Confidentiality and data protection
The information in this section explains how and why we are using your personal data for this research, your rights and how to contact us if you have any questions or concerns about the use of your data.
How did you get my contact details?
Ipsos MORI is sending you this questionnaire on behalf of NHS England. Names were chosen at random from the NHS list of patients registered with a GP. NHS England has shared a limited amount of your personal data so that Ipsos MORI can invite you to take part in this research. This data includes:
- your name and address
- GP practice code and NHS number
- gender and month/year of birth
For a small proportion of people, Ipsos MORI will hold additional contact details (mobile number and email address) and full date of birth. You may receive text message or email reminders inviting you to take part in the survey online. NHS England are interested to understand whether this is a better way of collecting information from patients.
Ipsos MORI will keep your data confidential and will only use your contact details to send these questionnaires. Once the survey is finished, Ipsos MORI will securely destroy your contact details. Ipsos MORI has no information about anyone's health.
What is your legal basis for processing my personal data?
NHS England is carrying out this research in order to help the NHS improve GP practices and other local NHS services so they better meet local needs.
NHS England is the data controller for the processing of personal data for the GP Patient Survey, which means that they are responsible for ensuring that the processing complies with the General Data Protection Regulation (GDPR). NHS England’s basis for lawful processing for the GP Patient Survey is Article 6(1) (e) - “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”. This means that NHS England can use the personal data they hold about you for research with appropriate safeguards in place. Ipsos MORI is the data processor acting on instructions of NHS England to deliver the survey.
You can access NHS England’s Privacy Notice at https://www.england.nhs.uk/contact-us/privacy/privacy-notice/.
Taking part in the survey is voluntary and any answers are given with your consent. However, if you do not want to take part in the future please send your survey number (located at the top of the letter or on the front of the questionnaire) indicating that you wish to opt out to gppatientsurvey@ipsos.com.
Are National Data Opt-outs applied to this survey?
No. The Department of Health and Social Care has confirmed that the National Data Opt-out only applies when confidential patient information is being used for purposes other than care for the individual. Confidential patient information includes clinical data about the individual (such as any medical conditions, prescriptions or care received), and any information about the individual that has been accessed via the individual’s medical record. The GP Patient Survey uses demographic data and contact details drawn from the patient registration record of GP practices to select and contact individuals to be surveyed. This personal data is not classified as confidential patient information as no clinical information is used or accessed. As such, the National Data Opt-out does not apply to the GP Patient Survey.
Have you got access to my health data?
No, absolutely not. Ipsos MORI has only been given your GP practice code and NHS number, name, address, month and year of birth, and gender. For a small proportion of people, Ipsos MORI will hold additional contact details (mobile number and email address). NHS England have not given Ipsos MORI any information about your health – this remains confidential between you and your GP.
Ipsos MORI are given your NHS number so that they can identify you if you have previously opted-out from the survey to ensure they do not contact you again. Your contact details are used to contact you regarding the survey, and GP practice code will only be used to link answers to GP practices.
Information about month and year of birth and gender will only be used to make sure that the anonymised survey data matches the profile of the practice population as closely as possible.
Who your name and address is shared with
Ipsos MORI is working with certain supplier organisations to run the survey, and will need to disclose your name and address to these supplier organisations for that purpose. They do not see or receive any of your answers to the survey. These supplier organisations include:
- Adare SEC; printing letters and questionnaires
- Text Local; distributing text message reminders
- Whistl and Royal Mail; distribution and postage
These suppliers are approved and compliant with the General Data Protection Regulations.
Cookies
Some online surveys collect information through the use of 'cookies'. These are small files stored on your computer. These files are used as sparingly as possible and only for quality control, validation and, more importantly, to prevent us sending you reminders for an online survey you have already completed. It is possible for you to delete 'cookies' or to prevent their use by adjusting the browser settings on your computer.
Ipsos MORI also automatically capture information about your operating system, display settings and browser type, including IP address, in order to ensure that the survey questionnaire is delivered in a form suited to the software your computer is using. Ipsos MORI do not capture any other information from your computer.
What happens to my answers?/ Will my doctor see my answers to this survey?
Your answers are put together with the answers from other people and are not linked to your name, address or NHS number. Your individual answers to the questions will be kept confidential by Ipsos MORI, and by approved NHS England staff and researchers. Nobody will be able to identify you in any results that are published.
