We are committed to meeting the statutory requirements of the Freedom of Information Act. 

Before you make a request

You might not need to make a Freedom of Information (FOI) request to get the information you need.  Please check our previous releases to see if we’ve already answered your question.

What is a Publication Scheme?

The Freedom of Information Act 2000 (FOI Act) requires public authorities to adopt and maintain a publication scheme, the purpose of which is to:

  • Specify the classes of information we have committed to publish
  • Say how we will make that information available
  • Say whether the information is available free of charge or on payment

Most of the information covered by our publication scheme will be made available on this website. If you need information in an alternative format, we will do all we reasonably can to help.  You can view our publication scheme here.

Charges for information

Nearly all of our information can be accessed from this website free of charge. In some cases charges may apply.

If you do not have access to the internet, a printed copy of the web page(s) can be sent to you free of charge.

The following may incur a charge:

  • Requests for multiple copies
  • Where the cost of photocopying, postage and packing exceed £50

Any charges made will be to cover the costs of photocopying, postage and packing. You will be told in advance of supplying the information if there will be a charge, and how much it will be.


The information we have provided to you is copyrighted to NHS Swindon CCG and provided to you free of charge for your personal use or for other specific uses permitted in the Copyright Act.

If however you wish to use the information we have provided for any commercial purposes including the sale of the information to a third party then, under the Regulations on the Re-use of Public Sector Information Regulations 2005, you must ask us for permission to do so in respect of each specific piece of such information.

If we do grant such permission this may involve a licensing arrangement which may attract a fee.

Should you wish to apply for permission for commercial re-use under the Regulations you should write to us at This email address is being protected from spambots. You need JavaScript enabled to view it..

The Freedom of information Act 2000 gives any person the right to request information which is held by a public authority.  We are committed to being open and transparent with our health community and the wider public.

FOI requests, which we have a duty to respond to in 20 days, should be made in writing either by email or post using the details below.

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. 

Post: Freedom of Information Officer, Swindon Clinical Commissioning Group, The Pierre Simonet Building, North Swindon Gateway, North Latham Road, Swindon, Wiltshire, SN25 4DL

  • Your request will be automatically forwarded to Central Southern Commissioning Support Unit, an NHS support organisation operating under the authority of the NHS Commissioning Board, whose staff manage requests on our behalf.
  • They will acknowledge and deal with your request for us, and will only use your personal information for this purpose.
  • All information provided is held within secure computer systems and managed in line with the requirements of the Data Protection Act (2018)


Click here to download the CCG's organisational chart (correct as of March 2019) as a PDF document.







News on 27 October 2017: New Senior Responsible Officer (SRO) for BSW STP.  Read more here.  

News on 17 October 2017: The Winter Resilience Plan is now published and can be viewed here

News on 3 April 2017: Planning for the future, a short guide to the Bath and Northeast Somerset, Swindon and Wiltshire's Sustainability and Transformation Plan (STP), March 2017, is available to read here.


All health and social care organisations are working together across Bath and North East Somerset (B&NES), Swindon and Wiltshire on a five year sustainability and transformation plan (STP) to improve our local population’s health and wellbeing, to improve service quality and to deliver financial stability.  

We are developing a joint approach that will help deliver the aims of the Five Year Forward View and is in line with other important national guidance such as GP Forward View, Mental Health Taskforce Report and National Maternity Review.


Why do we need an STP?

There are growing pressures on the health and care system, nationally and locally.  The proportion of older people is rising and there are more people living with complex conditions.  This is contributing to an increased demand for services.  

Overall across B&NES, Swindon and Wiltshire the standard of health and care services is very good compared to other areas in England. 

But some challenges remain. Our hospital Accident &Emergency (A&E) departments are under pressure, in some areas patients are waiting too long for GP appointments and there are gaps in quality with some parts of our region benefitting from better health and care services than others.  Additionally there are increasing financial pressures.  Across all our local health organisations there was a collective end of year deficit of £6million for 2015/16 and this will rise to £337million at the end of 2021 across our combined area if we do nothing.

So we are working on a collective plan to drive greater efficiency and improvements in quality across the health and care system. For services to be sustainable, we also need to get better at preventing disease, not just treating it, and encourage everyone to take responsibility to manage their own care.


Our STP partners

Our plan brings together our three hospitals (Royal United Hospital, Great Western Hospital and Salisbury Foundation Trust), the three Clinical Commissioning Groups (CCGs); B&NES, Swindon and Wiltshire Councils, South West Ambulance Service (SWASFT) and Avon and Wiltshire Mental Health Partnership Trust (AWP).  The providers of our community services – Wiltshire Health and Care, Great Western Hospital NHS Foundation Trust and Sirona as well as the West of England Academic Health and Science Network (WEAHSN) and the Wessex Local Medical Committee (representing GPs from across the BSW area) complete our organisational grouping. 


Working together to transform services

The health and care needs of our local population across B&NES, Swindon and Wiltshire are diverse and we are developing a joint approach that takes this local variation into account.  Our joint work will not replace individual organisational plans or our B&NES, Swindon and Wiltshire Health & Wellbeing Strategies. And it will not stop all the great work already going on locally to improve local services.  

The emerging STP focuses on shared challenges and opportunities across the wider geographical footprint.  This is 'place-based' planning that is not limited by organisational boundaries and covers CCGs, NHS providers, specialised services and primary care.  It also includes better integration with local authorities including social care, prevention and self-care.  Some of our partner organisations such as AWP, Sirona and SWASFT operate beyond our combined area and so will overlap with other STP footprints. 


Our emerging priorities

Based on our knowledge of local need and challenges and in line with national guidance, we have developed three transformational work-streams. Each is led by a CCG Accountable Officer. These are:

  • Preventative and proactive care
  • Planned care
  • Urgent and emergency care

Over the past four months, organisation and service leads have been meeting in work stream groups and together at a number of cross-organisational workshops to explore solutions to the common challenges across B&NES, Swindon and Wiltshire.  They have also begun to identify opportunities for innovation that will benefit the local population, agree some collective health outcomes and explore the potential for a standard set of quality and performance measures across the footprint.  There are five emerging priorities:

  • To provide improved person-centred care by strengthening and integrating the specialist services that support primary care
  • To shift the focus of care from treatment to prevention and proactive care
  • To redefine the ways we work together as organisations to deliver improved individual/patient care
  • To ensure we offer staff an attractive career and build a flexible, sustainable workforce
  •  To strengthen collaboration across organisations to directly benefit acute and urgent care services.


What next and how can I get involved?

Compared to other STP areas, we do not have an established relationship across all the health and care organisations with the B&NES, Swindon and Wiltshire footprint so we are at an early stage of STP development.

We shared our outline proposals for the next five years with NHS England in June and will submit more detailed plans at the end of October. This will enable us to qualify for additional funding through the Sustainability and Transformation Fund from 2017/18 onwards, to help deliver our plans.

