The NHS Business Services Authority (NHSBSA) provides services on behalf of the NHS.
As Data Controller, we are responsible for how your information is used and explaining that to you.
Why we process your information
By law, we must process your information on behalf of the NHS to be able to provide our services.
Depending on the service, this could be to:
- process applications for help with health costs
- discuss your application with you
- check your claim for help with NHS charges
- process payments to you
- administer an NHS payment scheme
- prevent and detect fraud and errors
- help plan and make improvements to NHS services, and/or direct patient care
We may contact you about taking part in surveys and research to learn what you need from our services.
Sharing your personal information
We may share your information with other organisations:
- as required by law
- to prevent and detect fraud and mistake
- to make payments to NHS Service providers
- to secure the effective and efficient delivery of NHS and related services
- for benefits and tax administration
- as part of an appeal
Details of the organisations we share with can be found in the specific privacy notice of each of our services.
Your information will not be transferred outside the European Economic Area, unless this is stated in the privacy notice of the service you use.
Keeping your personal information
Your personal data will be deleted or anonymised when we no longer need to be able to identify you from that information.
The information you provide will be managed as required by Data Protection law.
You have the right to:
- receive a copy of the information we hold about you
- request your information be changed if you believe it was not correct at the time you provided it
- request that your information be deleted if you believe we are keeping it for longer than necessary
You have other rights depending on which service you use. Find these in the specific privacy notice for each service.
Request a copy of your personal information
Complete a subject access request application form (PDF: 270KB) to request a copy of your information. The form tells you what you need to do.
Find out about your rights and how we will use your information.
If you have any queries, or want to request that we change or delete your information, contact us:
Data Protection Officer
NHS Business Services Authority
Newcastle upon Tyne
Data Protection Officers are responsible for upholding your rights and making sure we process your information correctly.
Concerns about how we are using your information
If you have any concerns about the processing of your information, contact the Data Protection Regulator:
Information Commissioner’s Office
How each of our services use your information
You can view the privacy notices for each of our services: