What DPIA is
This is a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy.
An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.
To determine if a DPIA is needed, a privacy screening template is completed using questions based on ICO published guidance. The responses are reviewed by information governance and the information asset owner or administrator to determine if a DPIA is needed.
If there is no personal data involved or there are no high risks before any privacy controls are taken account of, then a DPIA will not normally be needed.
DPIA summaries
Summaries are shown in alphabetic order of the project or process name.
Artificial intelligence in customer calls
We use artificial intelligence to determine the intent of the caller for some of our services.
No decisions are made about the customers that have a legal or similar effect on them.
A DPIA was needed because this was a new type of technology and some callers could be vulnerable adults.
Recommendation and conclusion
All risks to acceptable levels by existing controls. The effectiveness and accuracy of the technology will be monitored as part of the pilot.
CCTV
CCTV is used externally for our owned premises and internally where an incident or staff safety has justified its use.
This monitors behaviour of staff and visitors.
Recommendation and conclusion
One minor issue identified and resolved. Recommendation is that this processing continues but any new uses of CCTV are referred to information governance.
Data analytics laboratory
This feature uses big data analytics techniques to join personal data held across the our organisation.
The insight gained will be used to help better plan NHS services.
Recommendation and conclusion
Each idea being explored using patient data and big data analytics is subject to a bespoke version of a DPIA.
If the findings are to be used to change how a customer’s personal data is used, then that proposal must be referred to information governance.
In addition, there is a stop list of all processing that must be referred to the information asset owner and information governance.
Data warehouse
This system will hold prescription and dental patient data in a production environment to provide routine reporting to the NHS and answer queries that do not require big data analytics.
Recommendation and conclusion
It has been agreed that:
- data will be encrypted
- patient identifiable information will be anonymised using techniques and rules about disclosure
All exceptions to these rules are to be referred to information governance.
Dental treatment claims processing
This system will hold personal data relating to NHS Dental patient claims in England and Wales.
It also holds some details of private treatment for the new dental contract pilot.
The data is then used by ‘loss recovery services’ and placed in the data warehouse and the data analytics laboratory
Recommendation and conclusion
Information asset owner has taken active ownership of residual minor risks.
Electronic staff record (ESR)
This system holds personal data for all staff employed within the NHS in England and Wales.
This includes special category personal data processed by NHS employers relating to:
- pre-employment checks
- payroll
- absence
It may also relate to apprentices under the age of 18.
Staff records can be transferred between employers when they move employment to another NHS Employer.
Recommendation and conclusion
Minor outstanding risks are actively owned by the information asset owner.
England infected blood support scheme (EIBSS)
This system will hold personal data for all beneficiaries of payments made under EIBSS.
A limited number of medical conditions can be inferred about the direct beneficiaries
Recommendation and conclusion
Minor outstanding risks are actively owned by the information asset owner.
These will be resolved in a new system release shortly.
Equality and diversity
Equality and diversity declarations of more than 1,000 individuals held on ESR are extracted and reported on to make sure equality and diversity legislation obligations are being met during recruitment and employment.
Recommendation and conclusion
Only minor risks identified and are being actively managed by the information asset owner.
Fraud investigations
We investigate fraud allegations relating to staff and customers.
Recommendation and conclusion
All risks are well managed through regular review of the personal data being processed as part of an investigation.
Human resources (HR) corporate
Managing Staff
A number of similar HR processes were grouped together, including:
- occupational health referrals
- absence management
- redundancies
- disciplinary and grievances related information
Recommendation and conclusion
Only minor risks identified and actively managed by the information asset owner.
Loss recovery services
Patients declaring eligibility for an NHS charge exemption will be sample checked and a penalty charge issued if no valid exemption is found in either:
- our systems
- DWP systems
Recommendation and conclusion
Only minor risks identified and actively managed by the information asset owner.
NHS Low Income Scheme
Patients on a low income can claim exemption from NHS charges.
This system assesses applications made records the decision and issues exemption certificates.
For over 1,000 applicants, this process can result in processing special categories of personal data.
A digital pilot is being rolled out to remove the need to receive a physical certificate and improve the patient service.
Recommendation and conclusion
Only minor risks identified and actively managed by the information asset owner.
Maternity exemption certificate
PIA to DPIA conversion
NHS patients who are pregnant or have been pregnant in the last 12 months can receive exemption from some NHS charges.
This process involves a medical professional confirming patient entitlement and a certificate is issued to the patient.
A digital pilot is currently running to provide digital certificates.
Recommendation and conclusion
Only minor risks identified and actively managed by the information asset owner.
Medical exemption
A medical professional can confirm that a patient has one of a number of specified medical conditions.
These entitle the patient to receive exemption from some NHS charges.
Recommendation and conclusion
Only minor risks identified and actively managed by the information asset owner.
NHS Jobs
This system holds NHS job applications for a large number of applicants across the NHS in England and Wales.
This includes equality and diversity declarations and might have additional have criminal offence declarations.
The applications details can then be downloaded and used by NHS employers in their recruitment and selection process.
Recommendation and conclusion
Only minor risks identified and actively managed by the information asset owner. These are being addressed in the new version of NHS Job being developed by us.
Overseas Healthcare Services
We process overseas reciprocal healthcare applications by UK residents working, studying or retired in the European Economic Area and Switzerland.
Claims are also processed for emergency treatment where the UK resident does not hold a UK GHIC and UK EHIC.
Recommendation and conclusion
Risks have been identified and are being actively managed by the information asset owner.
This will be reviewed once the Brexit decision is made.
Prescription prepayment certificate
Patients can pay in advance to effectively reduce the cost of their prescription charges. This can be a one off payment or by direct debit.
Disclosure of this personal data could lead to conclusions being reached about the general state of health of an individual or abuse of payment related details.
Recommendation and conclusion
Only minor risks identified and these are being actively managed by the information asset owner.
Prescription processing
NHS Prescriptions that are dispensed to patients outside of a hospital or hospice are sent to us to process.
This is to make sure the dispenser is paid for their services to the NHS.
The information is then used by ‘loss recovery services’ and placed in the data warehouse and the data analytics laboratory.
Recommendation and conclusion
Only minor risks identified and these are being managed by the information asset owner.
Pension ill health retirement medical assessments
NHS Pension members’ claims for ill health retirement need to be assessed by medical professions to make sure they qualify under the rules of the relevant NHS Pension scheme.
This involves processing detailed medical information and opinions
Recommendation and conclusion
Only minor risks identified and these are being actively managed by the information asset owner.
Recruitment
We offer a recruitment service for a number of NHS bodies including the our own organisation.
This involves processing:
- equality and diversity declarations
- personal references
- occupational health referrals
- DBS checks
Recommendation and conclusion
Only minor risks identified and these are being actively managed by the information asset owner.
Single sign on
We offer staff a genuine choice to use biometric mouse for system authentication.
Recommendation and conclusion
Minor risks handled by clear consent being given and staff can change their mind at any time.
The use of biometrics delivered by the third party makes full use of the principles of privacy by design.