Your answers are not sent back to your doctor or GP practice. Ipsos MORI on behalf of NHS England, publish them anonymously with other feedback from your practice, on this website here: https://gp-patient.co.uk/surveysandreports
Who are approved NHS England staff and researchers and how can they use the findings?
In order to be able to use the survey data at the individual patient level, all researchers, including those employed by NHS England and other organisations, must apply for permission. Each application must go through a rigorous approval process, specifying the work that will be done, with an agreement that any publication will only refer to completely anonymised data. All other users may only access anonymised data at national, CCG or practice level.
Where will my personal data be held and processed?
All of your personal data used and collected for this survey will be stored by Ipsos MORI in data centres and servers within the United Kingdom.
How will you ensure my personal information is secure?
Ipsos MORI takes its information security responsibilities seriously and applies various precautions to ensure your information is protected from loss, theft or misuse. Security precautions include appropriate physical security of offices and controlled and limited access to computer systems. Stringent measures have been taken to ensure personal information is securely stored and seen only by the personnel directly involved in the project.
Ipsos MORI has regular internal and external audits of its information security controls and working practices, and is accredited to the International Standard for Information Security, ISO 27001.
Your individual answers to the questions are not linked to your name, address or NHS number. Ipsos MORI, and approved NHS England staff and researchers, treat individual answers as confidential and adhere to all aspects and provisions of the General Data Protection Regulation and all other relevant legislation, including requirements for secure storage.
How long will Ipsos MORI retain my personal data and identifiable responses?
Ipsos MORI will only retain your data in a way that can identify you for as long as is necessary to support the research project and findings. In practice, this means that once we have satisfactorily reported the anonymous research findings, we will securely remove your personal, identifying data from our systems and those of our suppliers.
For this study, we will securely remove your personal data from our systems by the 9 September 2020.
How is my doctor involved in this survey?
The questionnaire is being sent to a random selection of people who are registered with a GP in England, and your name was selected randomly from the list of patients registered with a GP held by NHS England.
GP practices should be aware that the survey is taking place. After the survey has been completed they will have access to the anonymised, statistical results for their practice available via this website https://gp-patient.co.uk/surveysandreports, but will not have access to individual answers.
Has the survey received ethical approval?
Before starting the first survey in 2007 Ipsos MORI consulted the Central Office for Research Ethics Committee (COREC) and was advised that this survey is ‘service evaluation’ rather than ‘pure research’ – to evaluate the service provided by GPs to their patients. As a result, this survey does not require formal medical research ethical approval. However, Ipsos MORI strictly adheres to the Market Research Society code of research ethics, and the patient details provided are not used for anything other than the purpose of this survey.
General Data Protection Regulation (GDPR)
The GDPR includes a number of rights, although not all of these apply where the legal basis for processing is public task, including the right to erasure and data portability.
You have the right to request access to any personal data that is held by Ipsos MORI before 9 September 2020 when it is deleted. You can withdraw your consent and object to the processing of your personal data or survey answers you provide, at any time before the data is processed for reporting (6 April 2020).
We must generally respond to requests in relation to your rights within one month, although there are some exceptions to this. NHS England’s Privacy Notice explains your rights and how to exercise them. https://www.england.nhs.uk/contact-us/privacy-notice/
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have concerns on how we have processed your personal data. You can find details about how to contact the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/ or by sending an email to: casework@ico.org.uk.
How can I contact Ipsos MORI and NHS England about this survey and/or my personal data?
Contact Ipsos MORI:
If you have any questions about this research, please contact the research team. They can be contacted by:
Email: GPPatientSurvey@ipsos.com
Post:
The GPPS Team - Ipsos MORI
3 Thomas More Square
London E1W 1YW
If you have any questions or require further information about our privacy notice, our compliance with data protection laws or information we hold about you, please contact our Compliance Department. They can be contacted by:
Email: compliance@ipsos.com with “19-071872-01 GPPS” in the email subject line.
Post:
Ref: 19-071872-01 GPPS
Compliance Department
Ipsos MORI
3 Thomas More Square
London E1W 1YW
Contact NHS England:
Email: england.contactus@nhs.net
Telephone: 0300 311 22 33
Post:
NHS England
PO Box 16738
Redditch
B97 9PT
