As a statutory organisation, NHS North East London has a number of legal obligations to our patients, members, public and regulators. Please click the relevant section below to find out more about each of these:
Website accessibility statement inline with Public Sector Body (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018
This accessibility statement applies to www.northeastlondon.icb.nhs.uk.
This website is run by NHS North East London Integrated Care Board.
We want as many people as possible to be able to use this website. For example, that means you should be able to:
We’ve also made the website text as simple as possible to understand.
AbilityNet has advice on making your device easier to use if you have a disability. This is an external site with suggestions to make your computer more accessible: AbilityNet – My computer my way
With a few simple steps you can customise the appearance of our website to make it easier to read and navigate.
We know some parts of this website are not fully accessible:
If you need information on this website in a different format like accessible PDF, large print, audio recording or braille, please use the online contact form. We will try and respond as quickly as possible but this will be no more than 5 working days.
We are always looking to improve the accessibility of this website. If you find any problems not listed on this page or think we’re not meeting accessibility requirements, please let us know at nelondonicb.enquiries@nhs.net
We’ll try and respond as quickly as possible but this will be no more than 5 working days.
The Equality and Human Rights Commission (EHRC) is responsible for enforcing the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 (the ‘accessibility regulations’). If you are not happy with how we respond to you, please contact the Equality Advisory and Support Service (EASS) directly. Contact details for the Equality Advisory and Support Service (EASS).
The government has produced information on how to report accessibility issues. Reporting an accessibility problem on a public sector website.
NHS North East London Integrated Care Board is committed to making its website accessible, in accordance with the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018.
This website is partially compliant with the Web Content Accessibility Guidelines 2.1 AA standard, due to the non-compliances listed below.
The full guidelines are available at Web Content Accessibility Guidelines version 2.1.
The content listed below is non-accessible for the following reasons.
The following items do not comply with the WCAG 2.1 AA success criteria
Information is conveyed as an image of text rather than as text itself so that it’s not compatible with screen readers and other assistive technology
We aim to improve our websites accessibility on a regular and continuous basis. See the section below (‘What we’re doing to improve accessibility’) on how we are improving our site accessibility.
PDFs, videos and other documents
Many of our older PDFs, videos and Word documents do not meet accessibility standards – for example, they may not be structured so they’re accessible to a screen reader. This does not meet
WCAG 2.1 success criterion 4.1.2 (name, role value).
The accessibility regulations do not require us to fix PDFs or other documents published before 23 September 2018 if they’re not essential to providing our services. For example, we do not plan to fix archive material such as news articles published before 2018.
Regulations for PDFs or other documents published before 23 September 2018
This statement was prepared on 31 March 2021. It was last reviewed on 31 March 2021.
This website was last tested in March 2021. The test was carried out by NEL CSU.
In north east London we can improve the quality of care you receive by sharing the right information about you between our local NHS and social care organisations who are providing you with your direct care. We call this sharing of information, Data Sharing and the people sharing this data your Direct Care Team. These are the people who will, at some point, be involved directly in your care; be it your GP, or the A&E team when you visit for an emergency, or the social care team looking after you in your home. The sharing of information has always happened (to a lesser degree) with paper processes but systems are allowing us to share more relevant information about you amongst your Direct Care Team. This helps them be more efficient and supports decisions that they and you make about your care.
This work is being led by your local clinicians who want to make sure you receive the best quality care possible. They want to be as transparent as possible so that you can feel assured that data is being shared with your best interests at heart. They want you to be involved in this as best you see fit. In line with the Data Protection Act 2018 General Data Protection Regulations (GDPR) which came into force in May 2018, and the Health and Social Care Act (2015) we are adopting an implied consent model for sharing data for direct care purposes between the members of your Direct Care Team. The Privacy Notice or Fair Processing Notice can be found in the download area.
We have three aims to use Digital Technology to support your care. These are:
The London Care Record (also known locally as the East London Patient Record (eLPR)) – This is a London wide programme which shares more information about you than the Summary Care Record to better support your Direct Care Team and your care. Currently this is sharing between the following organisations in NEL:
The London Care Record is a London wide programme with each area in London connecting up their local organisations. These connections form the back bone of sharing your data across London but only with organisations involved in your care. For more information on the OneLondon programme that is delivering this work or on organisations connected up in other regions.
