The personal data we use is notified to the Information Commissioner and appears on his Register of Data Controllers (enter Z9395747 in the registration number box).
Subject Access Requests
You can apply for the personal data we hold about you by making a Subject Access Request (SAR):
There is a fee of £10 to make a SAR.
Subject Access Request procedure
You’ll need to pay the £10 fee after you have completed the application form.
How to pay
- Cheque - make cheques payable to ‘NHSBSA’.
- Bank transfer - for the reference, please put ‘SAR’ followed by your full name
- Account name: NHSBSA
- Sort code: 60-70-80
- Account number: 10021205
After you make an application
We’ll either provide you with a readable copy or allow you to view the personal data which we keep about you.
This will be done within a maximum of the 40 calendar days allowed under the Data Protection Act for the handling of a Subject Access Request.
We will require proof of your identity.
We allow you to challenge the data that we hold about you and, where we agree, you may have the data:
- rectified or amended
We reserve the right to refuse to provide you with a copy of your personal data, but will give reasons for our refusal.
If you aren’t happy with our decision
If you aren’t happy with the outcome of your SAR, you can ask for a review. This must be done in writing (including email).
You can discuss your application by contacting us at:
NHS Business Services Authority
Newcastle upon Tyne
Telephone: 0191 203 5484
Fax: 0191 264 5281
How we collect and use your personal data
There are several ways that we collect and use your personal data:
- We collect the personal data that you may volunteer while using our services.
- We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations.
- We do not knowingly collect personal data from children.
- We do not disclose your personal data to other organisations.
If we wish to use your personal data for a new purpose, we’ll contact you to ask for your consent.
Information collected by customer administration
The following information is volunteered by each visitor and is used for customer administration.
|Primary personal data||Business information||Other personal details and profiling data||Identifiers|
Prescription data (from April 2015)
From April 2015, we are collecting additional information to help us analyse general trends and correlations to support more effective planning of NHS services.
- Age – to look at prescribing trends by patient age
- NHS number – to analyse dispensed prescription information by the number of patients
Strongly pseudonymised patient information is securely shared with Public Health England to allow them to fulfil the Secretary of State for Health's statutory duties to protect and improve the health of the population of England.
Patients can only be identified where Public Health England have the legal power to do so. This includes maintaining cancer patient registers, monitoring rare or infectious diseases and congenital abnormalities.
Freedom of Information
The Freedom of Information (FOI) Act gives everybody the right of access to all information held by public authorities.