Safety and Learning

Who are Safety and Learning?

The NHS Resolution Safety and Learning service supports our Claims Management service members to better understand their claims risk profiles to target their safety activity while sharing learning across the system.

What data do we process?

Through access to our claims case management system, the Safety and Learning team have sight of all details of claims including:

  • Name;
  • Address;
  • Contact details;
  • Age;
  • Title;
  • NHS Number;
  • Gender;
  • Health data (where recorded on the claim).

It should be noted that whilst this data is visible, it is in read only format and no data can be amended. Ethnicity data is also present in Claims, if collected, however this is not visible to Safety and Learning staff.

How we use personal data

The Safety and Learning team will use claims information to enable staff and patients to learn from claims. We do this by feeding back to members, or through publications of themes or illustrative case stories. We utilise patient safety methodology to thematically analyse the information we hold.

We compile and publish research and statistics relating to Safety and Learning, this is in the form of aggregated data to reduce the risk of identification. To support learning, the Safety and Learning team will analyse data that has been collected by the Claims Management team (held within our internal case management system). Whilst this information is visible and accessible, the only information used by the Safety and Learning Team is the claims reference number, the age of the claimant and the gender. These data sets are processed only when a thematic review is being conducted.

How we collect your data

Safety and Learning do not collect the data directly from you (the data subject). As noted above, the data is accessed by a limited number of staff members and it is held in our internal case management system. The data has been obtained from your legal representative or other external sources such as NHS trusts, medico-legal experts or Binley’s (healthcare data and intelligence provider).

Who we share data with

We may on occasion need to share information with third parties such as our legal panel, police, NHS Counter Fraud Authority, the Department of Health and Social Care or other government departments, regulatory and/or other public authorities, to comply with legal obligations or where this is otherwise necessary and it is lawful to do so, including disclosures made to protect patient safety or to enhance public protection.

The lawful basis for processing your data

For all of the processing of personal data undertaken, the lawful basis for processing is:

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller under article 6(1)(e) of UK GDPR. The public task in question is supporting the Claims Management service members to better understand their claims risk profiles to target their safety activity while sharing learning across the system. This in turn informs future ways of working and practices, to create a more effective Claims Management service.

Where we have to process special categories of personal data such as gender, the lawful basis for processing is:

Processing is necessary for reasons of substantial public interest, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. This is as per article 9(2)(g). As noted above, the aims and objectives of the Safety and Learning function is to improve the overall delivery of our Claims Management service.

How long we keep your personal data

In order to determine how long we keep your personal data, we follow the NHS Records Management Code of Practice. You can find information about our retention schedules in our this document on this page, which outlines the duration that we keep specific information for.

Your rights

Under data protection legislation, you have a number of rights over your personal data such as the right of access, right to rectification and right to erasure.

As an organisation, we must respond to your request within one calendar month and we are legally required to act on requests and provide information free of charge. However, depending on the lawful basis for processing your data, some rights might not apply. In addition, requests that are manifestly unfounded, excessive or repetitive may be refused. If we determine this to be the case, we may charge a reasonable fee or refuse to act on the request.

Please send your request to nhsr.foi@nhs.net

Please see our privacy and cookies landing page, containing details of what rights you have and what rights are triggered by each lawful basis. For Safety and Learning, as noted above, we rely on public task.

You have the right to lodge a complaint about the way we handle or process your personal data with a supervisory authority. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

See details on how to make a complaint to either NHS Resolution or the ICO on our main privacy policy here.

Page last updated on: