Skip to main content Skip to footer

Privacy

The NHS Business Services Authority (NHSBSA) provides services on behalf of the NHS.

As Data Controller, we are responsible for how your information is used and explaining that to you.

Why we process your information

By law, we must process your information on behalf of the NHS to be able to provide our services.

Depending on the service, this could be to:

  • process applications for help with health costs
  • discuss your application with you
  • check your claim for help with NHS charges
  • process payments to you
  • administer an NHS payment scheme
  • prevent and detect fraud and errors
  • help plan and make improvements to NHS services, and/or direct patient care

We may contact you about taking part in surveys and research to learn what you need from our services. 

Sharing your personal information

We may share your information with other organisations:

  • as required by law
  • to prevent and detect fraud and mistake
  • to make payments to NHS Service providers
  • to secure the effective and efficient delivery of NHS and related services
  • for benefits and tax administration
  • as part of an appeal

Details of the organisations we share with can be found in the specific privacy notice of each of our services.

Your information will not be transferred outside the European Economic Area, unless this is stated in the privacy notice of the service you use.

Keeping your personal information

Your personal data will be deleted or anonymised when we no longer need to be able to identify you from that information.

Your rights

The information you provide will be managed as required by Data Protection law.

You have the right to:

  • receive a copy of the information we hold about you
  • request your information be changed if you believe it was not correct at the time you provided it

From 25 May 2018, you have the right to:

  • request that your information be deleted if you believe we are keeping it for longer than necessary

You have other rights depending on which service you use. Find these in the specific privacy notice for each service.

Request a copy of your personal information

Complete a subject access request application form (PDF: 268KB) to request a copy of your information. The form tells you what you need to do.

We follow a procedure (PDF: 63.5KB) when we receive your request and will respond within 1 month. If you aren’t happy with our response, you can ask for a review (PDF: 187KB).

Find out about your rights and how we will use your information.

Contact us

If you have any queries, or want to request that we change or delete your information, contact us:

Data Protection Officer
Information Governance
NHS Business Services Authority
Stella House
Newcastle upon Tyne
NE15 8NY

Email: nhsbsa.dataprotection@nhs.net

Data Protection Officers are responsible for upholding your rights and making sure we process your information correctly. 

Concerns about how we are using your information

If you have any concerns about the processing of your information, contact the Data Protection Regulator:

Information Commissioner’s Office
Wycliffe House
Wilmslow
SK9 5AF

Email: www.ico.org.uk/global/contact-us/email
Website: www.ico.org.uk/

How each of our services use your information

You can view the privacy notices for each of our services: