Skip to main content Skip to footer

Privacy policy and cookies

Our privacy policy covers the NHS Business Services Authority and its websites.

It is compliant with the Data Protection Act 1998 and we are subject to Independent Data Protection Authority supervision.

Privacy statement

The NHS Business Services Authority (NHSBSA) undertakes a wide number of functions on behalf of the Secretary of State for Health.

These include:

  • processing payments to providers of goods and services to the NHS
  • developing and planning for the co-ordination of, business and regulatory services relating to the provision of general dental services, personal dental services and pharmaceutical services
  • administration of the NHS Pensions Scheme
  • administration of the NHS Bursary Scheme in England
  • administration of the European Health Insurance Card
  • preventing, detecting and investigating fraud, corruption and unlawful activities and the management of security in relation to the NHS.

The NHSBSA maintains the largest drug database of its kind in Europe, processing over 576 million prescriptions per year.

In addition, we deal with around one million claims under the NHS Low Income Scheme each year. Most of the NHSBSA's functions are computerised.

Providing visitors with anonymous access

You can access our home page and browse our sites without disclosing your personal data.

The services and links of our websites

Our websites do not:

  • enable our visitors to communicate with other visitors or to post information to be accessed by others
  • include links to third party web service providers

Data collection and purpose specification

How we collect and use your personal data

Children's privacy

We do not knowingly collect personal data from children.

Disclosure and visitor choice

We do not disclose your personal data to other organisations.

What our privacy policy covers

Our privacy policy covers NHS Business Services Authority and its websites:

Organisation name: NHS Business Services Authority
Address: Stella House, Goldcrest Way, Newburn Riverside
City and postcode: Newcastle upon Tyne, NE15 8NY
Country: England
Controller: NHS Business Services Authority
Website(s): http://www.nhsbsa.nhs.uk/

Privacy compliance and support

Our privacy policy is compliant with the Data Protection Act 1998, United Kingdom.

There are no global or regional regulatory or self-regulatory schemes applicable to our website or organisation.

In order to demonstrate that our privacy policy accords with the Data Protection Act 1998, we are subject to an Independent Data Protection Authority supervision.

Independent Data Protection Authority supervision

Designation of the authority: Information Commissioner

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Country: United Kingdom
  • Website:  www.ico.org.uk

Privacy support

If you have a question or concern about our privacy policy, please contact:

If you’re not satisfied with our response to your concern you can contact either:

  1. Gordon Wanless, Head of Internal Governance, Stella House, Goldcrest Way, Newburn Riverside, Newcastle upon Tyne, NE15 8NY
  2. The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Cookies

When we provide services to you, we want to make them easy, useful and reliable. Where services are delivered through the internet, this very occasionally involves placing small amounts of information on your device (phone, tablet or computer). These include small files known as cookies.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit: www.allaboutcookies.org

To opt out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout

How we use cookies and why

Website and web applications

System:  Google Analytics

More information: http://www.google.com/analytics/learn/privacy.html

Cookie name Purpose How long it stays on your device
_utma To determine the number of unique visitors to our website 2 years
_utmb To establish and continue your internet browser session on our website 30 minutes
_utmt To manage data transfer volumes 10 minutes
_utmz To determine where you came from when visiting our website 6 months

NHS Protect

System: NHS Protect secure website

Cookie name Purpose How long it stays on your device
JSESSIONID This cookie is essential for this system to work Until you close your browser

NHS Help with Health Costs

System: European Health Insurance Card (EHIC)

Cookie name Purpose How long it stays on your device

JSESSIONID

Dynamic_ID (on Firefox usually BCSI-CS-xxxxxxxxxxxx)

These cookies are essential for this system to work Until you close your browser

NHS Student Bursaries

System: Bursary Online Support System (BOSS)

Cookie name Purpose How long it stays on your device

ASP.NET_SessionId

This cookie is essential for this system to work Until you close your browser

NHS Dental Services

System: Compass

Cookie name Purpose How long it stays on your device

USERNAME@compass.nhsbsa.nhs

Username is the local login rather than the Compass login

This cookie is essential for this system to work Until you close your browser

System: E-reporting

Cookie name Purpose How long it stays on your device

[user name]@vm-xi31sp2/
and 5864GSVE.txt

To remember the last “Last Accessed” and “Date Modified” when you last visited the site.  365 days unless you choose to manually delete it.  All registered users have been notified of this use of cookies.

Information Services

System: Information Services Portal

Cookie name Purpose How long it stays on your device
ISMServerTime Stores the current time on the ISP server. This cookie is essential for this system to work. Until you close your browser
ISMSessionExpiry Stores the time your current session will expire due to inactivity. This cookie is essential for this system to work. Until you close your browser
JESSIONID Stores your session ID used by the ISP server to distinguish you from others. This cookie is essential for this system to work. Until you close your browser
clientTimeOffset Stores the difference between the time on your computer and that on the ISP server. This cookie is essential for this system to work. Until you close your browser

 

NHSBSA Information Charter

We need to handle personal information about you so that we can provide services for you. This is how we look after that information.

When we ask you for personal information, we promise:

  • to make sure you know why we need it
  • to only ask for what we need, and not to collect too much or irrelevant information
  • to protect it and make sure nobody has access to it who shouldn’t
  • to let you know if we share it with other organisations to give you better public services - and if you can say no
  • to make sure we don’t keep it longer than necessary
  • not to make your personal information available for commercial use without your permission.

In return, we ask you to:

  • give us accurate information
  • tell us as soon as possible if there are any changes, such as a new address.

This helps us to keep your information reliable and up to date.

You can get more details on:

  • how to find out what information we hold about you and how to ask us to correct any mistakes
  • agreements we have with other organisations for sharing information
  • circumstances where we can pass on your personal information without telling you, for example, to prevent and detect crime or to produce anonymised statistics
  • our instructions to staff on how to collect, use and delete your personal information
  • how we check the information we hold is accurate and up to date
  • how to make a complaint.

When we ask you for information, we will keep to the law, including the Data Protection Act 1998.

The Information Commissioner

For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner at:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 08456 30 60 60 or 01625 54 57 45
Fax: 01625 524510
Website: www.ico.org.uk