We’re making it easier for you to find out how we handle your prescription information.

A new data privacy law will be introduced in the UK in May 2018. As a result, we’ve published a new privacy notice to make it easier for you to find out how the NHS Business Services Authority uses and protects your prescription information.

Your doctor or pharmacist sends your prescriptions to us after dispensing your medical products to you, as stated on the prescription form. We manage the information on the forms as required by Data Protection law and we use it to:

  • pay the organisation providing you with medical products
  • secure effective and efficient delivery of NHS services
  • analyse general trends to support more effective planning of NHS services
  • check for fraud and mistakes, including checking claims you make for help with NHS charges. If we can’t confirm you’re entitled to help, you may be sent a Penalty Charge Notice
  • monitor the safety of new medicines

To prevent, detect and investigate fraud and errors, we may share your information with:

  • NHS Counter Fraud Authority
  • The Department for Work and Pensions
  • HM Revenue and Customs
  • Veterans UK
  • NHS Commissioners and service providers

We’ll only share information that can identify you with those directly involved in your NHS care or reviewing your NHS care, those who have a legal right to it and those who you have given us permission to share it with.

We also share information with Public Health England to help them protect and improve the health of the population of England. You can only be identified from this information where Public Health England have the legal power to do so. We share patient identifiable information for new medicines with the Drug Safety Research Unit at Southampton University. They have a legal right to this. They will contact your GP to ask for your permission to take part in the medicine safety study. If you do not want to take part, your information will be deleted.

Diabetic Eye Screening Service Privacy Notice

Your GP Practice works with the Hampshire & Isle of Wight Diabetic Eye Screening Programme (DESP), who will access your data if diabetes is indicated in your record. Here’s how your personal data is used:

What personal data do we collect about you and where from?

Information from your eye screening appointment (results and images), your GP Practice and the Hospital Eye Service will be used to assist in your ongoing care. The DESP can access your full name, NHS number, gender, date of birth, ethnic group, phone numbers, correspondence address, GP Practice details along with details of your diabetes care.

Who do we share your personal data with?

The DESP keeps information about you and your diabetes care to ensure we maintain an accurate register and deliver a safe and effective service. NHS England have commissioned Health Intelligence to run the local service as part of the national programme. Data security arrangements protect your privacy and ensure that your data is only accessed by your Retinal Screener and healthcare professionals involved in your care. This data is only kept for the period of the contract.

Who has access to your personal data?

The DESP engages Yakara Ltd, an appointment reminder voice messaging service and Synertec Ltd, a letter dispatch service to support the programme. Access is only for a short period of time to allow telephone calls, letter printing and dispatch to occur.

For further information please speak to your GP or go to: