See opening Times

Main Reception

0113 2953510

Out of hours

111

Legal Basis for processing patient data

lawful bases for processing

Legal Basis for processing patient data

 

Purpose of using personal data Legal basis of processing Special category of data
Provision of direct care and related administrative purposes

e.g., e-referrals to hospitals or other care providers

 

 

GDPR Article 6(1)(e) – the performance of a task carried out in the public interest GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

 

 

For commissioning and healthcare planning purposes

e.g., collection of mental health data set via NHS Digital or local

 

 

GDPR Article 6(1)(c) – compliance with a legal obligation

 

GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

Special category 9(2)(i) – public interest in the area of public health

 

 

 

 

For planning and running the NHS (other mandatory flow)

e.g., CQC powers to require information and records

GDPR Article 6(1)(c) – compliance with a legal obligation (the GP practice)

Regulation 6(1)(e) – the performance of a task carried out in the public interest (CQC)

GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

Special category 9(2)(i) – public interest in the area of public health

 

For planning & running the NHS – national clinical audits GDPR Article 6(1)(e) – the performance of a task carried out in the public interest GDPR Article 9(2)(h) – medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

Special category 9(2)(i) – public interest in the area of public health

For research GDPR Article 6(1)(f) – legitimate interests…except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject.

GDPR Article 6(1)(e) – the performance of a task carried out in the public interest

GDPR Article 6(1)(a) – explicit consent

GDPR Article 9(2)(j) – scientific or historical research purposes or statistical purposes
For safeguarding or other legal duties GDPR Article 6(1)(e) – the performance of a task carried out in the public interest

Regulation 6(1)(c) – compliance with a legal obligation

GDPR Article 9(2)(b) – purposes of carrying out the obligations of ..social protection law.
When you request us to share your information e.g., subject access requests GDPR Article 6(1)(a) – explicit consent GDPR Article 9(1)(a) – explicit consent

Share this page

Out of hours call 111