Data Protection Notice

May 24, 2018 | Uncategorized

About Procurement, Commissioning & Facilities (PCF)

The Procurement, Commissioning and Facilities Strategic Business Unit (PCF) of NHS National Services Scotland (NSS) provides a complete range of procurement, commissioning and facilities services to a range of stakeholders including NHS Boards and their patients, Scottish Government and the wider public sector. NHS NSS is a public organisation created in Scotland under section 10 of the National Health Service (Scotland) Act 1978. NSS is the common name of the Common Services Agency for the Scottish Health Service.

Our services include:

  1. National Procurement (NP) our Procurement and Logistics directorate is responsible for the procurement of products, equipment and services; and for their delivery, through our logistics service to NHS Boards and to their patients, as well as other public sector bodies. This is to ensure the right products are available at the right time for the benefit of users and at the best value for Scotland.
  2. National Specialist and Screening Directorate (NSD) is responsible for commissioning, national coordination and performance managing National Screening Programmes, Specialist Clinical Services and National Managed Clinical Networks and National Risk Share Schemes on behalf of NHS Scotland.
  3. Health Facilities Scotland (HFS) our strategic facilities directorate is responsible for providing technical and operational guidance to the Scottish Government Health and Social Care Directorate (SGHSCD) and NHS Scotland bodies in relation to all aspects of healthcare facilities to support and improve health and well-being services. HFS also manages the contract for delivery of home oxygen services in Scotland.

Your personal information and our purpose for using it:

In order for us to undertake our responsibilities we use a range of personal information about you including:

NHS Staff – your name, position, business address and other business related contact details

Contractors and Suppliers – your name, some personal details required under procurement law including date of birth, position, business address and other business related contact details. This includes any criminal conviction and offences where appropriate.

NHS Patients – For the majority of PCF services no personal information is required however in certain circumstances we require to hold and process information for patients including name, date of birth, Community Health Index (CHI) number, and some clinical related information. This is in order to ensure the correct provision of health care to specific individuals either in NHS Scotland, elsewhere in the UK and very occasionally outwith the UK.

Our legal Basis for using your personal information and who it is shared with:

In order to meet our responsibilities and deliver our services the legal basis upon which we will rely for the use of personal information most often is that our processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

The functions (or vested authority) of NSS are detailed in National Health Service (Functions of the Common Services Agency) (Scotland) Order 2008 and parts of these functions include:

  • Procure equipment, supplies and services (including the national procurement of clinical services) in support of the functions of the Scottish Ministers.
  • Provide information, advice and management services in support of the functions of Scottish Ministers.

This is our legal basis for holding and processing information for the majority of our services that we provide.

We only collect and retain the minimum of essential personal information, which is stored in a variety of secure databases and this is used to help deliver our services on behalf of NHS Scotland in accordance with relevant legislation.

In order to fully discharge our responsibilities we need to share relevant aspects of personal information, including in certain circumstances sensitive health data, with other NHS organisations and, where appropriate, suppliers to ensure the delivery of our services in an effective manner. The legal basis on which we rely for doing this is usually that our processing is necessary for:

  • the purposes of……..medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services” or,
  • ensuring high standards of healthcare and of medicinal products or medical devices

Consent

The one area where we rely on consent as our legal basis is within the Clinical Audit System managed by the National Managed Clinical Networks (NMCN). A separate leaflet advising of the use of information for the Clinical Audit system is available on the NMCN website at http://www.mcns.scot.nhs.uk/ncas/consent/.

Patient information may also be shared to assist in the provision and improvement of health and care services. When we do this, we make sure that the information which identifies you as a person and your health information are separated or anonymised.

Retention periods of the information we hold:

We keep personal information as set out in the Scottish Governments Records Management: NHS Code of Practice (Scotland) Version 2.1 January 2012. The NHS Code of Practice sets out minimum retention periods for information, including personal information held in different types of records including personal health and administrative records. For details please refer to the NSS Data Protection Notice. https://nhsnss.org/how-nss-works/data-protection/

How we protect personal information:

We have a duty to protect personal information. Personal information is securely held, closely monitored and managed according to strict guidelines. Access to personal information is given on a strict need to know basis with formal authorisation processes in place to gain access to data. All our staff are legally and contractually obliged to respect confidentiality and are provided with a set of confidentiality rules that clearly state how personal data is handled, stored, transmitted and destroyed and undertake regular mandatory training on safe information handling.

We also ensure that any organisations that we share personal information with are able to demonstrate the same levels of compliance with data protection rules, including suppliers contracted to provide direct services to patients on behalf of NHS Scotland.

Your Rights over your personal information:

Your rights in relation to the information we use about you are explained in the NSS Data Protection Notice https://nhsnss.org/how-nss-works/data-protection/. The Notice includes information on the right to erasure which only applies in certain circumstances.

If you would like to access information about you, or to make any objection or other request in relation to our use of personal information, you can do this by contacting:-

NSS Data Protection Officer
Gyle Square
1 South Gyle Crescent
Edinburgh
EH12 9EB
Tel: 0131 275 6000
E-mail: nss.dataprotection@nhs.net

Translation Service/ Accessibility

If you require this information in another format or a community language please contact:

Email: NSS.EqualityDiversity@nhs.net
Tel: 0131 275 7457
Textrelay 01800 275 7457
https://contactscotland-bsl.org/reg/