North Central London Integrated Care Board is a controller of personal information defined in UK GDPR.
We process personal information for a range of health and care and other legal purposes. Many of these are defined in statute law, most recently by the Health & Care Act 2022. That means that the law requires Integrated Care Boards to process (collect and securely manage) identifiable personal information to provide those services. However, we are also required to comply with the National Caldicott Principles which includes, like GDPR, a principle to use the minimum amount of identifiable data to satisfy the requirements to provide these services.
We also process person identifiable data to engage patients and service users in our local population to help define the services we provide.
We also process identifiable data to enable us to manage our staff.
As a controller of personal data, the Integrated Care Board (ICB) must be transparent to describe the purposes and lawful bases for such processing. To do this we have several privacy notices which are available via this page.
The privacy notices explain how we use information we collect about you, how you can tell us if you prefer to limit the use of that information and procedures that we have in place to safeguard your privacy.
North Central London Integrated Care Board’s, Data Protection Officer is Tony Haworth
Email address: email@example.com
Or you can write to
NHS North Central London Integrate Care Board
The ICB processes personal identifiable information for the following purposes. In some cases, more detailed information about these services is available from other pages on our website.
Privacy Notices for North Central London ICB
- Direct Care – this privacy notice covers the processing of identifiable data to enable the provision of care to individual patients provided by the ICB. The Health & Care Act 2022 provides a statutory requirement for the ICB to provide services to its patients.
- Commissioning of Health & Care Services – the ICB receives personal confidential information from other health and care providers and NHS Digital, to enable it to manage the commissioning, procurement of and payments for your health and care services. This is also a core service of the ICB defined in statue.
- Risk Stratification – this privacy notice covers the receipt and processing of personal data to help define care for groups or cohorts of patients and those eligible for additional funding.
- Management of patient waiting lists – the ICB receives and processes personal data to facilitate the efficient timely management of patient care.
- Integrated Shared Care Records – the ICB processes personal identifiable information on behalf of controllers, providers of health & care services across North Central London, to enable appropriate access to your integrate medical and care record to health and care professionals providing your care. Further information is available if you follow this link to the North Central London ICS Shared Care Records Privacy Notice
- Medicines Management – this privacy notice covers the processing of personal information to manage the prescribing of medication.
- Patient Communications – this privacy notice covers interactions with our patients.
- Patient Participation or Engagement – this privacy notice covers when patients help the ICB help improve our services.
- Payments (Invoicing) – this privacy notice covers the processing of data to enable the ICB to process any payments for personalised health and care services.
- Public health – this privacy notice covers data process and shared with other organisations to help monitor and control diseases and infections.
- National Screening and Reporting – this privacy notice covers screening and reporting for COVID-19 during the pandemic.
- Fraud Management – sets out the process of personal information to investigate fraud.
- Safeguarding – this privacy notice covers any data shared when helping to keep our patients and staff safe.
- Quality Alerts – this privacy notice helps the ICB keep track of any issues that affect a service provided in North Central London by any provider or GP.
- HR Staffing, Employment, Recruitment and Training – this privacy notice covers all ICB activity with regards to our staff and how we employ and train them.
- Complaints, Subject Access Requests and Freedom Of Information Requests – this privacy notice covers the processing of requests for information and complaints.
- Litigation and Claims – this privacy notice covers what the ICB will do if claims are bought against the ICB.
- Incident Management – this privacy notice covers what the ICB will do following an incident and emergency response.
- Website use and Cookies – this privacy notice covers the identifiable data we process when service users use our website.
- Secondary Use – this privacy notice covers the identifiable processing of data to produce de-identified information for secondary uses such as planning, analysis and review of health and care delivery.
- Start Well – this privacy notice covers the identifiable processing of data related to the Start Well public consultation on maternity, neonatal and children’s surgical services.
The ICB is compliant with the NHS Data Security and Protection Toolkit standard and has technical, organisational and management procedures in place to ensure compliance with the NHS Confidentiality Code of Practice and cyber security standards.
UK GDPR provides patients and subjects with the right to object to processing, but we may need to process your personal data to provide that service to you.
Your right to object to processing may in some instances be managed by another controller of your data, such as NHS Digital or your health service provider, for example your GP. Please contact your Data Protection Officer at your health or care provider if you have any questions about their processing of your personal data.