Drawing on the experience and clinical expertise of our workforce and those that use health and care services, as well as their carers, will help us to redesign services and to develop new models of care that are sustainable.  

Across our combined area, we already have a wealth of patient insight and useful information from recent consultation and engagement activity.  However the STP offers our stakeholders a new opportunity to inform our plans for local health and care services and we are committed to ensuring everyone's views are taken into consideration at all stages of the process. We are working closely with Healthwatch (the consumer champion in health and care) in B&NES, Swindon and Wiltshire to make sure the voice of local people is represented as our plans begin to take shape. 

Updates on our STP will be shared at CCG board meetings, AGMs and Council meetings, please check individual organisation websites for details of these.  A wider programme of public engagement will commence in the autumn and more information on this will be available here shortly. In the meantime if you have any questions or feedback, please get in touch by email to This email address is being protected from spambots. You need JavaScript enabled to view it. or contact your local Healthwatch office.


You can read more about Sustainability and Transformation Plans, how they will work across the country and what they mean for the NHS here.

Further details are included in this presentation


Below you can access the summary of the plan and the plan in full:

Sustainability and Transformation Plan Summary-November 2016

Sustainability and Transformation Plan 2016




Swindon CCG has a large number of relationships to manage including its relationship with its member practices.  Relationships include those that:-

  • form part of the CCG – member practices and their staff
  • monitor the performance and/delivery of the CCG – NHS England, HealthWatch Swindon, elected officials, media
  • monitor the performance of healthcare providers we commission services from – Monitor, Care Quality Commission, NHS Improvement
  • we work in partnership with – local authority, voluntary sector, patient reference groups and other healthcare commissioners such as CCGs and NHS England
  • we represent – patients, carers, families using healthcare every day and who we are accountable to as a statutory organisation.

The annual 360 stakeholder survey is a key part of ensuring these strong relationships are in place. The survey allows stakeholders to provide feedback on working relationships with CCGs. The feedback is used to help inform the way we manage our relationships and undertake our business.

The 2016 report can be found here

The 2017 report can be found here

The 2018 report can be found here


What is the Fair Processing Notice?

The Fair Processing Notice (also known as a Privacy Notice) is part of our programme to make the data processing activities we are carrying out as transparent as possible.

It tells you about the information we collect and hold about you, what we do with it, how we will look after it and who we might share it with.

Additionally, the notice covers information we collect directly from you or receive from other individuals or organisations.

If you require any additional information or explanation, requests can be made in the following ways:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. 

Post: The Pierre Simonet Building, North Swindon Gateway, North Latham Road, Swindon, Wiltshire, SN25 4DL 


Reviewing the Fair Processing Notice

This notice was last reviewed on 13 November 2019. 


Our Commitment to Data Privacy and Confidentiality Issues

We are committed to protecting your privacy and will only process data in accordance with the Data Protection Legislation.  This includes the General Data Protection Regulation (EU) 2016/679  (GDPR), the Data Protection Act (DPA) 2018, the Law Enforcement Directive (Directive (EU) 2016/680) (LED) and any applicable national Laws implementing them as amended from time to time. 

In addition, consideration will also be given to all applicable Law concerning privacy, confidentiality, the processing and sharing of personal data including the Human Rights Act 1998, the Health and Social Care Act 2012 as amended by the Health and Social Care (Safety and Quality) Act 2015, the common law duty of confidentiality and the Privacy and Electronic Communications (EC Directive) Regulations..

NHS Swindon CCG is a Data Controller as defined under the GDPR.  We are legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you, is done in compliance with the Data Protection Principles as set out in Article 5 under GDPR.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Registration number is Z3623454 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website.

Everyone working for the NHS has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

If you are receiving services from the NHS, we share information that does not identify you (anonymised) with other NHS and social care partner agencies for the purpose of improving local services, research, audit and public health.

We would not share information that identifies you unless we have a fair and lawful basis such as:

  • You have given us permission;

  • To protect children and vulnerable adults;

  • When a formal court order has been served upon us;


  • When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;

  • Emergency Planning reasons such as for protecting the health and safety of others;

  • When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals

The CCG is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

All information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only a limited amount of authorised staff are able to see information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis.

All of our staff, contractors and committee members receive role appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

We will only use the minimum amount of information necessary about you.

We will only retain information in accordance with the schedules set out in the Records Management Code of Practice for Health and Social Care 2016.  


Overseas Transfers

Your information will not be sent outside of the United Kingdom where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.


Your Rights

GDPR provides the following rights for individuals:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling.

If you do not agree to certain information being processed or shared with us, or by us, or have any concern, then please let us know.

You have the right to refuse/withdraw consent to information sharing at any time. The possible consequences can be fully explained to you and could include delays in receiving care. If you wish to discuss withdrawing consent please contact the CCGs Patient Advice and Complaints Team, http://www.swindonccg.nhs.uk/index.php/contact-us/patient-advice-and-complaints-team Telephone: 0300 200 8844.

For more information on Your Rights please click here. 


The National Data Opt-Out

Your right to opt out of data sharing and processing

The NHS Constitution states that you have a right to request that your personal confidential information is not used beyond your own care and treatment and to have your objections considered.  For further information please visit: https://www.gov.uk/government/publications/the-nhs-constitution-for-england

There are two forms of opt- outs:

Type 1 opt-out

If you do not want personal confidential information that identifies you to be shared outside your GP practice you can register a ‘Type 1 opt-out’ with your GP practice. This prevents your personal confidential information from being used except for your direct health care needs and in particular circumstances required by law, such as a public health emergency like an outbreak of a pandemic disease. 

Patients are only able to register this opt-out at their GP practice and your records will be identified using a particular code that will stop your records from being shared outside of your GP Practice.

National data opt-out

The national data opt-out was introduced on 25 May 2018 and replaces the previous ‘type 2’ opt-out.  NHS Digital collects information from a range of places where people receive care, such as hospitals and community services.  The new programme provides a facility for individuals to opt-out from the use of their data for research or planning purposes.  For anyone who had an existing type 2 opt-out, it will have been automatically converted to a national data opt-out from 25 May 2018 and will receive a letter giving them more information and a leaflet explaining the new national data opt-out. The national data opt-out choice can be viewed or changed at any time by using the online service at .www.nhs.uk/your-nhs-data-matters or call 0300 303 5678.

You do not need to do anything if you are happy about how your confidential patient information is used.


Complaints or Questions

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. 


Subject Access Requests

Individuals can find out if we hold any personal information by making a request under the Right of Access under GDPR, more commonly called a ‘Subject Access Request’.

If we do hold information about you we will:

  • Give you a description of it;

  • Tell you why we are holding it;

  • Tell you who it could be disclosed to;

  • Let you have a copy of the information in an intelligible form; and

  • Correct any mistakes to information held

We will hold Subject Access Requests for 3 years after closure at which time the retention period will be reviewed on an individual basis. If a Subject Access Request has been subject to an appeal we will be required to hold your information for 6 years after closure at which time your information will be destroyed.

