Frequently Asked Questions - Confidentiality
Here are some frequently asked questions about patient confidentiality which we hope you find helpful. You can also read the Confidentiality topic page for more information.
Who could get access to information about me?
Any organisation or individual can request information from us however in the majority of cases we only provide summary statistics, which mean that no individual can be identified.
Information that could identify you directly is only released when:
- it is required or permitted by law;
- when it can be shown that you gave your permission, for example, where you have signed a consent form for a research project;
- on receipt of a mandate, signed by you, giving your explicit consent from an insurance company or solicitor.
We do not release information that identifies individuals to private companies such as marketing or drug companies.
Do you make money from patient data?
There is no commercial sale of NHSScotland patient data.
Am I able to opt out of my data being used?
Any patient who uses NHSScotland services has the right to opt out of having their information used in this way. Before deciding to opt out, we would ask you to carefully consider how valuable your information is in helping staff in the NHS to understand the health of people in Scotland. By allowing your information to be held and analysed, you are supporting the delivery of the best quality health and care services to you, your family and to other members of the public.
The more people that choose to opt out of having their information included, the less useful that information becomes for everyone. For example it becomes much more difficult to investigate a possible cluster of cancers in a particular area or pick up an issue with cervical screening because accurate conclusions cannot be reached without complete information.
Do you follow the Data Protection Act?
Our organisation follows the principles of the Data Protection Act 1998. This Act governs how we use personal data. Our work is included within the entry for NHS National Services Scotland (NSS, our parent organisation) in the register of data controllers maintained by the Information Commissioner. The Information Commissioner's Web site is www.ico.org.uk and the Data Protection Registration Number for NSS is Z5801192.
How do I access my personal information held by NHS NSS?
The Data Protection Act 1998 gives people the right to know what personal information an organisation has about them. You can find out if we hold any personal information about you by making a 'subject access request' under the Act.
If you would like to do this, you should complete a Subject Access Form. This does require proof of identity. Once we have received your completed form (along with identity details and documents), we will respond to you within 40 calendar days.
Please note that we can only handle subject access requests for information held in NSS. Subject access requests for personal information held in other NHS organisations must be made directly to those other NHS organisations.
Who is NHS National Services Scotland?
NHS National Service Scotland (NSS) is a public organisation answerable to the Scottish Government. It provides services to, and carries out tasks for bodies associated with the health service in Scotland. Its’ supporting role to NHSScotland means that it works closely with all our partner organisations, especially the NHS Boards, in the delivery of services. The shared services and expertise that NSS provides helps NHS Boards as well as other organisations to work more efficiently and save money.
The national services covered by NSS are:
- Scottish National Blood Transfusion Service
- Central Legal Office
- Information Technology
- Practitioner and Counter Fraud Services
- Procurement, Commissioning and Facilities
- Public Health and Intelligence
There is a leaflet: How we use personal information which explains how we use personal information within NSS.
Information Services Division (ISD) is part of the Public Health and Intelligence business unit.