beta

You're viewing our new website - find out more

Publication - Report

Review of the NHS Complaints Procedure: Health Inequalities Impact Assessment

Published: 29 Nov 2016
Part of:
Health and social care
ISBN:
9781786526328

The final report of the Health Inequalities Impact Assessment of the changes proposed to the NHS complaints procedure.

9 page PDF

344.3kB

9 page PDF

344.3kB

Contents
Review of the NHS Complaints Procedure: Health Inequalities Impact Assessment
Annex A: Privacy and related risk analysis

9 page PDF

344.3kB

Annex A: Privacy and related risk analysis

Initial screening questions

Question

Answer

Will the project involve the collection of new information about individuals?

No

Will the project compel individuals to provide information about themselves?

Will information about individuals be disclosed to organisations or people who have not previously had routine access to the information?

No

No

Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used?

No

Does the project involve you using new technology that might be perceived as being privacy intrusive? For example, the use of biometrics or facial recognition.

No

Will the project result in you making decisions or taking action against individuals in ways that can have a significant impact on them?

Yes

Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations? For example, health records, criminal records or other information that people would consider to be private.

Yes

Will the project require you to contact individuals in ways that they may find intrusive?

No

Analysis

Questions to identify Privacy Issues

Risk

Impact

Likelihood

1. Technology

(1) Does the proposal include the use of new or additional technologies with the potential for privacy intrusion?

The proposal builds upon existing collection methods and technologies currently in operational use.

Low

Low

2. & 3. Identity

(2) Identity: Does the proposal include new identifiers, or substantially change or re-use existing, identifiers or any intrusive or onerous identification, authentication or identity management processes?

The proposal builds upon existing identity methods and technologies currently in operational use.

Low

Low

(3) Identity: Does the proposal affect anonymity or pseudonymity; will previously anonymous or pseudonymous transactions be identified?

The proposal builds upon existing operational processes.

Low

Low

4. Justification

(4) Is the justification for the proposal either unpublished or unclear?

No. A full revised process and procedure will be published, including in accessible formats.

Low

Low

4a) Does the proposal involve new or changed data collection policies or practices that may be unclear or intrusive?

Yes. The revision of the procedure involves a greater emphasis on frontline early resolution, so in initial implementation the revised processes may be unclear, both to practitioners and to those making the complaint.

Mitigation – detailed practitioner training will be developed, as will clear and accessible awareness raising materials.

Medium

Medium

4b) Does the proposal involve new or changed quality assurance or security processes or standards that may be unclear and/or unsatisfactory?

The proposal builds upon existing operational processes.

Low

Low

4c) Does the proposal involve new or changed data access or disclosure arrangements that may be unclear or permissive?

The proposal builds upon existing operational processes.

Low

Low

4d) Does the proposal involve new or changed data retention processes that may be unclear or extensive?

The proposal builds upon existing operational processes.

Low

Low

4e) Does the proposal involve a new or changed medium or method of disclosure for publicly available information so data is more readily accessible?

The proposal builds upon existing operational processes.

Low

Low

5. Multiple organisations

(5) Will the proposal involve multiple organisations, either government agencies (e.g. 'joined-up government' initiatives) or the private sector?

The proposal builds upon existing operational processes, which involve the centralised reporting of annual complaints statistics.

Low

Low

6. & 7. Data

(6) Does the proposal involve personal data of particular concern to individuals?

Yes. Complaints data can be of a highly sensitive nature, but given that the proposal builds upon existing operational processes no new risks are introduced.

High

High

(7) Does the proposal involve the linkage of personal data with data in other collections, or any significant change to existing data links or holdings?

No

Low

Low

8. 9. & 10. Data handling scope

(8) Will the proposal handle a significant amount of data about each person, or significantly change existing data-holdings?

The proposal builds upon existing operational processes.

Low

Low

(9) Will the proposal handle data about a significant number of people, or change significantly the existing population scope or coverage?

The proposal builds upon existing operational processes.

Low

Low

(10) Does the proposal consolidate, inter-link, cross-reference or match personal data from multiple sources?

No.

Low

Low

11.12. & 13 Exemptions & exceptions

(11) Is the proposal to process any data that is exempt from legislative privacy protections?

No

Low

Low

(12) Does the proposal's justification include significant contributions to public security measures?

No.

Low

Low

(13) Does the proposal intend to disclose personal data to, or access by, third parties that are not subject to EU or comparable privacy regulation?

No.

Low

Low


Contact