Skip to main content Skip to footer

Our data protection impact assessment (DPIA) summaries

What DPIA is

This is a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy.

An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.

To determine if a DPIA is needed, a privacy screening template is completed using questions based on ICO published guidance. The responses are reviewed by information governance and the information asset owner or administrator to determine if a DPIA is needed.

If there is no personal data involved or there are no high risks before any privacy controls are taken account of, then a DPIA will not normally be needed.

DPIA summaries

Summaries are shown in alphabetic order of the project or process name.

Artificial intelligence in customer calls

We use artificial intelligence to determine the intent of the caller for some of our services.

No decisions are made about the customers that have a legal or similar effect on them.

A DPIA was needed because this was a new type of technology and some callers could be vulnerable adults.

Recommendation and conclusion

All risks to acceptable levels by existing controls. The effectiveness and accuracy of the technology will be monitored as part of the pilot.

CCTV

CCTV is used externally for our owned premises and internally where an incident or staff safety has justified its use.

This monitors behaviour of staff and visitors.

Recommendation and conclusion

One minor issue identified and resolved. Recommendation is that this processing continues but any new uses of CCTV are referred to information governance.

Data analytics laboratory

This feature uses big data analytics techniques to join personal data held across the our organisation.

The insight gained will be used to help better plan NHS services.

Recommendation and conclusion

Each idea being explored using patient data and big data analytics is subject to a bespoke version of a DPIA.

If the findings are to be used to change how a customer’s personal data is used, then that proposal must be referred to information governance.

In addition, there is a stop list of all processing that must be referred to the information asset owner and information governance.

Data warehouse

This system will hold prescription and dental patient data in a production environment to provide routine reporting to the NHS and answer queries that do not require big data analytics.

Recommendation and conclusion

It has been agreed that:

  • data will be encrypted
  • patient identifiable information will be anonymised using techniques and rules about disclosure

All exceptions to these rules are to be referred to information governance.

Dental treatment claims processing

This system will hold personal data relating to NHS Dental patient claims in England and Wales.

It also holds some details of private treatment for the new dental contract pilot.

The data is then used by ‘loss recovery services’ and placed in the data warehouse and the data analytics laboratory

Recommendation and conclusion 

Information asset owner has taken active ownership of residual minor risks.

Electronic staff record (ESR)

This system holds personal data for all staff employed within the NHS in England and Wales.

This includes special category personal data processed by NHS employers relating to:

  • pre-employment checks
  • payroll
  • absence

It may also relate to apprentices under the age of 18.

Staff records can be transferred between employers when they move employment to another NHS Employer. 

Recommendation and conclusion

Minor outstanding risks are actively owned by the information asset owner.

England infected blood support scheme (EIBSS)

This system will hold personal data for all beneficiaries of payments made under EIBSS.

A limited number of medical conditions can be inferred about the direct beneficiaries

Recommendation and conclusion

Minor outstanding risks are actively owned by the information asset owner.

These will be resolved in a new system release shortly.

Equality and diversity

Equality and diversity declarations of more than 1,000 individuals held on ESR are extracted and reported on to make sure equality and diversity legislation obligations are being met during recruitment and employment.

Recommendation and conclusion

Only minor risks identified and are being actively managed by the information asset owner.

Fraud investigations

We investigate fraud allegations relating to staff and customers.

Recommendation and conclusion

All risks are well managed through regular review of the personal data being processed as part of an investigation.

Human resources (HR) corporate

Managing Staff

A number of similar HR processes were grouped together, including:

  • occupational health referrals
  • absence management
  • redundancies          
  • disciplinary and grievances related information

Recommendation and conclusion

Only minor risks identified and actively managed by the information asset owner.

Loss recovery services

Patients declaring eligibility for an NHS charge exemption will be sample checked and a penalty charge issued if no valid exemption is found in either:

  • our systems
  • DWP systems

Recommendation and conclusion

Only minor risks identified and actively managed by the information asset owner.

NHS Low Income Scheme

Patients on a low income can claim exemption from NHS charges.

This system assesses applications made records the decision and issues exemption certificates.

For over 1,000 applicants, this process can result in processing special categories of personal data.

A digital pilot is being rolled out to remove the need to receive a physical certificate and improve the patient service.

Recommendation and conclusion

Only minor risks identified and actively managed by the information asset owner.

Maternity exemption certificate

PIA to DPIA conversion

NHS patients who are pregnant or have been pregnant in the last 12 months can receive exemption from some NHS charges.

This process involves a medical professional confirming patient entitlement and a certificate is issued to the patient.

A digital pilot is currently running to provide digital certificates.

Recommendation and conclusion

Only minor risks identified and actively managed by the information asset owner.

Medical exemption

A medical professional can confirm that a patient has one of a number of specified medical conditions.

These entitle the patient to receive exemption from some NHS charges. 

Recommendation and conclusion

Only minor risks identified and actively managed by the information asset owner.

NHS Jobs

This system holds NHS job applications for a large number of applicants across the NHS in England and Wales.

This includes equality and diversity declarations and might have additional have criminal offence declarations.

The applications details can then be downloaded and used by NHS employers in their recruitment and selection process.

Recommendation and conclusion

Only minor risks identified and actively managed by the information asset owner. These are being addressed in the new version of NHS Job being developed by us.

Overseas Healthcare Services

We process overseas reciprocal healthcare applications by UK residents working, studying or retired in the European Economic Area and Switzerland.

Claims are also processed for emergency treatment where the UK resident does not hold a UK GHIC and UK EHIC. 

Recommendation and conclusion

Risks have been identified and are being actively managed by the information asset owner.

This will be reviewed once the Brexit decision is made.

Prescription prepayment certificate

Patients can pay in advance to effectively reduce the cost of their prescription charges. This can be a one off payment or by direct debit.

Disclosure of this personal data could lead to conclusions being reached about the general state of health of an individual or abuse of payment related details.

Recommendation and conclusion

Only minor risks identified and these are being actively managed by the information asset owner.

Prescription processing

NHS Prescriptions that are dispensed to patients outside of a hospital or hospice are sent to us to process.

This is to make sure the dispenser is paid for their services to the NHS.

The information is then used by ‘loss recovery services’ and placed in the data warehouse and the data analytics laboratory.

Recommendation and conclusion

Only minor risks identified and these are being managed by the information asset owner.

Pension ill health retirement medical assessments

NHS Pension members’ claims for ill health retirement need to be assessed by medical professions to make sure they qualify under the rules of the relevant NHS Pension scheme.

This involves processing detailed medical information and opinions

Recommendation and conclusion

Only minor risks identified and these are being actively managed by the information asset owner.

Recruitment

We offer a recruitment service for a number of NHS bodies including the our own organisation.

This involves processing:

  • equality and diversity declarations
  • personal references
  • occupational health referrals
  • DBS checks

Recommendation and conclusion

Only minor risks identified and these are being actively managed by the information asset owner.

Single sign on

We offer staff a genuine choice to use biometric mouse for system authentication.

Recommendation and conclusion

Minor risks handled by clear consent being given and staff can change their mind at any time.

The use of biometrics delivered by the third party makes full use of the principles of privacy by design.