Privacy Notice - Client Level Data

Sharing Client Level Data

Why are we processing your information?

The Department of Health and Social Care collects Client Level Data from local authorities which is mandatory from April 2023.

We are responsible for providing Client-Level Data to NHS Digital, which is responsible for data collection and analysis.

The data provided supports the integration of health and social care specifically for:

  • monitoring service users at a population level
  • monitoring service and integrated care outcomes across a pathway or care setting involving adult social care
  • developing, through evaluation of person-level data, more effective prevention strategies and interventions across a pathway or care setting involving adult social care
  • designing and implementing new payment models
  • understanding current and future population needs and resource utilisation

What is the legal basis for processing your information?

We have a legal requirement to provide Client Level data under Section 259 (5) of the Health and Social Care Act 2012. Under UK GDPR, the lawful basis for processing personal data is Article 6(1)(e) (public task) and Article 9(2)(h) (provision of health or social care).

How do we collect your information?

We collect information about you in various ways, including:

  • telephone
  • email
  • letters
  • face to face meetings
  • visits to your home
  • from other professionals

What information is being processed?

We're the data controller responsible for collecting and processing most of the personal data in relation to your health and social care.

We're required to provide Client Level Data to NHS Digital on person-level. Please see the CLD specification for more information about the data that is provided.

The data to be provided will be extracted by running a report against the council’s case management system and will undertake any processing necessary to submit a standard return in line with the Adults Social Care Client Level Data Specification.

The submission is made by loading the data file directly on to a Data Landing Platform managed by a Data Services for Commissioners Regional Office (DSCRO), which processes the data on behalf of NHS Digital. DSCRO staff follow strict rules on accessing, analysing and processing data, operating within an approved legal framework.

Once we provide information to NHS Digital, they become the data controller. NHS Digital may only disseminate data to a limited set of bodies.

The information is anonymised by NHS Digital and is not shared in any way which would identify you.

How long do we keep your data?

NHS Digital state that the data that they hold will be held for “20 years maximum from when the information is received, subject to appraisal if there is a justifiable reason to extend.”

Your rights and access to your information

Details of your rights and access to the information that is retained in the council’s case management system are set out in the main Privacy Notice for Solihull Metropolitan Borough Council Adult Social Care.

However, you have no rights to object to the data being provided to NHS Digital and the NHS National Data Opt-Out does not apply. This is because the data is submitted as required by the Data Provision Notice, which is a legal requirement with which all participating organisations must apply.