What happens to your data?

The NHS in England operates a national Diabetic Eye Screening Programme to prevent sight loss. Health Intelligence is pleased to have been commissioned by NHS England to support the delivery of diabetic eye screening for over 500,000 patients across several local programmes.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about you and will explain how and why your personal data is used. We will also explain how long your data will be kept and when, why and with whom your data may be shared.

The Notice sets out the legal basis we have for processing your personal data and explains the effects of refusing to provide the personal data requested. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about you and where from?

Information from your eye screening appointment (including your results and images), your GP Practice and the Hospital Eye Service will be kept on a register of people with diabetes to provide this service and monitor your needs and the quality of care provided. The register holds your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence addresses and details of your GP Practice, as well as details of your medical record related to diabetes and eye health.

Who do we share your personal data with?

The DESP will keep information about you and your diabetes care to ensure we deliver a safe and quality service. The register is maintained by Health Intelligence Ltd an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Diabetic Eye Screening Invitation and Result Letters Health Intelligence currently send invitation, reminder and result letters for over 500,000 patients. We therefore use a letter dispatch service provided by Synertec Ltd who securely print and dispatch our letters via Royal Mail business class. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

Voice Messaging Service Health Intelligence also engages Yakara Ltd to generate appointment reminder telephone voice messages. Details of your name, telephone number and appointment are provided to support this service. The information is only retained for a short period which allows the reminder telephone calls to be made. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

Gov.uk Notify Service Gov.uk Notify provides a text messaging service which is used by Health Intelligence to send text messages to patients in relation to their screening appointments. To support this, your mobile telephone number and time/venue of screening appointments is shared with Gov.uk Notify. This data is used only for this purpose and is retained for a short period to allow for monitoring of service performance.

Training and Research for Ourselves and Other Third Parties If you have consented for such sharing, your data may be used for training and research purposes internally or shared with other third parties involved in the improvement of retinal screening. This will only occur with your explicit consent.

How can I opt-out of my images being used for research and training?

This is very easy to do, just email our Data Protection Officer on dpo@health-intelligence.com. Simply title your email 'Opt-out' and provide your name, address and contact number in the body of the email.

How long do we keep your personal data for?

We will keep your information for the length of the contract we have with NHS England to supply the diabetic eye screening service. After this time, we will securely transfer your data and images to the new provider under instruction from NHS England, then delete all personal data in a secure manner.

Who has access to your personal data?

The security arrangements that protect your privacy ensure that your data is only accessed by staff involved in the delivery of the Diabetic Eye Screening Programme, and healthcare professionals involved in your care working for Health Intelligence Ltd or the NHS and only for the purposes of direct care.

How will we communicate with you?

We will communicate with you via letter, text (SMS) message and voice message regarding your diabetic eye screening. If you wish to talk to us about your communication preferences, please call the Bookings Office.

What legal basis do we have for using your information?

The Secretary of State delegates several public health functions to NHS England. The public health functions agreement 2017 – 2018 enables NHS England to commission certain public health services which will drive improvements in population health, and this agreement sets out the service specifications which are to be commissioned to satisfy those public health functions. One such service is the National Diabetic Eye Screening Programme, and so it is commissioned by NHS England to discharge part of its public health duties.

NHS England has responsibility to ensure that the Diabetic Eye Screening service is seamless from entry in primary care through to integration with NHS management, treatment and care including working with NHS Hospital Trusts/Hospital Eye Services.

How do we protect your information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:

• Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
• Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
• Controlling access for different user roles, so only certain data required for a specific role is accessible
• Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
• Regular testing of our technology including keeping up-to-date on the latest security updates

We do not transfer personal data out of the European Economic Area (EEA).

Can you access the information we hold?

Your GP Practice has access to all the information we hold about you or contact/email the Data Protection Officer (details below) to request a Subject Access Request Form.

Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

Take a look at our Cookie Policy for more information


We have provided this document in a PDF format for you to download if required

Child Health Information Services (CHIS) are commissioned by NHS England to support the monitoring of the care delivered to children.

Please read this Privacy Notice carefully as it sets out the basis on which any personal data we process will be handled. This Notice sets out the types of personal data that we collect about children and will explain how and why their personal data is used. We will also explain how long the data will be kept and when, why and with whom the data may be shared.

The Notice sets out the legal basis we have for processing children’s personal data. We will also explain the various rights and choices that you have when it comes to your personal data and how you can contact us.

What personal data do we collect about a child and where from?

Screening, physical examination and vaccination services are monitored to ensure that every child has access to all relevant health promoting initiatives. In support of this the CHIS maintains a record of all children from birth up to the age of 19 and receives data from General Practice, maternity departments, health visitor providers, screening providers and school age vaccination providers.

Who do we share your personal data with?

The CHIS will keep information about all children to ensure we deliver a safe and quality service. The service is maintained by Health Intelligence Ltd an NHS Business Partner contracted by the NHS to deliver this service.

Dispatch of Newborn Baby Blood Spot Result Letters Health Intelligence currently send newborn blood spot result letters via Synertec Ltd who securely print and dispatch our letters via Royal Mail business class. The letter information is only retained for a short period which allows printing and dispatch. Once dispatched, data is retained for 90 days to allow for monitoring of service performance and is deleted afterwards.

How long do we keep your personal data for?

We will keep a child’s information for the length of the contract we have with NHS England to supply the CHIS. After this time, we will securely transfer the data to the new provider under instruction from NHS England, then delete all personal data in a secure manner.

Who has access to your personal data?

In support of child services this data is shared with healthcare professionals involved in delivering NHS services to children:

• GP Practices
• Newborn (Neonatal) Hearing Screening
• Newborn Blood Spot
• Independent Midwives
• Safeguarding Team
• Local Education Authority
• School Immunisation Providers (SIPs)
• 0-19 Services (Health Visitor Providers)
• Maternity Departments
• Other CHISs located outside the region (supporting children as they move around)

For further information, please contact the Data Protection Officer using the details at the end of this Notice.



How will we communicate with you?

We will communicate with you via letter regarding newborn baby blood spot results.



What legal basis do we have for using your information?

The Secretary of State delegates several public health functions to NHS England. The public health functions agreement 2017 – 2018 enables NHS England to commission certain public health services which will drive improvements in population health, and this agreement sets out the service specifications which are to be commissioned to satisfy those public health functions. One such service is the CHIS, and so it is commissioned by NHS England to discharge part of their public health duties.



How do we protect a child’s information?

We aim to ensure all personal data is held and processed in a secure way and we only let healthcare professionals who have a legitimate interest in your care access to your data. Examples of our security include:

• Encryption – meaning that the information is hidden so that it cannot be read without special knowledge (such as a password)
• Controlling access to systems and networks, this allows us to stop people who are not allowed to see your data from accessing it
• Controlling access for different user roles, so only certain data required for a specific role is accessible
• Training our staff to ensure they know how to responsibly and securely handle data including how and when to report if something goes wrong
• Regular testing of our technology including keeping up-to-date on the latest security updates
We do not transfer personal data out of the European Economic Area (EEA).



Can you access the information we hold?

Please contact/email the Data Protection Officer (details below) to request a Subject Access Request Form.



Do we use Cookies on our websites to collect personal data on you?

We use Google Analytics to collect anonymised information about the way people use our websites to provide a better service to you. For example, how many people visited the site, what pages they visited. We do not collect personal data such as URL location.

Take a look at our Cookie Policy for more information


We have provided this document in a PDF format for you to download if required