For further information on how to make a request go to: https://www.swindonccg.nhs.uk/about-us/requesting-information/subject-access-requests

If you require further advice, you can contact us on: 01793 683700 or via email: This email address is being protected from spambots. You need JavaScript enabled to view it. or in writing to:

Subject Access Request Team

Swindon CCG

The Pierre Simonet Building

North Swindon Gateway

North Latham Road



SN25 4DL

Your request will be automatically forwarded to NHS South, Central and West Commissioning Support Unit, an NHS support organisation operating under the authority of the NHS Commissioning Board, whose staff manage requests on NHS Swindon Clinical Commissioning Groups behalf.  


Confidentiality Advice and Support

The CCG has an Executive Director responsible for protecting the confidentiality of patient information. This person is called the Caldicott Guardian who oversees the arrangements for the use and sharing of patient information.  The Caldicott Guardian plays a key role in ensuring that the NHS, Councils with Social Services and Public Health responsibilities and Partner Organisations satisfy the highest practical standards for handling patient information.  Acting as the ‘conscience’ of the organisation, the Caldicott Guardian actively supports work to enable information sharing where it is appropriate to share and advises on options for lawful and ethical processing of information.

The Caldicott Guardian for this organisation is:

Gill May, Director of Nursing and Quality

Telephone: 01793 683700

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

The CCG has a Data Protection Officer (DPO) responsible for monitoring compliance with the GDPR and other data protection legislation, the organisations data protection policies, awareness-raising, training and audits.  The DPO acts as the contact point with the ICO, our employees and the public. They co-operate with the ICO and will consult on any other matter relevant to Data Protection.

The DPO for this organisation is:

Julie-Anne Wales, Director of Corporate Affairs

Telephone: 01225 831446

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. 


Personal Information We Collect and Hold About You

As a commissioner, we do not routinely hold or have access to your medical records. However, we may need to hold some personal information about you, for example:

  • If you have made a complaint to us about healthcare that you have received and you have asked us to investigate it for you

  • If you ask us to provide funding for Continuing Healthcare services

  • If you ask us for our help or involvement with your healthcare, or where we are required to fund specific specialised treatment for a particular condition that is not already covered in our contracts with organisations that provide NHS care

  • If you ask us to keep you regularly informed and up-to-date about the work of the CCG, or if you are actively involved in our engagement and consultation activities or Service User or Patient Participation Groups.

  • If you have used our repeat prescription service, run on behalf of GP practices in the Swindon area.

  • If you use e-Referral Service facilities in the Swindon area, which is managed by our Referrals team.

  • If your GP practice has asked our Medicines Optimisation Team to undertake work to ensure prescribing is both cost and clinically effective as well as safe. 

Our records may include relevant information that you have told us, or information provided on your behalf by relatives or those who care for you and know you well, or from health professionals and other staff directly involved in your care and treatment.

Our records may be held on paper or in a computer system. The types of information that we may collect and use include the following:

Identifiable This is data which contains details which can identify individuals such as name, address, telephone number, date of birth, postcode.
Pseudonymised This is data that has undergone a technical process that replaces your identifiable information such as NHS number, postcode, date of birth with a unique identifier, which obscures the ‘real world’ identity of the individual patient to those working with the data.
Anonymised This is data which does not identify individuals and where there is no risk that identification is likely to take place.
Aggregated This is anonymised data which is grouped together so that it does not identify an individual.

Personal Data

This is any information relating to an identified or identifiable natural person who can be identified, directly or indirectly.
Confidential Data This is personal information about identified or identifiable individuals which should be kept private or secret.  The definition includes dead as well as living people and ‘confidential’ includes information ‘given in confidence’ and ‘that which is owed a duty of confidence’. 
Special Category Data GDPR defines “special category data” as information about an individual’s: Racial or ethnic origin; political opinions; religious beliefs; trade union membership; health; sexual life; alleged criminal activity; or court proceedings.


Our Uses of Information

Although this is not an exhaustive detailed listing, the following table lists key examples of the purposes and rationale for why we collect and process information:



We will process your personal information where it relates to a complaint where you have asked for our help or involvement.

The information we will require when you make a complaint will be: 

  • Your name, address and contact telephone number and those of the person that you may be complaining for; including their date of birth and NHS Number

  • A summary of what has happened, giving dates where possible

  • Which organisation provided the care or service

  • A list of things that you are complaining about

  • What you would like to happen as a result of your complaint

Legal Basis

The CCG has a duty as to the improvement in quality of services under Section 14R NHS Act 2006 and will rely on your explicit consent as the basis to undertake such activities.

Complaint Process

When we receive a complaint from an individual we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service being provided.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute.

If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with NHS retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

We may use service user stories, following upheld complaints, but the individual will remain anonymous. The service user stories will provide a summary of the concern, service improvements identified and how well the complaints procedure has been applied. Explicit consent will always be sought from the service user and carer or both before we use the service user story.

To make a complaint, please use the details on our http://www.swindonccg.nhs.uk/index.php/contact-us/patient-advice-and-complaints-team page. 


Managing complaints enables the CCG to continuously improve the quality of the services they commission.

Retention Period

Information relating to complaints will be retained for 10 years after which time the information will be reviewed and if no longer necessary will be destroyed.
Individual Funding Request (IFR)


We will collect and process your personal information where we are requested to fund a specific treatment or service for a condition that is not routinely offered by the NHS.

This is called an “Individual Funding Request” (IFR).

Legal Basis

The CCG has a duty to have regard to the need to reduce health inequalities in access to health services and health outcomes achieved as outlined in the  National Health Service Commissioning Board and Clinical Commissioning Groups (Responsibilities and Standing Rules) Regulations 2012 (SI 2012 No 2996) (Part 7-34 (1) and (2).

The clinical professional who first identifies that you may need the treatment will explain to you the information that we need to collect and process in order for us to assess your needs and commission your care and will ask for your informed consent for personal clinical information to be shared with the CCG.


The Individual Funding Request process allows Swindon CCG to look at evidence for the safety and effectiveness of any treatment and ensures that the services we pay for will give patients the greatest health gains from the finite resources we have available.

Continuing Healthcare


We will collect and process your identifiable information where you have asked us to undertake assessments for your continuing healthcare which is a package of care that is arranged and funded solely by the NHS for individuals who are not in hospital but have been assessed as having a “primary health need”.

This is called “Continuing Health Care” (CHC)

Legal Basis

The CCG has a duty to have regard to the need to reduce health inequalities in access to health services and health outcomes achieved as outlined in the National Health Service Commissioning Board and Clinical Commissioning Groups (Responsibilities and Standing Rules) Regulations 2012 (SI 2012 No 2996) (Part 6-20-22.

