Governance Team.

Information Governance Team
NHS Doncaster Clinical Commissioning Group
Sovereign House
Heavens Walk

Any request should be made in writing with the requester’s signature, and should contain enough information to identify the data required.

We aim to comply with requests within one calendar month.

Requests made under the Data Protection Act 2018 or Access to Health Records Act (1990) may be subject to fees. These will be notified to any requester in advance of processing the request.


The Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. More information about the role of Caldicott Guardians is available here

For NHS Doncaster CCG, the Caldicott Guardian is the Chief Nurse, Mr Andrew Russell.

NHS Doncaster CCG works in accordance with the Caldicott Principles:

Principle 1: Justify the purpose(s) for using confidential information

Principle 2: Don’t use personal confidential data unless it is absolutely necessary

Principle 3: Use the minimum necessary personal confidential data

Principle 4: Access to personal confidential data should be on a strict need-to-know basis

Principle 5: Everyone with access to personal confidential data should be aware of their responsibilities

Principle 6: Comply with the law

Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality

National Fraud Initiative

This organisation is required [by law] to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the current Data Protection Legislation.

Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information please see our Fair Processing Notice.