Privacy policy

Health and social care organisations across Barnsley are improving the way they work together. This helps them to give you better care and support.

By sharing information and resources we can provide joined-up, effective care. Schemes such as the i-HEART Barnsley 365 service are a result of this new integrated approach.

How we use your information to support your care

This privacy notice explains:

  • why we collect information about you
  • how it may be used

It is the Barnsley Healthcare Federation’s duty as data controller to let you know this and to let you know your rights about your information.

Health and social care professionals keep records about your health and social care needs, including your previous treatment and care.

These records allow them to:

  • assess your needs
  • decide what help or treatment is right for you
  • provide you with the best possible care

Your records may also include the following information:

  • Personal details, for example address, date of birth and next of kin.
  • Any contact that we have had with you, for example appointments, clinic visits, emergency appointments.
  • Notes, reports and assessments about your health and social care needs.
  • Details about your treatment and care.
  • Results of investigations, for example laboratory tests or x-rays.
  • Relevant information from other health professionals, relatives or those who care for you.

Different health and care professionals involved in your care may make their own notes, so you may have care records in different parts of the NHS and social care services.

We use a combination of working practices and technology to make sure that both your electronic and paper records are kept confidential and secure, this includes audit trails of who has accessed your records.

We may use your information to pay GPs, care providers, dentists or hospitals for the care you receive.

We may also use it to:

  • make sure you receive quality care
  • train and teach health and social care professionals
  • for local auditing of NHS services and accounts
  • investigate incidents and complaints - if you're unhappy with your care, having a record means your concerns can be properly investigated

Sharing information to improve your care

We only ever use or pass on information about you if other people involved in your care really need to know it. This may include when you need to see another doctor, be referred to a specialist or other health and social care provider.

Health and social care organisations across Barnsley are committed to working together to provide joined-up integrated care. To make sure this happens they may create joint records on your behalf or share your information to make sure they provide safe, effective care.

You may receive care from other organisations, as well as the NHS and social services. This means we may need to share information about you, so we can all work together for your benefit. These partner organisations are listed in the section later called 'Partner organisations'.

Ways we may communicate with you

Health and social care organisations may need to contact you to:

  • offer a new appointment, or change an existing one
  • send a reminder of an existing appointment
  • arrange for transport to be provided
  • ask your opinion of our services
  • tell you about other health and social care services, for example flu jabs

Our standard way to contact you is by letter or telephone. We may also use automated telephone calls, emails, SMS text messaging and where appropriate social media. If you do not want to be contacted by any of these other methods please let us know.

Keeping your information private

We are committed to protecting your privacy and will only use information collected legally in accordance with the:

  • Data Protection Act
  • General Data Protection Regulation (GDPR)
  • Human Rights Act
  • Common Law Duty of Confidentiality
  • NHS Codes of Confidentiality and Security

Every member of staff who works for an NHS organisation or social care services has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation or social care, or processes it on their behalf, has a legal and contractual duty to keep it confidential.

We will not share your information with third parties without your permission unless there are exceptional circumstances, for example when the health and safety of you or others is at risk, or where the law requires information to be passed on.

Accessing your own information

The Data Protection Act lets you access information that is held about you. You can either view or receive copies of records held in electronic or paper format.

This is known as the 'right of subject access', and it applies to all your records held by us. If you want to review your records you should make a request to your care team, or where you have been treated. You are entitled to receive a copy of your information.

Sometimes your right to see some details in your health records may be limited. This is to protect you and others mentioned in your records from harm, and to maintain the confidentiality of others.

Your right to opt out

You may want your confidential information to be used just for your own care and treatment, and nothing else. If so, you have the right to ask for this.

This right is documented in both:

  • the law
  • the NHS constitution

You also have the right to have your objections considered. If your wishes cannot be followed you have the right to be told why, including the legal reason.

The possible consequences will be fully explained to you. They could include problems and delays in identifying and providing the right care.

Contact the Practice Senior if you want to opt out, or if have any questions about the information we hold or how we use it.

Identifying groups who need extra care ('risk stratification')

Your NHS CCG uses information from health and social care records to identify groups who need extra care. This is known as ‘risk stratification’. When they look at the information all personal details are removed.

The aim is to prevent ill health and possible future hospital stays, rather than wait for you to become sick.

Due to strict rules to maintain confidentiality, the CCG is typically limited to using NHS numbers and postcodes for risk stratification work. Only GPs and care teams are allowed to use this information to see which individuals need extra help.

Partner organisations

To support your care, we may share your information with:

  • NHS trusts
  • other general practitioners (GPs)
  • local authorities (including social care and education services)
  • ambulance trusts
  • clinical commissioning groups (CCGs)
  • ‘data processors’ working on behalf of the NHS and local authorities
  • private sector providers
  • out of hours service, for example i-HEART Barnsley 365 service
  • Barnsley Hospice

When we have to by law, or under limited circumstances subject to strict agreements on its use, we may share your information with the following organisations:

  • voluntary sector providers working on behalf of or with the NHS and local authorities
  • independent contractors, for example dentists, opticians or pharmacists
  • governmental regulators
  • fire and rescue services
  • police services

More information on sharing

We may use your anonymised information to:

  • look after the health of the wider public
  • audit NHS accounts and services
  • investigate complaints, legal claims or untoward incidents
  • make sure our services can meet service user and carer needs in the future
  • prepare statistics on NHS performance
  • review the care we provide to ensure it is of the highest standard
  • teach and train health and social care professionals
  • conduct health research and development

Where we use your information to get statistics, we will make sure that you cannot be identified. All individuals remain anonymous.

We may give anonymous statistical information to organisations with a legitimate interest, including universities, community safety units and research institutions.

Where there is a request to use your personal confidential data, for example for research purposes this will only be approved after getting your consent.

What information is shared

Professionals providing your care will be able to view up-to-date, relevant health information held in your GP record. For example:

  • personal details, for example name and address
  • recent diagnosis and test results
  • allergies you have
  • medications and treatment you receive
  • current or past illnesses
  • procedures and investigations you have had
  • blood pressure measurements
  • referrals

Complaints and concerns

If you are happy for your data to be extracted and used for the purposes described in this privacy notice, you do not need to do anything.

If you have any concerns about how your data is shared, please contact the Practice Senior.

Change of details

You should tell the person treating you if any of your details are wrong or have changed. For example your:

  • name
  • address
  • date of birth

You have a responsibility to tell us any changes, so that we can keep your records accurate and up to date.


The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publically available on the Information Commissioner’s Office (ICO) website.

Barnsley Healthcare Federation is registered with the Information Commissioners Office (ICO).

Data controller

The Data Controller, responsible for keeping your information secure and confidential is Barnsley Healthcare Federation.

Data protection officer

The Federation has a statutory duty to appoint a Data Protection Officer (DPO) to provide expertise, strategic oversight and advice in relation to the GDPR and Data Protection Act 2018. The Federation’s DPO is Danielle Cocksedge of Barnsley Healthcare Federation. Contact Danielle at

Barnsley Healthcare Federations has 4 GP practices:

  • BHF Brierley
  • BHF Goldthorpe
  • BHF Highgate
  • BHF Lundwood

The data protection officer (DPO) for these practices provides expertise, strategic oversight and advice in relation to the GDPR and Data Protection Act 2018. This is Caroline Million of C M Associates. Contact Caroline at