The clinical professional who first sees you to discuss your needs will explain to you the information that they need to collect and process in order for us to assess your needs and commission your care and will ask for your informed consent for personal clinical information to be shared with the CCG.


Swindon CCG can arrange a care and support package that meets your assessed needs.  The CCG can determine how your needs and care will be managed, where your care will be given e.g. in your own home or in a care home and identify which organization will be responsible for meeting your needs.

Retention Period

Information relating to Continuing Healthcare will be retained for 8 years after which time the information will be reviewed and if no longer necessary will be destroyed.

Clinical Concerns


Clinical Concerns was developed in response to the Francis Report 2013 and is a process through which the CCG works in collaboration with General Practices and other local healthcare Providers to gather intelligence about the quality and safety of local services and to facilitate learning and improvement.

Your General Practice has appointed the CCG as the Data Processor to process Clinical Concerns on their behalf and have a Data Processing Agreement in place which identifies General Practice as the Data Controller and the CCG as the Data Processor. The Data Processing Agreement details the boundaries of sharing information and is reviewed on an annual basis.

In order to facilitate the investigation of Clinical Concerns, your General Practice will provide the CCG with your NHS Number. The CCG will share this with the relevant healthcare providers involved in your care and treatment in order for them to investigate. The aim of this investigation is to resolve any outstanding issues in relation to the individual’s care and treatment and to provide an opportunity to improve the quality of the service. The CCG will not use your NHS number for any other purpose.

Legal Basis

The General Practice will rely on GDPR Articles 6(1)(e) and 9(2)(h) and the Health & Social Care Act (duty to share) as a legal basis to raise a Clinical Concern. The General Practice will provide you with comprehensive information by way of a Fair Processing Notice which clearly details the data sharing relationship with the CCG.

The CCG will rely on the NHS Act 2006 Section 13R and 14Q as a legal basis to support their enactment of the following commissioning duties:

  • Information on safety of services provided by the health service

  • Duty as to effectiveness and efficiency

  • Duty as to the improvement in the quality of services


To assist with the gathering of intelligence about the quality and safety of local services and to facilitate learning and improvement.

Retention Period

The CCG will hold your information for a period of 10 years following the closure of a clinical concern. Before records are destroyed we will review information held and take into account any serious incident retentions which may require us to hold the information for a further period of time. Each case will be reviewed on an individual basis.

 Assuring Transformation


Assuring Transformation data is information we collect about people with a learning disability, autism or both who are getting care in hospitals for their mental health or because they have had behavior that can be challenging. 

The CCG collects this data each month from healthcare Providers which is collected by NHS Digital. NHS Digital will publish a monthly progress report and provide this information to NHS England.  These reports do not include any personal information.  There is a calendar that tells you exactly when it will be published.

This information informs NHS England of:

  • how many people are in hospital

  • how long they have been in hospital for

  • when their care and treatment is checked

  • what kind of hospital they are in

  • NHS England will check this information to make sure people are not in hospital if they would be better looked after in the community.  

NHS England has produced an Assuring Transformation Easy Read Leaflet which can be obtained from your healthcare Provider.

Legal Basis

Assuring Transformation is a mandatory data collection of which has been approved by the Secretary of State under Regulations enabled by Section 251 of the NHS Act 2006 reference CAG 8-02(a-c)/2014.

If you do not want your information to be included in these collections please contact us.


The published report allows the public to check if the NHS is doing a good job of looking after people with a learning disability, autism or both who are in hospital and assists NHS England in determining whether patients are getting the right care in the right place.



Safeguarding means protecting peoples' health, wellbeing and human rights, and enabling them to live free from harm, abuse and neglect. It is a key part of providing high-quality health and social care.  The CCG will participate in Serious Case Reviews undertaken by either the local Children’s Safeguarding Boards or the Adult Safeguarding Boards for continued learning, to minimize risk and to improve services.  As part of delegated commissioning arrangements the Designated Adults Safeguarding Manager (DASM) will act on behalf of Primary Care and will be provided with personal confidential information specific to an individual case. The DASM will review this information and produce an anonymized report which is signed by the organisations Caldicott Guardian and submitted to the relevant Children or Adult Safeguarding Boards at which point personal confidential information provided to the CCG is destroyed.

Legal Basis

The CCG has a statutory responsibility under the Children Act 2004, Care Act 2014 and safeguarding provision within the Data Protection Act 2018 (Schedule 1, Part 2, Subsections 18 and 19) to ensure the safety of all children, and the safety of adults at risk of abuse and neglect. 


Safeguarding is a fundamental element of the CCGs commissioning plans and forms a core part of the commissioning assurance process.

Retention Period

The CCG will hold your information for a period of 8 years following the closure of a case. Before records are destroyed we will review information held and take into account any serious incident retentions which may require us to hold the information for a further period of time. Each case will be reviewed on an individual basis.

 Risk Stratification


Risk stratification is a process that uses de-identified personal data from health care services to determine which people are at risk of experiencing certain outcomes, such as unplanned hospital admissions.

Data Processing activities for Risk Stratification

Risk stratification tools are used by CCGs to analyse the overall health of a population using data which is anonymised in line with the Information Commissioner’s Office (ICO) Anonymisation Code of Practice.

The combined CCGs Secondary Use Service (SUS) data and GP data which contains an identifier (usually NHS number) is made available to clinicians with a legitimate relationship with their patients to enable them to identify which patients should be offered targeted preventative support to reduce those risks.

The CCG has commissioned NHS South, Central and West Commissioning Support Unit (SCWCSU) to provide the risk stratification software solution on behalf of itself and its GP practices. This is known as Integrated Population Analytics, or IPA.

The CCG will use pseudonymised versions of this information to understand the local population needs, whereas GPs will be able to identify (by NHS number) which of their patients are at risk in order to offer a preventative service to them.

NHS South, Central and West Commissioning Support Unit (SCW) – DSCRO work with Graphnet Health Limited to extract Primary Care data and the SCWCSU process this data on behalf of the CCG for Risk Stratification purposes.

This processing takes place under contract following the below steps:

  • NHS Digital has a legal obligation to obtain data from providers of NHS care such as the local hospital or community hospital.  This data is then sent to the SCWCSU DSCRO and amended so that only your NHS number could identify you. The data is then provided to SCWCSU for processing in the risk stratification software. The CCG has signed a Data Sharing Contract with NHS Digital for the use of this data, called Secondary Use Services (SUS) data.

  • The SCWCSU contract Graphnet Health Limited to extract primary care data identifiable by your NHS Number for those patients that have not objected to Risk Stratification or where no Type 1 objection has been made by an individual. The data containing the same verified NHS numbers are then stored within a secure sever owned and managed by SCWCSU which is then processed through the risk stratification algorithms and the output made available in the IPA user interface.

  • Within the landing stage, the risk stratification system automatically links and pseudonymises the identifiable data from GP’s and NHS Digital. No identifiable data of any patient is seen by the CCG.

SCWCSU has set up a formula to analyse the data in pseudonymised form to produce a risk score for each patient. This information is available to SCWSCU DSCRO.

The risk scores are only made available to authorized users within the GP Practice where you are registered via a secure portal managed by SCWCSU.  This portal allows only the GPs to view the risk scores for the individual patients registered in their practice in identifiable form. The outputs can be made available if Practices are working as a locality, federation or super practice and this access is agreed by the Caldicott Guardian for each Practice.  In certain circumstances a team of clinical staff may come together to form a multi-disciplinary team and where appropriate, staff in this team may be given access to or information about your risk scores but only after your GP Practice has approved this.

If you do not wish information about you to be included in our risk stratification programme, please contact your GP Practice. They can add a code to your records that will stop your information from being used for this purpose.

Further information about risk stratification is available from: https//www.england.nhs.uk/ourwork/tsd/ig/risk-stratification/

Further information about Integrated Population Analytics is available from: https://www.scwcsu.nhs.uk/ipa

Legal Basis

NHS England has gained approval from the Secretary of State, through the Confidentiality Advisory Group, for its application for the disclosure of commissioning data sets and GP data for risk stratification purposes to data processors working on behalf of GPs which provides a statutory legal basis under Section 251 of the NHS Act 2006 to process data for risk stratification purposes. We are committed to conducting risk stratification effectively, in ways that are consistent with the laws that protect your confidentiality.


CCGs and GPs use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable admissions. Typically this is because patients have a long term condition such as Chronic Obstructive Pulmonary Disease.  NHS England encourages CCGs and GPs to use risk stratification tools as part of their local strategies for supporting patients with long-term conditions and to help and prevent avoidable admissions.

Knowledge of the risk profile of our population will help the CCG to commission appropriate preventative services and to promote quality improvement in collaboration with our GP practices.

 Invoice Validation


The Invoice Validation process ensures that care providers who provide you with care and treatment can be paid for the services they provide.

Care providers submit their invoices to NHS Shared Business Services (NHS SBS) who process invoices on behalf of NHS Swindon CCG. NHS SBS do not require and should not receive any patient confidential data to provide their services.

There are situations where identifiable patient personal data is required to ensure that the correct service provider is paid.

In such cases service providers are required to send identifiable patient personal data such as the NHS Number to a Controlled Environment for Finance (CEfF) which is a secure restricted area within NHS Swindon CCG and indicate which invoices we can validate (authorize) for payment. NHS England has published guidance on how invoices must be processed and Commissioners have a duty to detect report and investigate any incidents of where a breach of confidentiality has been made.

For more information see: https://www.england.nhs.uk/ourwork/tsd/ig/in-val/invoice- validation-faqs/

Legal Basis

The legal basis for SCWCSU to receive personal identifiable data for the purposes of invoice validation is provided by Section 251 of the NHS Act 2006.


The invoice validation process supports the delivery of patient care by ensuring that:

  • service providers are paid for patients treatment,

  • enables services to be planned, commissioned, managed and subjected to financial control,

  • enables commissioners to confirm that they are paying appropriately for the treatment of patients for whom they are responsible

  • fulfilling commissioners duties of fiscal probity and scrutiny

  • enables invoices to be challenged and disputed or discrepancies resolved

Patient and Public Involvement


If you have asked us to keep you regularly informed and up to date about the work of the CCG or if you are actively involved in our engagement and consultation activities or patient participation groups, we will collect and process personal confidential data which you share with us.

This is called ‘Patient and Public Involvement’

Where you submit your details to us for involvement purposes, we will only use your information for this purpose. You can opt out at any time by contacting us using our contact details at the end of this document.

Legal Basis

Under the NHS Act 2006 Section 14Z2, the CCG has a duty, in relation to health services provided (or which are to be provided) under arrangements made by the CCG exercising its functions, to make arrangements so as to secure that individuals to whom the services are being (or may be) provided are involved at various specified stages.

We will rely on your consent for this purpose.


If you would like to find out more information on how to get involved and how this benefits Swindon CCG, please see our Getting Involved pages: http://www.swindonccg.nhs.uk/index.php/get-involved

Records Retention

Where you have provided us with your contact details for us to keep in touch, when we contact you periodically we will check you are still happy for us to hold these details.



To collect NHS data about service users that we are responsible for.

Legal Basis

Under the Health & Social Care Act 2012 the CCG has a statutory legal basis for collecting and processing information for the purposes of commissioning.

Processing Activities

Hospitals and community organisations that provide NHS-funded care are legally and contractually obliged to submit certain information to NHS Digital about services provided to our service users.

This information is generally known as commissioning datasets. The CCG obtains these datasets from NHS Digital and they relate to service users registered with GP Practices that are members of the CCG.

These datasets are then used in a format that does not directly identify you, for wider NHS purposes such as managing and funding the NHS, monitoring activity to understand and plan the health needs of the population, and to gain evidence that will improve health and care through research.

The datasets include information about the service users who have received care and treatment from those services that we are responsible for funding. The CCG is unable to identify you from these datasets. They do not include your name, home address, NHS number, post code or date of birth.  Information such as your age, ethnicity and gender, as well as coded information about any clinic or accident and emergency attendances, hospital admissions and treatment will be included.

The specific terms and conditions and security controls that we are obliged to follow when using these commissioning datasets can also be found on the NHS Digital website.

We also receive similar information from GP Practices within our CCG membership that does not identify you.


We use these datasets for a number of purposes such as:

Performance managing contracts;

  • Reviewing the care delivered by providers to ensure service users are receiving quality and cost effective care;

  • To prepare statistics on NHS performance to understand health needs and support service re-design, modernisation and improvement;

  • To help us plan future services to ensure they continue to meet our local population needs;

  • To reconcile claims for payments for services received in your GP Practice;

  • To audit NHS accounts and services.

If you do not wish your information to be included in these datasets, even though it does not directly identify you to us, please contact your GP Practice and they can apply a code to your records that will stop your information from being included.

Primary and Secondary Care


We commission a number of organisations to provide primary and secondary healthcare services to you. These organisations may be within the NHS or outside the NHS. 

Primary Care services cover GP Practices, Dental Practices, Community Pharmacies and high street Optometrists.

Secondary Care services are usually (but not always) delivered in a hospital or clinic with the initial referral being received from Primary Care.

These organisations may share identifiable, pseudonymised, anonymized, aggregated and personal confidential data information with us for the following purposes: 

  • To look after the health of the general public such as notifying central NHS groups of outbreaks of infectious diseases

  • To undertake clinical audit of the quality of services provided

  • To carry out risk profiling to identify patients who would benefit from proactive intervention

  • To perform case management where the NHS offers intervention and integrated care programmes involving multiple health and social care providers

  • To report and investigate, complaints, claims and untoward incidents

  • To prepare statistics on our performance for the Department of Health

  • To review out care to make sure that it is of the highest standard

Legal Basis

The Health & Social Care Act 2012 allows us to collect your information and is only accessed a limited number of authorised staff and not disclosed to other organisations. We will never share your personal information unless a legal basis has been identified for the different purposes of sharing or we have obtained your explicit consent.


Through sharing information ethically and lawfully the NHS is able to improve its understanding of the most important health needs and the quality of the treatment and care provided.

 Cabinet Office


The Cabinet Office is responsible for carrying out data matching exercises. Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.  Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

Legal Basis

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under GDPR.

Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.


National Registries National Registries (such as the Learning Disabilities Register) have statutory permission under Section 251 (16/CAG/0056) of the NHS Act 2006, to collect and hold service user identifiable information without the need to seek informed consent from each individual service user.

Data may be collected for the purpose of research.

Research can be undertaken using information that does not identify you (anonymised). The law does not require your consent to be obtained in this case but information should be made available to you where your anonymised data is used for the purposes of research. Information can be made available either in waiting rooms, using information leaflets, published on notice boards, waiting room screens and/or an organisations website. 

Where identifiable data is needed for research, you may be approached by an organisation that has provided you with care and asked if you wish to participate in a research study.  Where identifiable data is required, an organisation must obtain explicit consent.  A member of the research team will discuss the research study with you and will provide you with information on what the study is about, what information they wish to collect, how to opt out and who to contact for more information. 

If you do not wish your information to be used for research, whether identifiable or non-identifiable, please let your GP Practice know. They will add a code to your records that will stop your information from being used for research.

Legal Basis

Your explicit consent will be obtained as the legal basis to process identifiable information for research purposes.


Results from research studies can provide a direct benefit to individuals who take part in medical trials and indirect benefit to the population as a whole.

Retention Period

Retention periods will be included in the research study Information Leaflet related to each study.

Recording of Telephone Calls

All telephone calls to and from the Referral Team, Reception and Prescription Team, are recorded. 


This is to help us ensure that we provide the best possible service to patients. This helps us to deliver care and identify ways that we can provide you with a better service. 

Retention Period

We will hold this data for one year.

CCTV Cameras

We have installed CCTV cameras in our offices in areas that are used by members of the public and staff.

Legal Basis

This is for the purposes of public safety and crime prevention / detection.  In all locations, signs are displayed notifying of the fact the CCTV is in operation and providing details of whom to contact for further information about the scheme. 


Individuals are being provided with free access to Wi-Fi to gain internet access in all GP practices. Practice staff will also have the ability to access their corporate network from mobile devices e.g. laptops and tablets 

Processing Activities

The connection and disconnection times, allocated IP addresses, Mac address, online resources and services accessed, name and email address used to log on to the GP WI-FI network will be shared with system administrators at Swindon CCG to allow traceability as per the Data Retention Regulations of 2009. Anonymised usage statistics will also be submitted to NHS Digital, so that NHS Digital can monitor NHS Wi-Fi uptake.

Legal Basis

Data Retention Regulations of 2009.

We will also rely on your explicit consent to undertake such activities - users must accept terms and conditions before they can gain access to this service and submit their details.

User accounts can be deleted upon request.


NHS Wi-Fi is being rolled out to all general practices in England and patients will be able to access the internet free of charge in their GP’s waiting room, via their smart phone or tablet. Internet access will be granted through an NHS.UK landing page which will host national healthcare information alongside locally generated content from the general practice or CCG, such as information about local clinics and health services. Patients can use the service to access and download health apps, browse the internet and look up health and care information.  

Funded by NHS England and delivered by NHS Digital and Clinical Commissioning Groups, NHS Wi-Fi is a response to patient feedback asking for free Wi-Fi services to be introduced in NHS locations. It provides an efficient, reliable and secure platform that enables GPs to offer and utilise the latest digital health and care services.
Prescription Ordering Direct (POD)

NHS Swindon CCG is supporting GP practices to provide an alternative route for patients to order their repeat prescriptions. 

The POD will be staffed by dedicated, experienced and fully trained prescribing clerks and clinical members of the Medicines Optimisation team at the NHS Swindon Clinical Commissioning Group. They will be able to access all repeat prescription records and have immediate access to your GP practice should the need arise. 

If your GP practice has joined the POD service, and if you choose to contact the POD service to arrange for a repeat prescription, you will be asked for your consent to access your medical record, which will be done via your GP's record system (either “TPP SystmOne” or “EMIS web”). The POD team will log into the relevant GP practice system, access your patient record and ask you some questions to confirm your identity.

The POD member of staff will have access to part of your patient record needed to complete your request for a repeat prescription.

Legal Basis

Your patient record will only be accessed if you choose to make use of this repeat prescription service and give your permission. Legal basis for this work is provided by GDPR Articles 6(1)(e) and 9(2)(h).

Referral Support Centre (RSC)

The Referral Support Centre (RSC) is a local service available for all Swindon GP practices provided by Swindon Clinical Commissioning Group. The aim of the RSC is to support patients and practices through the referral process using the National Booking System, known as eReferrals.

The RSC have a team of local clinicians who review the referrals we are sent. Based on their advice, the RSC will offer appropriate services to patients and, where possible, offer them a choice of appointment dates, times and locations. By offering alternatives to the traditional hospital based consultant appointments we are aiming to help more patients to be treated in the most appropriate setting based on their clinical condition.

The RSC is staffed by experienced call handlers aware of local booking/commissioning instructions to help ensure patients are seen in the right place first time. In order to do this efficiently they will have access to details such as your name, DOB, address, telephone number, NHS number and your patient referral information. The RSC are also able to provide patients with additional information, such as directions or local transport links, which is not available from the national telephone appointment line.

Legal Basis

GDPR Articles 6(1)(e) and 9(2)(h) and the Health & Social Care Act (duty to share).

Medicines Optimisation

The Medicines Optimisation Team (MOT) is commissioned by Swindon CCG GP practices to carry undertake various Medicines Optimisation activities to ensure that patients receive prescribed items which are clinically effective and cost effective based on individual, local and national health population needs.  We can also benchmark and share best practice at a practice level, locally and nationally to further improve our patients’ experience of prescribed items and to the benefit of our local population

To achieve the above we will process your personal data for purposes such as: 

  • Carrying out direct patient-facing activities on behalf of or at the request of a GP or General Practice, including prescribing support and medicines optimisation work in Swindon residential and nursing homes. 

  • Undertaking analysis with specific criteria to identify individual patients that may benefit from a safer, a more effective and / or more efficient medicinal regimes and approaches. This analysis may be carried out proactively or at the direct request of a General Practices and all lead to recommendations to the responsible clinician.

The MOT is comprised of clinicians (pharmacists, nurses and dietitians) and as such, all have a duty of care and use clinical judgement to determine whether or not it is relevant or appropriate to access patient identifiable data or records for the piece of work being completed.

Legal Basis – The CCG will rely on the below legal basis to process personal data for the purposes of medicines optimisation:

•          Health & Social Care Act 2012 (Section 251b) (duty to share)

•          NHS Act 2006 (Section 3a) (duty as to provision of certain services)

•          GDPR Articles 6(1)(e) and 9(2)(h) 

Retention Period

The CCG will hold this information for a period of 5 years.  Before records are destroyed we will review information held and take into account any further retention periods which may oblige us to hold the information for a further period of time.

Learning Disabilities Mortality Review (LeDeR) Programme


The Learning Disabilities Mortality Review (LeDeR) Programme aims to review the death of any person who lived with learning disabilities, identifying any health and social care factors relating to the death where things could have been done differently, and seeking to ensure that where care and treatment have not been at the expected standard this is not repeated elsewhere. The programme is co-ordinated by the University of Bristol in partnership with NHS England. NHS Swindon Clinical Commissioning Group (CCG) participates in the programme by co-ordinating reviews at a local level via a Local Area Contact (LAC) and also leads the LeDeR Steering Group for Swindon, Wiltshire and BaNES.

The LeDeR programme office (University of Bristol) can be told about the death of a person with learning disabilities by anyone holding that information. This could be, for example, a health or care professional, a relative, a service manager or another person with learning disabilities. When the death is notified to the programme, via a secure web portal, personal information about the person who has died is collected. This information is then shared with the CCG in the locality where the patient had been registered with their GP. The CCG LAC co-ordinates the mortality reviews for its geographical area at the local level, and is therefore privy to all of the information about the case communicated from the LeDeR programme office. The information is communicated via a secure web platform.

The CCG LAC appoints a trained reviewer who then seeks further information about the person who has died from health or care professionals who have been involved in supporting that person. The reviewer may ask them questions about the health and care of the person, their diagnosis and treatments, and the circumstances leading up to their death. The reviewer may also need to look in the person’s health or care records to check how their care was delivered. The reviewer will also make contact, when possible, with those closest to the person, including their families and/or carer, so that they can contribute to the review, should they wish. This will be done with the family and/or carer consent. The personal identifiable information collected for LeDeR reviews is uploaded, stored and communicated via a secure web platform hosted by the University of Bristol and covered by rigorous processes that meet NHS information governance requirements.

The information that the LeDeR programme gathers about people with learning disabilities who have died includes:

  • Personal details: (name, date of birth, date of death, gender, ethnicity, postcode, NHS number). These details help to identify the person who has died so that a local reviewer can trace their service contacts and conduct a review into their death.

  • Information about the circumstances leading to the person’s death, that is held in health or social care records, in order to review the person’s care, assess best practice and identify where service improvements may be required.

  • Information about the person’s relative or next of kin (name, contact details, relationship), in order to invite them to contribute their views to the review.

  • Information about the person’s cause of death. The central LeDeR programme office will share the NHS number (or any other information that could identify the person, e.g. date of birth and date of death) with NHS Digital. NHS Digital link this to information about cause of death held by the Office for National Statistics and send back to the LeDeR programme office the coding for the causes of death for people with learning disabilities whose deaths have been reviewed.

Reports shared with our local steering groups and other forums for the promotion of improvement and learning are shared in anonymised form with personal identifiers redacted. 

Legal Basis

The LeDeR Programme has obtained Section 251 approval from the Health Research Authority’s Confidentiality Advisory Group (CAG 251), on behalf of the Secretary of State, allowing it to handle identifiable data without consent in order to conduct a review of a death, and to link it to NHS Digital cause of death data. The reference number for this is: 16/CAG/0056. CAG 251 allows data to be stored for the purpose of the programme for 10 years.


To make improvements to the lives of people with learning disabilities by identifying any potentially modifiable factors associated with a person's death, and working to ensure that these are not repeated elsewhere.

Retention Period

Information relating to LeDeR reviews is retained by the University of Bristol for a period of 10 years from the completion of a review. The CCG will not retain personal identifiable information relating to reviews locally, but will keep on file for 10 years anonymised review reports.

Infection Prevention and Control


CCGs collaborate with Public Health service (both Public Health England and the Local Authority) and NHS England and work closely with provider organisations involved in patient care to jointly identify and agree the possible causes of, factors that contributed to, and learning related to the prevention and reduction of infections. We will process personal information (e.g. name, address, date of birth) and special category (e.g. healthcare).

Information may be shared with Primary and Secondary healthcare providers and with the Local Authority who are responsible for Public Health within the CCG boundary.

Legal Basis

Under the Health & Social Care Act 2008: Code of Practice for the NHS for the Prevention and Control of Healthcare Associated Infections (revised January 2015) and Regulation 3 of The Health Service (Control of Patient Information) Regulations 2002 the CCG has a statutory legal basis for collecting and processing information for the purposes of Infection Control and will rely on GDPR Articles 6(1)(e) and 9(2)(i) where processing is necessary for reasons of public interest. 


CCGs participate/lead on Post Infection Review in the circumstances set out in the Post Infection Review Guidance issued by NHS England. The CCG gathers this information from Healthcare Providers and uses the results to inform the mandatory healthcare associated infections reporting systems and identify learning in order to reduce and prevent further infections.

Retention Period

Post infection reviews may be kept up to eight years.

Support Services

The CCG will use other organisations to provide us with support services. These organisations will process information on our behalf. These organisations are known as “data processors” and will provide additional expertise to support the work of Swindon CCG:

Legal Basis

Swindon CCG is committed to ensure that a legal basis is identified for all flows of personal identifiable to external organisations. 

The CCG ensures that this is supported by use of an NHS Standard Contract which is mandated by NHS England for use by commissioners for all contracts for healthcare services other than primary care.  The NHS Standard Contract covers:

  • confidential information of all parties (Section: GC20),

  • patient confidentiality, data protection, freedom of information and transparency (Section: GC21)     

In addition a Data Sharing Framework Contract (DSFC) and Data Sharing Agreement (DSA) are in place with NHS Digital for the release of patient level data and Service Level Agreements are in place with NHS South Central and West Commissioning Support Unit (SCWCSU) for the services they provide.

Organisations that provide support services for NHS Swindon Clinical Commissioning Group include:

Organisations that provide support services for NHS Swindon Clinical Commissioning Group

NHS South, Central, and West Commissioning Support Unit
Omega House 
SO50 5PB
Telephone: 023 8062 7444
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.scwcsu.nhs.uk/about-us

Wiltshire Clinical Commissioning Group
Southgate House
Pans Lane
SN10 5EQ
Telephone: 01380 728899
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website:  www.wiltshireccg.nhs.uk/about-us

West Hampshire Clinical Commissioning Group
Omega House
112 Southampton Road
SO50 5PB
Telephone: 023 8062 7444
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website:  www.westhampshireccg.nhs.uk/about-us

Wiltshire Council
County Hall 
Bythesea Road 
BA14 8JN 
Telephone: 0300 456 0100
Website:  www.wiltshire.gov.uk/

Swindon Borough Council
Civic Offices
Euclid St
SN1 2JH 
Telephone: 01793 445500
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.swindon.gov.uk/site/index.php

Royal United Hospital Bath NHS Trust
Combe Park
Telephone: 01225 428331
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.ruh.nhs.uk/about/index.asp?menu_id=1

Great Western Hospitals NHS Foundation Trust
Marlborough  Road 
Telephone: 01793 604020
Website: www.gwh.nhs.uk/about-us/

Oxford Health NHS Foundation Trust 
Warneford Hospital
Warneford Land
Telephone: 01865 901000
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.oxfordhealth.nhs.uk/about-us/

NHS Shared Business Services
Telephone: 0113 3071500
Online query form: www.sbs.nhs.uk/contact-us/contact-us/member-of-public-contacts

Medvivo Group Limited
Fox Talbot House
Greenways Business Park 
SN15 1BN
Telephone: 0800 6444 200
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.medvivo.com/about-us/ 

NHS Digital / Data Services for Commissioners Local Office (DSCRO)

Website: https://digital.nhs.uk/services/data-services-for-commissioners-dsfc
Telephone: 0300 303 5678
Email: email our customer service centre

CHS Healthcare (Caretrack)
1 Wrens Court
53 Lower Queens Street
Sutton Coldfield
B72 1RT
Email: enquires@This email address is being protected from spambots. You need JavaScript enabled to view it. 

Prescribing Services Ltd (Eclipse)
2 Regis Place
North Lynn Industrial Estate
Kings Lynn
PE30 2JN
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.


These organisations are subject to the same legal rules and conditions for keeping personal confidential data secure and are underpinned by a contract with us. 

Before awarding any contract, we seek to ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose. 

The CCG maps each individual data flow in and out of the organisation, to understand what data it holds and processes.

Data Linkage

Data may be de-identified and linked by organisations so that it can be used to improve health care and development and monitor NHS performance. Where data is used for these statistical purposes, stringent measures are taken to ensure individual patients cannot be identified. When analysing current health services and proposals for developing future services it is sometimes necessary to link separate individual datasets to be able to produce a comprehensive evaluation.  This may involve linking primary care GP data with other data such as secondary uses service (SUS) data (inpatient, outpatient and A&E).  In some cases there may also be a need to link local datasets which could include a range of acute-based services such as radiology, physiotherapy, audiology etc, as well as mental health and community-based services such as Improving Access to Psychological Therapies, district nursing, podiatry etc.  When carrying out this analysis, the linkage of these datasets is always done using a unique identifier that does not reveal a person’s identity as the CCG does not have any access to patient identifiable data.


Data Retention

Swindon CCG will approach the management of its business records in line with its Records Management Policy which sets out roles and responsibilities for records management and the key operating principles for record keeping across the business and manages records in line with the Records Management NHS Code or Practice for Health and Social Care which sets the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England, based on current legal requirements and professional best practice.

The CCGs records shall not be retained indefinitely. At the end of the retention, records shall be disposed of. In most cases this will mean controlled destruction; a small percentage of records may become archived meaning that they will be retained indefinitely under the Public Records Act.


Information Governance

Information Governance is to do with the way organisations ‘process’ or handle information. It covers personal information relating to patients, service users, employees, and corporate information (financial and accounting records.)

The Organisations that we do business with are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.

Before awarding any contract, we seek to ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.


Contact Us

If you have any questions or concerns regarding how we use your information, please contact us at:

This email address is being protected from spambots. You need JavaScript enabled to view it. 

or by post to:

The Pierre Simonet Building

North Swindon Gateway

North Latham Road



SN25 4DL


Independent Advice

For independent advice about data protection, privacy and data-sharing issues, you can contact the:

Information Commissioner

Wycliffe House

Water Lane



SK9 5AF.

Phone: 08456 306060 or 01625 545745

Website: www.ico.gov.uk


How to make a formal complaint about a health service

Many complaints can be resolved quickly by discussing them directly with the person providing the service or the manager concerned. However, if you do want to make a formal complaint, let us know as soon as possible, as there is a time limit of 12 months, although this can be waived depending on the circumstances.


Independent Primary Care Contractors

If you have a comment or a complaint about a GP, dentist, pharmacy or optician that cannot be resolved by the Practice Manager, you can contact NHS England.

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Telephone: 0300 311 2233

Address: NHS England, PO Box 16738, Redditch, B97 9PT


Health Service Ombudsman

We do our best to resolve your complaint however, if you feel that not all of the issues have been addressed, please let us know so that we can agree a way forward.  After this, if we agree that local resolution has not been achieved and you remain unhappy with the outcome, it can be referred to the Parliamentary and Health Services Ombudsman (PHSO).

The Ombudsman is totally independent and will review your complaint. The Parliamentary and Health Service Ombudsman may investigate complaints on your behalf, but only if your complaint has already been investigated and all attempts at a local resolution have been exhausted. There is no charge for this service.

Telephone: 0345 015 4033

Website:  www.ombudsman.org.uk/making-complaint

Address: The Parliamentary and Health Service Ombudsman, Millbank Tower, Millbank, London, SW1P 4QP


Independent Complaints Advocacy Service (ICAS)

If you would like to receive independent advice from someone about the NHS complaints process, please contact Healthwatch Swindon, who will offer help and support to those wishing to make a formal complaint about the NHS and can help you to write your letter of complaint and accompany you to any meetings.

Healthwatch Swindon
Swindon Advice and Support Centre
Sanford House
Sanford Street
Swindon SN1 1QH
This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: 01793 497777


Further Information

Further information about the way in which the NHS uses personal confidential data and your rights in that respect can be found in:

The NHS Care Record Guarantee: This guarantee is a commitment that NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.


The NHS Constitution: The Constitution establishes the principles and values of the NHS in England. It sets out rights to which patients, public and staff are entitled, and pledges which the NHS is committed to achieve, together with responsibilities, which the public, patients and staff owe to one another to ensure that the NHS operates fairly and effectively


To share or not to share? Information Governance Review: This was an independent review of information about service users shared across the health and care system led by Dame Fiona Caldicott and was conducted in 2012.

https://www.gov.uk/government/publications/the-information-governance- review

NHS Commissioning Board – Better Data, Informed Commissioning, Driving Improved Outcomes: Clinical Data Sets:  Provides further information about the data flowing within the NHS to support commissioning.


NHS Digital – Guide to Confidentiality:  NHS Digital are the trusted national provider of high-quality information, data and IT systems for health and social care and are responsible for collecting data from across the health and social care system.


Information Commissioner’s Office (ICO):  The ICO is the Regulator for GDPR and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information.


Health Research Authority: The HRA protects and promotes the interests of patients and the public in health and social care research.