NHS check if you need a lung scan privacy policy
1. How we use your personal information
This privacy policy explains how we use your personal data when you use the NHS check if you need a lung scan. The NHS check if you need a lung scan pilot is provided as an alternative to the phone appointment, the lung health check. Find out more about the NHS lung cancer screening.
1.1 Terms we use in this policy
You may find it helps to understand these terms when reading this policy.
- Personal data: information that relates to an identified or identifiable individual.
- Special category data: sensitive personal data given special protection in data protection law including personal data about your health.
- Data is "processed" when any action is taken with it. For example, when it is collected or reviewed.
- Controller: the person or organisation (alone or with others) who decides what personal data to process and how it will be used.
- Processor: an organisation which processes personal data on behalf of, and under the instruction, of the controller.
- Joint data controller: if two or more controllers jointly determine the purposes and means of processing the same personal data.
You can find out more about these terms on the Information Commissioner's Office website.
In this privacy policy, 'we' or 'us' means NHS England and Department of Health. 'You' or 'your' means you, a member of the public who is using the NHS check if you need a lung scan.
2. The NHS check if you need a lung scan
The NHS check if you need a lung scan invites adults aged 55 to 74 years who have ever smoked to take part in lung cancer screening.
The check – mainly done by a phone appointment called the lung health check, asks a person questions about their medical history and lifestyle to work out their chances of developing lung cancer in the next 5 years.
- The NHS check if you need a lung scan is provided by NHS England and Department of Health and Social Care as a pilot. It allows you to complete a lung health check online before you complete your phone appointment.
The NHS check if you need a lung scan involves:
- filling in an online questionnaire about your health and lifestyle
- completing your phone appointment and repeating the questionnaire to find out if you would benefit from a lung scan
You can access NHS check if you need a lung scan using your NHS login details.
If you sign in using NHS login, we will ask your permission to share your NHS login information with our service.
We will use your NHS number to compare your responses to NHS check if you need a lung scan to your responses in your phone appointment. Once you have completed your phone appointment we will also use your NHS login email to offer you a £10 voucher from Edenred vouchers.
We will not use your NHS login information for any other purposes. You can only share your NHS login information if you have proved your identity to NHS login.
For more information, see the NHS login privacy notice and terms and conditions.
3. Data controllers for NHS check if you need a lung scan
The NHS check if you need a lung scan has been designed in line with the NHS lung cancer screening programme standards. You can read more about these in the Local Authorities regulations.
Under data protection law, NHS England and Department of Health and Social Care ("DHSC") are joint controllers for the personal data put into the NHS check if you need a lung scan. The DHSC have commissioned NHS England to deliver the NHS check if you need a lung scan.
NHS England is controller of NHS login.
4. What information we collect about you
| Category of information | Description |
|---|---|
|
NHS login account information |
The personal data provided by NHS login to access the NHS check if you need a lung scan, such as name, NHS number, and email. |
|
Audit data |
Information filled in the NHS check if you need a lung scan about your use of the system such as time of use, actions you took and related technical log events. Your NHS number is also stored against these records. The logs enable analysis for:
|
|
Performance data |
How long the system takes to complete tasks, number of errors, success or failure at task completion. |
|
NHS check if you need a lung scan demographic data |
The personal information you provide to use the NHS check if you need a lung scan such as your:
|
|
NHS check if you need a lung scan health and lifestyle questionnaire data |
The personal data you provide to calculate the results of the check such as:
|
|
Application metadata |
The personal data created from the NHS check if you need a lung scan based on the demographic information you provide. Metadata includes date and time of submission, NHS number. |
5. How we use your data
5.1 To compare your responses to NHS check if you need a lung scan to your lung health check phone appointment
The NHS check if you need a lung scan uses the information you have provided to compare your responses to similar questions in your lung health check phone appointment. This comparison will help us assess the clinical safety of the NHS check if you need a lung scan pilot. We take out all personal details, such as your name and email address when we do this.
5.2 For NHS check if you need a lung scan improvement, audit and troubleshooting
We store technical log data for audit and troubleshooting (bug fix) purposes and to make improvements to the NHS check if you need a lung scan.
We ask for anonymous user feedback at relevant parts of your journey to help improve the NHS check if you need a lung scan. This data is stored within Qualtrics and may have some basic contact information as well as relevant survey answers. It will not be directly linked to you and your health check data.
We analyse data to check the uptake of the NHS check if you need a lung scan, for example how many checks are completed. We take out all personal details, such as your name and address when we do this.
6. Our legal basis
Statutory basis for NHS England to deliver the NHS check if you need a lung scan pilot
NHSE relies on its powers under the National Health Service Act 2006 to undertake its role which is primarily:
- system delivery
- collection of audit data
- service management
- storage of static data to present to users (such as their results)
UK General Data Protection Regulation and the Data Protection Act 2018
UK GDPR Article 6(1)(e) '…processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller'. Underpinned by statutory powers set out above.
Processing of special categories of personal data:
UK GDPR Article 9(2)(h) 'processing is necessary …for the provision of health or social care or treatment or the management of health or social care systems and services on the basis of domestic law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.'
Underpinned by DPA2018 Sch1:
Health or social care purposes
2(1) This condition is met if the processing is necessary for health or social care purposes.
(2) In this paragraph "health or social care purposes" means the purposes of—
….
(f) the management of health care systems or services or social care systems or services.
NHS login:
Directions issued pursuant to the Health and Social Care Act 2012, Section 254(1):
- NHS Login Directions 2021, which enabled NHS Digital (now NHS England) to provide the NHS Digital Citizen Identity Platform and related services, collectively the NHS login Services.
Setting aside the duty of confidence:
Implied consent is given by participants choosing to use the NHS check if you need a lung scan. NHS England's processing of personal data is not in itself directly for direct care but for the operation and maintenance of the system to support direct care.
Service management and user research:
Any personal data collected and processed for these activities will be done pursuant to UK GDPR Article 6(1)(a) '….the data subject has given consent to the processing of his or her personal data for one or more specific purposes' and UK GDPR Article 9(2)(a) '…the data subject has given explicit consent to the processing of those personal data for one or more specified purposes'.
Statutory basis for the Department of Health and Social Care to deliver the NHS check if you need a lung scan pilot
Article 6(1)(e) of the UKGDPR which permits processing that is necessary for the performance of a task in the public interest or in the exercise of the Controller's official authority.
The processing is in line with the Secretary of State for Health and Social Care's duties in relation to the promotion and provision of the health service (including public health functions), as outlined in Part 1 of the NHS Act 2006 (as amended by the Health and Social Care Act 2012).
The Department of Health and Social Care rely on the same conditions under Article 9 of the UKGDPR as NHS England, outlined above.
7. How long we keep your data for
| Category of information | Description |
|---|---|
|
Audit data |
Audit events – 8 years |
|
Performance data |
|
|
NHS check if you need a lung scan demographic data |
8 years |
|
NHS check if you need a lung scan health and lifestyle questionnaire data |
8 years (28 days if the questionnaire is incomplete) |
8. Where your data is stored
We process and store your data in the United Kingdom within Microsoft Azure.
9. Your rights
Data protection law gives you a number of rights. You can exercise your rights by contacting NHS England's Data Protection Officer at england.dpo@nhs.net
- The right to be informed – this privacy policy explains how we use your personal data to provide the NHS check if you need a lung scan.
- The right of access – to get a copy of your data submitted to the NHS check if you need a lung scan, you can request this by completing a Subject Access Request (SAR). If you would like a copy of your GP record, please contact your GP surgery.
- The right of rectification – Individuals can ask for corrections to be made to their records.
- The right to erasure – This right does not apply to data collected under 6(1e) Public Task. Where information is provided by the recipient for service management and user research under GDPR consent, the requests for erasure can be exercised through the email address above.
- The right to the restriction of processing – You have the right to ask us to limit the way we use your data.
- The right to data portability – This right does not apply.
- The right to object – Individuals can object to the use of their data.
- The right not to be subject to automated decision making – You have the right to not be subject to automated decision-making. At any point during the health check, you can end your check and ask a health care provider for a face-to-face check.
Asking a question or finding out more
If you have a general question about using the NHS check if you need a lung scan, you can contact us by email at: england.digitallungcancerscreening@nhs.net
Your GP health record and healthcare
You can contact your GP surgery for more information about your GP health record data, and data about your care.
Contact the Information Commissioner
If we are unable to resolve any queries or concerns about the use of your personal information in connection with the NHS check if you need a lung scan, you can raise your concern with the Information Commissioner.
You can contact the Information Commissioner's Office:
- using the ICO's online contact service
- by calling 0303 123 1113
- by writing to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We ask that you try to resolve any issues with us first. However, you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at any time about our processing of your personal information. The ICO is the UK regulator for data protection and upholds information rights.
Changes to this policy
The terms of our privacy policy may change from time to time. Any updates to the privacy policy will be published on the NHS website.