The NHS Business Services Authority (NHSBSA) provides services on behalf of the NHS.
As Data Controller, we are responsible for how your information is used and explaining that to you.
Why we process your information
By law, we must process your information on behalf of the NHS to be able to provide our services.
Depending on the service, this could be to:
- process applications for help with health costs
- discuss your application with you
- check your claim for help with NHS charges
- process payments to you
- administer an NHS payment scheme
- prevent and detect fraud and errors
- help plan and make improvements to NHS services, and/or direct patient care
Sharing your personal information
We may share your information with other organisations:
- as required by law
- to prevent and detect fraud and mistake
- to make payments to NHS Service providers
- to secure the effective and efficient delivery of NHS and related services
- for benefits and tax administration
- as part of an appeal
Details of the organisations we share with can be found in the specific privacy notice of each of our services.
Your information will not be transferred outside the European Economic Area.
Keeping your personal information
Your personal data will be deleted or anonymised when we no longer need to be able to identify you from that information.
How each of our services use your information
You can view the privacy notices for each of our services:
European Health Insurance Card (EHIC) (coming soon)
Injury Benefit Scheme (coming soon)
NHS Tax Credits (coming soon)
The information you provide will be managed as required by Data Protection law.
You have the right to:
- receive a copy of the information we hold about you
- request your information be changed if you believe it was not correct at the time you provided it
From 25 May 2018, you have the right to:
- request that your information be deleted if you believe we are keeping it for longer than necessary
You have other rights depending on which service you use. Find these in the specific privacy notice for each service.
Request a copy of your personal information
Complete a subject access request form (PDF: 58.4KB) to request a copy of your information. The form tells you what you need to do.
Find out about your rights and how we will use your information.
If you have any queries, or want to request that we change or delete your information, contact us:
NHS Business Services Authority
Newcastle upon Tyne
Data Protection Officers are responsible for upholding your rights and making sure we process your information correctly.
Concerns about how we are using your information
If you have any concerns about the processing of your information, contact the Data Protection Regulator:
Information Commissioner’s Office