Skip to main content

Physical Health Checks for People with Severe Mental Illness (PHSMI): GDPR information

Summary

Why and how we process your data for the Physical Health Checks for People with Severe Mental Illness (PHSMI) and your rights.

Controller NHS Digital (in relation to processing the personal data) and NHS England (in relation to determining the purpose for processing the data through the issuing of a direction to NHS Digital).
How we use the information (processing activities) The Physical Health Checks for People with Severe Mental Illness (PHSMI) data collection supports the implementation of the NHS Long Term Plan to reducing the levels of premature mortality for people living with severe mental illness (SMI) who die 15-20 years earlier than the rest of the population, largely due to preventable or treatable physical health problems. The information is taken from the data held by General Practice's via the General Practice Extraction Service (GPES). This will enable monitoring of the delivery and evaluation of the national programme, the full comprehensive health checks, uptake of the follow-up interventions and access to national cancer screening programmes. This information will aid understanding as to whether the delivery of follow-up interventions affects individual health check indicators over time. The data will support professionally led quality improvements, allowing local systems to clearly identify gaps, inequalities and opportunities for improvement in the provision of health care and for supporting research via NHS Digital Data Access Request Service (DARS).
Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?

Data is available via the Data Access Request Service (DARS) recipients are recorded in the Register of Approved Data Releases for these disseminations.

Is data transferred outside the UK? Not for the purposes of processing it by NHS Digital. It may be transferred outside of the UK if this approved by NHS Digital through the DARS process for any particular dissemination.
How long the data is kept 20 years minimum from the date of the extract from the General practice system.
Our lawful basis for holding this data Legal obligation
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Cross Object to it being processed or used
  • Cross Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent is not the basis for processing. Option available via National Data Opt out to stop your confidential patient information being used for research and planning.

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? General Practice (GP) medical records via General Practice Extraction Service (GPES)
The legal basis for collecting this data

GDPR:
Article 6(1)(c) Legal Obligation (Physical Health Checks for People with Severe Mental Illness Directions 2020),
Article 9(2)(g) Substantial public interests, supplemented by DPA 2018 schedule 1, part 2, Statutory etc and government purposes.
Article 9(2)(h) Management of health or social care systems and services, supplemented by DPA 2018 Schedule 1, Part 1, Health or social care purpose.