Skip to main content

Privacy notice – NHS e-Referral Service FHIR API Integration

NHS e-Referral Service (e-RS) Fast Healthcare Interoperability Resources Application Programming Interface (FHIR API) Integration.

Page contents

Introduction

This statement outlines the privacy statement for individuals wishing to integrate with the NHS e-RS FHIR API and interact with the NHS e-RS FHIR API onboarding team(s). The e-RS team understands your needs as an individual to ensure that your data is being used and held in a responsible way and we aim to reassure you that every reasonable step is being taken to ensure that your data stays private.

Please ensure that you read this statement carefully and contact the e-RS NHS Partners team on [email protected] if you have any questions or concerns relating to it.

Who we are

The e-RS is a programme service of NHS England. NHS England is the data controller for the e-RS.

The Data Protection Officer for NHS England can be contacted at: [email protected]

The information we collect

When you register your interest with the NHS e-RS FHIR API Team we collect your organisation’s name and email address. This is so that we can ensure that communications are cascaded via the right individuals.

How we use personal information

From time to time we may use these details to send you information about (but not limited to):

  • onboarding processes
  • essential release updates
  • policy updates

Sharing personal data

We treat your personal data confidentially and under no circumstances will we share this information with any third parties.

Where we store and process personal data

All data stored for user accounts is held on UK based servers. Currently there are no plans for this to change. Should there be a change to the server locations we will inform users in writing.

How we secure personal data

We contact organisations via an NHSmail account. For more information on NHSmail encryption see our NHSmail webpages.  

All staff employed by NHS England and our suppliers are subject to security checks and are required to complete mandatory data security training.

How long we keep your personal data for

Your data will be deleted 5 years after you have ceased using the e-RS FHIR API.

This will enable you to return seamlessly to use the API suite within that time frame should you wish to.

Your rights in relation to personal data

We respect your rights to access and control the personal data that we hold about you, as required by data protection legislation. This includes your rights in respect of:

  • access to the personal information we hold about you
  • staying informed about how we use your information
  • correction
  • restriction of processing - where an individual contests the accuracy of the personal data, processing should be restricted until accuracy has been verified

You can exercise these rights at any time by emailing the e-RS team at [email protected]. Any requests for information will be acknowledged within one working day.

If you wish to make a complaint about how we have managed your data, contact details for the Regulator are provided below:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
WSK9 5AF
https://ico.org.uk/

Contact us

If you have any questions or concerns about this privacy statement or the way in which we process your data, please contact us at [email protected].

Last edited: 1 November 2023 9:06 am