Gathering together your data in one place (under the control of your clinicians) to use it improve the way we deliver your care and plan our future delivery of your services. We are developing a NHS owend system called the Discovery Data Service (DDS) that delivers this functionality for us. The use of data within DDS is strictly controlled and managed by your local providers.
This pulls together all of the information held about you across our services into one place that you can view and interact with as never before. There are a few ways to access your data, here are the two ways that we are supporting:
There are two high level Data Protection Impact Assessments (DPIA) that you can find and download from this page. Barking and Dagenham, Havering and Redbridge also have some specific DPIAs for their work that you can find here.
(UCP) – This is a London wide solution to allow multiple organisations involved in your care to create and collaborate on a care plan revolving around your needs. For more information on UCP please follow this link to the Universal Care Plan for London.
For more information please look at our Privacy Notice which you can also access from the downloads, which will include how you can object to the sharing of your information.
This privacy notice tells you about information we obtain, hold and use about you. It describes what we do with it, how we will look after it and who we share it with. It covers information we collect directly from you as well as information we may get from other organisations.
This notice does not provide exhaustive detail. However, we keep and maintain accurate and detailed records about how your information is used.
We can provide further detail and explanation should it be requested and without charge. Contact details for us can be found at the end of this page.
We keep our privacy notice under regular review. It was last updated in July 2023.
We are committed to protecting your privacy and will only ‘process’ data (processing refers to how data is Held, Obtained, Recorded, Used and Shared), in accordance with Data Protection Legislation and NHS guidance.
This includes ensuring NEL complies with the UK General Data Protection Regulation (GDPR), the Data Protection Act (DPA) 2018, and any applicable national Laws as required.
In addition, consideration will also be given to all applicable Law concerning privacy, confidentiality, the processing and sharing of personal data including:
As a Data Controller, NEL has a duty to:
All information that we hold about individuals will be held securely and confidentially. We use administrative and technical controls to do this.
All of our staff, contractors and committee members receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality.
We will only use the minimum and proportionate amount of personal information necessary. Where possible we will use information that does not directly identify individuals, but when it becomes necessary for us to know or use personal information a person, we will only do this when we have either a legal basis or have that person’s consent. We use strict controls to ensure that only authorised staff are able to access personal data. Only a limited number of authorised staff have access to information that identifies individuals, where it is appropriate to their role, and is strictly on a need-to-know basis.
NEL has a Data Protection Officer who plays key role in ensuring our accountability for Data Protection.
The Caldicott Guardian is the person responsible for protecting the confidentiality of patient information and enabling appropriate and lawful information sharing.
For some of our services, we need to collect personal data so we can get in touch or provide the service. The ICB can use your personal data under many different laws. The main ones that apply are the NHS Act 2006, the Health and Social Care Act 2012, the Care Act 2014, the Data Protection Act 2018 and the General Data Protection Regulations.
In some cases, there is a statutory requirement to process your data and we can do so without your consent. For some services where individuals choose to engage with e.g., where someone wishes us to include them on our mailing list, NEL process this data by requesting your explicit consent.
Where NEL commissions a contract for the provision of a clinical service, the organisation which delivers that service are the Data Controller. These providers are subject to NHS contract and have to keep your details safe and secure and use them only to provide the service.
NEL has undertaken an assurance exercise, validated via the completion of the Data Security and Protection toolkit, which has assured the legal basis of processing for each of the ICB’s activities. NEL processes person identifiable data for the following purposes:
As an employer, NEL will process employee data for the following purposes:
For the majority of our work, we do not need to know the personal details of individuals who live in our community, and this is our preferred way of working. It should be noted that information which cannot identify an individual is not covered by data protection law. There are different types of information collected and used across the ICB as follows.
Identifiable – information which contains personal details that identify individuals such as name, address, email address, NHS Number, full postcode, date of birth.
Pseudonymised – individual level information where individuals can be distinguished by using a coded reference, which does not reveal their ‘real world’ identity
Anonymised – data which is about you but from which you cannot be personally identified.
Use of anonymised and aggregated data
We use anonymised and aggregated data to plan health care services, including:
Use of pseudonymised (de-identified) Information
We use pseudonymised information in our role, including:
Use of personal information
As an ICB, we do not routinely hold or have any access to medical records. The provider of your healthcare for example an Acute Trust, or GP would hold this information. However, we may need to hold some information about you, for example:
Our records may include relevant information that you have told us, information provided on your behalf, by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment. Our records may be held on paper or in a computer system.
If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit, and public health.
We would not share information that identifies you unless:
NEL is a public body established by the NHS Act 2006 as amended by the Health and Care Act 2022. As such our business is based upon statutory powers which underpin the legal bases that apply for the purposes of the GDPR.
NEL processes personal data under a variety of legal bases depending on the data being processed and the purposes it is processed. Below are examples of the most commonly used legal bases.
Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
Article 9(2)(h) – processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
Article 9(2)(b) – processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law.
Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject; or.
Where we process special category data for these purposes, the legal basis for doing so is:
Article 9(2)(f) – processing is necessary for the establishment, exercise or defence of legal claims; or
Article 9(2)(g) – processing is necessary for reasons of substantial public interest.
The Secretary of State for Health gives limited permission for ICBs (and other NHS commissioners) to use certain confidential patient information when it is necessary for our work for purposes other than direct care such as information from NHS Digital for commissioning, Risk Stratification and Invoice Validation.
This approval is given under Regulations made under Section 251 of the NHS Act 2006 and is based on the approval of the Health Research Authority’s Confidentiality and Advisory Group.
This allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for defined medical purposes. Section 251 came about because it was recognised that there were essential activities of the NHS, and important medical research, that required the use of identifiable patient information – but, because patient consent had not been obtained to use people’s personal and confidential information for these other purposes, there was no secure basis in law for these uses.
Section 251 was established to enable the common law duty of confidentiality to be overridden to enable disclosure of confidential patient information for medical purposes, where it was not possible to use anonymised information and where seeking consent was not practical, having regard to the cost and technology available.
More information about Section 251 is available from the Health Research Authority web site.
Under this regulation the Secretary of State for Health and Social Care has the power to issue healthcare organisations, GPs, local authorities and arms-length bodies with a notice requiring them to share confidential patient information with organisations entitled to process this under the COPI Regulations. Notices are issued for a specific purpose, the most recent being to support efforts against Covid 19.
The Covid 19 notice expired on the 30 June 2022.
NHS England is responsible for and is the data controllers for the COVID-19/Flu Vaccination programme. For the privacy notice relating to this programme please visit the NHS England privacy notice website.
Under the General Data Protection Regulation all individuals have certain rights in relation to the information the ICB holds about them. Not all rights apply equally to all our processing and are dependent on the lawful basis for processing. Further information can be found on the ICO site ‘Lawful Basis for Processing’ section.
If you require further detail each link below will take you to the Information Commissioner’s Office’s website where further detail is provided in section ‘When does the right apply’.
These rights are:
Currently NEL does not use automated decision-making (making a decision solely by automated means without any human involvement).
These are commitments relating to your rights set out in the NHS Constitution.
Individuals can access personal information about them by making a ‘data subject access request’ under the UK General Data Protection Regulation. Click here to find out more information about how to make a request for any personal information we may hold and/or to exercise any of your other rights under Data Protection legislation
To make a request for any personal information we may hold and/or to exercise any of your other rights under Data Protection legislation please contact the Information Governance Team using details in the Subject Access Request Privacy Notice.
Confidential information can be used for improving health, care and services including:
If you do not wish to share or process your information for purposes beyond your direct care, or have any concerns then please let us know:
If you do not want personal confidential data to be shared outside your GP practice, for purposes beyond your direct care you can register a type 1 opt-out with your GP practice. Patients are only able to register the opt-out at their GP practice.
Previously you could tell your GP surgery if you did not want NHS Digital, to share confidential patient information that it collects from the across the health and care service for purposes other than your individual care. This was called a type 2 opt-out.
From 25 May 2018 the type 2 opt-out has been replaced by the National Data Opt-out. Any type 2 opt-outs recorded by your GP practice up to 11 October 2018 have been automatically converted to a National Data Opt-out.
Objections will be respected, except in very limited circumstances such as:
You have the right to refuse/ withdraw consent to information sharing at any time and your decision will not affect your individual care.
Further information on the National Data Opt-Out and how to set a National Data Opt-Out can be found here at: www.nhs.uk/your-nhs-data-matters/
What we use your information for – Please select the information that is relevant to you from the list below for full details on how your information is used:
All records held by the ICB will be kept for the duration specified by national guidance from NHS Digital found in the Records Management Code of Practice 2021
In all circumstances data will be retained in accordance with data protection requirements and ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed’.
Once data is no longer required it will be destroyed securely:
We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed. The ICB remains the data controller (the organisation responsible for determining the purposes for which and the manner in which personal data is used under Data Protection Legislation) of such information at all times. We use data processors to provide services such as HR and Information Technology.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
For more information about Data Protection, or if you are unsatisfied with the way your personal information has been handled, you can contact the national regulator, the Information Commissioner’s Office, at
Information Commissioner’s Office
Wycliffe House
Wilmslow
SK9 5AF
Email: www.ico.org.uk/global/contact-us/email
Website: www.ico.org.uk/
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the right to see or be given copies of any personal data we hold about you. This may include documents such as reports, minutes, or emails.
NHS North East London Integrated Care Board has one calendar month in which to respond to your request. An extension of a further two months can be granted for requests which are “complex or numerous”. We will let you know if this is the case within one month
You can make a request verbally or in writing. If you make your request verbally, we recommend you follow it up in writing to provide a clear trail of correspondence. It will also provide clear evidence of your actions
Yes. If making a request on behalf of someone else, NHS North East London Integrated Care Board needs to be satisfied that the third party making the request is entitled to make the request and may ask for proof of this.
If making a request on behalf of a child, you may be asked to provide proof of parental responsibility and/or depending on the age and understanding of the child, evidence of their consent
Please download the Subject access request form and email your request to nelondonicb.ig@nhs.net or post to Subject Access Request NHS North East London, Information Governance Team, 4th Floor – Unex Tower, 5 Station Street, London E15 1DA.
Download: Subject access guidance and form
This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to control the cookie preferences. For further information on how we use, store, and keep your personal data secure, see our Privacy Policy.
You can at any time change or withdraw your consent from the Cookie Declaration on our website
Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.
Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.
As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket, and checkout securely.
Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit, etc. These data help us understand and analyze how well the website performs and where it needs improvement.
Marketing: Our website displays advertisements. These cookies are used to personalize the advertisements that we show to you so that they are meaningful to you. These cookies also help us keep track of the efficiency of these ad campaigns.
The information stored in these cookies may also be used by the third-party ad providers to show you ads on other websites on the browser as well.
Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing content of the website on social media platforms.
Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.
The below list details the cookies used in our website.
Cookie | Description |
---|---|
cookielawinfo-checbox-analytics | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”. |
cookielawinfo-checbox-functional | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category “Functional”. |
cookielawinfo-checbox-others | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Other. |
cookielawinfo-checkbox-necessary | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category “Necessary”. |
cookielawinfo-checkbox-performance | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Performance”. |
viewed_cookie_policy | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Should you decide to change your preferences later through your browsing session, you can click on the “Cookie Policy” link on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more about how to manage and delete cookies, visit www.allaboutcookies.org.
Improving the quality of care by sharing the right information about you between our local NHS and social care organisations.
DownloadEstablishing a process to ensure appropriate use of Discovery data.
DownloadIf you would like to leave feedback about how useful you found the content on this page, please complete the form below.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
CookieLawInfoConsent | 1 year | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | Cloudflare set the cookie to support Cloudflare Bot Management. |
Cookie | Duration | Description |
---|---|---|
_gat | 1 minute | Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites. |
Cookie | Duration | Description |
---|---|---|
_ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
_gat_UA-* | 1 minute | Google Analytics sets this cookie for user behaviour tracking.n |
_gid | 1 day | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
test_cookie | 15 minutes | doubleclick.net sets this cookie to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface. |
YSC | session | Youtube sets this cookie to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
yt-remote-device-id | never | YouTube sets this cookie to store the user's video preferences using embedded YouTube videos. |
yt.innertube::nextId | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen. |