Version 5.6, 14 December 2022
This is a minor update to cover that NHS account uses Qualtrics to get NHS account performance information.
1. How we use your personal information
This privacy policy relates to the service provided by NHS Digital, giving you access to certain NHS services through our national digital channels. We now call this service your NHS account. You can continue to log in to your NHS account using the NHS App (formerly known as the native version) or the NHS website (formerly known as the browser version) in the same way as you did previously. This privacy policy covers the use of your NHS account in both channels.
Your use of the NHS website other than for the services available in your NHS account will continue to be covered by the NHS website terms and conditions, privacy policy, cookies policy and other policies.
1.2 Our commitment to protecting your personal information
Whenever you provide personal information to a third party, that party is legally obliged to use your information in line with data protection law.
We take the security of your personal information seriously. We have set up security measures, policies and procedures such as:
- training all staff annually in data and security protection
- monitoring our platform to keep your personal information secure
- following good practice guidance provided by the National Technical Authority
- always using legally binding agreements with all organisations we use
- having security and confidentiality policies in place across the organisation, to which staff must agree before they are given access to personal information
- restricting access to personal information to only those staff who need access to perform their role
However, no software or application can be completely secure. If you have any concerns that your account could have been compromised (for example, someone could have discovered your password), follow the instructions on NHS account help and support.
This privacy policy explains the following:
- the services available via your NHS account and who is involved
- who the controller is for the personal data processed when you use your NHS account
- what information is collected about you
- what information is held about you and where that information is obtained
- how your personal data is used and why
- where your data is stored
- your rights
- points of contact for queries, objections and complaints
In this privacy policy the following terms have the following meanings:
- Controller: "The person or entity which alone or with others determines the purposes or means or processing of personal data"
- Processor: "Any person or legal entity who processes personal data on behalf of the controller"
- Special Category Data: "Sensitive personal data given special consideration in data protection law including personal data about your health"
2. Your NHS account services and who we are
Your NHS account allows you to use the following services, depending on the level of NHS login identity verification.
With NHS login mid-level identity verification, you can:
- check your symptoms
- find out what to do when you need help urgently
- receive messages including general health messages, communications, public health announcements, and updates relating to your NHS account and services available within it
With NHS login high-level identity verification, you can:
- use all the services available with NHS login mid-level identity verification
- book and manage appointments at your GP practice
- book and manage appointments for coronavirus (COVID-19) vaccinations
- order repeat prescriptions, and select or change your nominated pharmacy from which you get them
- view your GP medical record securely
- send messages to your GP practice (if provided by your GP practice)
- register to be an organ donor
- choose how the NHS uses your data for research and planning purposes
- use online consultation services if provided by your GP practice
- use personal health record services (if provided by your GP practice or hospital)
- manage your hospital referrals and appointments, including viewing your referrals and appointments, booking, changing and cancelling appointments and accessing information while you wait
- check your COVID-19 vaccine record
- view and download your NHS COVID Pass for travel abroad
- get messages specific to you or your healthcare from your connected healthcare providers that use the NHS App Messaging Service, like your GP surgery
The level of identity verification you have depends on your NHS login account. Find out more about NHS login.
The key organisations involved in your NHS account and their respective roles are as follows:
2.1 NHS England
NHS England leads the National Health Service (NHS) in England. It sets the priorities and direction of the NHS.
A lot of the work NHS England does involves the commissioning of healthcare services in England.
It commissions the contracts for GPs, pharmacists and dentists, and supports local health services led by groups of GPs called integrated care boards (ICBs).
NHS England wants everyone to have greater control of their health and wellbeing, and to be supported to live longer, healthier lives.
Find out more on the NHS England website
NHS England has directed NHS Digital to collect certain personal data in relation to users of the NHS account. The legal directions are titled NHS Digital (Establishment of Information Systems for NHS Services: NHS App) Directions 2018 dated 27 September 2018.
NHS England has directed NHS Digital to display certain personal data it has collected in relation to hospital and secondary care appointments. The legal directions are Enhanced Appointment Viewing (NHS App) Directions 2022.
2.2 Department of Health and Social Care
The Department of Health and Social Care is the central government department responsible for setting out policy on health and adult social care matters in England. It carries out some of its work through arms-length bodies, such as NHS Digital and NHS England. Find out more on the Department of Health and Social Care website.
Department of Health and Social Care has directed NHS Digital to process certain personal data in relation to users of the NHS COVID Pass service in the NHS account. The legal directions are titled the COVID-19 Public Health Directions 2020 dated 17 March 2020.
2.3 Isle of Man government and Manx Care
This section only applies to users in the Isle of Man. The NHS account is available for use by users registered with a GP in Isle of Man. Access may need to be activated by your GP surgery. The services available to Isle of Man users will be different to those registered with a GP in England.
The service to Isle of Man users is provided under a request from the Isle of Man Government using their legal powers, as set out in the National Health Service Act 2001 (an Act of Tynwald)(NHSA 2001). Isle of Man health care provision is provided through Manx Care, a statutory board of the Isle of Man Government established by order pursuant to section 12 of the Manx Care Act 2021 (an Act of Tynwald).
It is the duty of Manx Care to exercise its powers to discharge the functions of the Isle of Man Department of Health and Social Care (the Department), including the duty to promote in the Isle of Man a comprehensive health and social care service. In accordance with a mandate between the Department and Manx Care, the Department may mandate that Manx Care discharge the Department functions regarding this information system. NHS Digital can undertake to provide the NHS account service under S255 of the Health and Social Care Act 2012.
2.4 NHS Digital
NHS Digital was set up by the Department of Health and Social Care in April 2013 and is an executive non-departmental public body that provides national information, data and IT systems for health and care services.
We exist to help patients, clinicians, commissioners, analysts and researchers.
Our goal is to improve health and social care in England by making better use of technology, data and information.
Find out more about NHS Digital
NHS Digital has been directed by NHS England to provide the NHS account and to include the services that can be accessed via your NHS account.
NHS Digital is also responsible for managing (as well as many other services):
- the national data opt-out, which allows patients to state their data sharing preferences
- the NHS.UK website, which provides health information
- NHS 111 online, which allows patients to get triage advice based on their symptoms online
All of these services are available through your NHS account.
NHS Digital also provides a public-facing service desk for user queries relating to the functionality of your NHS account and the NHS login service (formerly called 'Citizen Identity').
2.5 GP practices
GP practices provide primary care services to the public.
As part of your NHS account, GP practices can enable their patients to see their medical information, book appointments, order repeat prescriptions, send and receive messages, and select or change their nominated pharmacy.
GP practices may also provide additional services such as online consultation, personal health record, or communications services, and will normally engage a specialist organisation to provide these additional services on their behalf. Your GP practice remains in charge of your personal information and decides what health information from your health record, appointments and prescriptions is displayed to you.
3. Personal data - who controls its use
The organisation that is the controller or processor of your personal data will depend on the service to which it relates. For example:
3.1 Providing and managing your NHS account
NHS England describe, in a legal direction to NHS Digital, what personal data is required to provide and manage your NHS account. For example, user registration details and audit data. NHS England and NHS Digital are joint controllers for this personal data.
3.2 Using the services available through your NHS account
If you wish to use your NHS account to access a service, then the organisation that controls your personal data is responsible for managing access. For example, to view your GP practice records, then your GP controls this.
If you wish to log in to an online service linked to through your NHS account then NHS Digital will, with your consent, provide your login details to the online service you wish to use i.e. you can use the details stored by NHS Digital to save you time completing their online form (or you can enter the details yourself if you so wish).
The table below lists different situations and which organisation(s) control the personal data in each situation. In some situations, there is more than one controller. To find out more about the information falling within each of the below categories, see section 5, "What information we collect about you and how it is used".
Category of information | Controller(s) | Processor(s) |
---|---|---|
NHS account audit data | NHS England; NHS Digital | N/A |
NHS account mailing list membership(s) | NHS England; NHS Digital | Contracted bulk emailing and list management service provider |
NHS App Messaging Service | NHS England; NHS Digital; GP practice | Contracted communications service providers |
NHS account performance data | NHS England; NHS Digital | Contracted analytics service providers |
NHS account service desk information | NHS England; NHS Digital | N/A |
NHS account service desk feedback & surveys | NHS England; NHS Digital | N/A |
NHS Login account information | NHS England; NHS Digital (a separate service from your NHS account) | N/A |
Your data sharing preferences | Department of Health & Social Care; NHS Digital (a separate service from your NHS account) | N/A |
Information inputted into 111 Online symptom checker service | Department of Health & Social Care; NHS Digital (a separate service from your NHS account) | N/A |
Information within your GP medical record | Your GP (as custodian of your records) | N/A |
Information relating to GP appointments | Your GP | N/A |
Information relating to the repeat prescription service and your nominated pharmacy | Your GP; Your pharmacist | N/A |
Information relating to messaging through GP surgery systems | Your GP | N/A |
Organ donation preferences | NHS Blood and Transplant | N/A |
Information inputted into NHS.UK | Department of Health and Social Care; NHS Digital (a separate service from your NHS account) | N/A |
Online consultation responses | Your GP; NHS England | A contracted Online Consultation Provider and in some cases NHS Digital (for more details see the online consultations privacy policy |
Information in personal health records not supplied by you | Your GP or hospital(s) | A contracted personal health records provider |
Information in personal health records supplied by you | A contracted personal health records provider; Your GP or hospital(s) if you direct such data to be shared with them | Refer to the privacy policy applicable to the personal health records service available to you for more information |
User research panel membership, survey responses and user research newsletter mailing list | NHS England; NHS Digital; and DHSC as a partner of NHSx where explicit consent has been given | Contracted survey service provider |
Hospital referral information | NHS England; NHS Digital | N/A |
Enhanced appointment viewing (hospital appointment) information | NHS England; NHS Digital | NHS England contracted service providers |
Check your COVID-19 vaccine record | NHS England; NHS Digital | N/A |
NHS COVID Pass | Department of Health and Social Care | Third party processor as detailed in the service's privacy policy |
Book or manage a coronavirus (COVID-19) vaccination | NHS Digital | NHS Digital |
Data you choose to provide when taking part in surveys or other user research to help improve our service | NHS England; NHS Digital | Contracted research tools provider |
3.3 Processors
When organisations are engaged to process your personal information on behalf of a different controller organisation, there will always be a contract in place. These processor organisations must have agreed to keep your information secure and only use it for the purpose they have been instructed to.
For example, your GP practice or the integrated care board (ICB) which it belongs to may have contracted with one or more commercial online consultations providers, personal health records providers or communications service providers for the provision of services on the GP's behalf. See the NHS account privacy policy for online consultation services and NHS account privacy policy for personal health record services for more details. Other processors are described in the table above.
4. Features
4.1 Passwordless authentication
Registered users of the NHS account may be able to use the passwordless authentication feature if their device supports this.
Passwordless authentication is voluntary and does not stop you using your existing method to access the NHS account. Passwordless authentication is based on technology in your device. Your device may support passwordless authentication using different types of biometric data, including fingerprint and facial recognition. We do not have access to or control over the biometric data stored on your device.
The NHS account performs passwordless authentication against NHS login in accordance with the Fast Identity Online (FIDO) standard.
4.2 Nominated pharmacy
Registered users of the NHS account are able to select, view and change their nominated pharmacy to which their electronic prescriptions are sent. This feature is only available if your GP practice has enabled it.
As a result of changing your nominated pharmacy, your personal information needed to verify and dispense your electronic prescription will be shared with the selected pharmacy. Find out more about electronic prescriptions.
4.3 Proxy access (linked profiles)
As described in the NHS account terms of use, "Proxy access" enables you to view parts of the GP medical record, book or cancel appointments, order repeat prescriptions online, or send patient to practice messages in relation to someone else (for example, their child or someone you care for) as authorised by your GP from time to time.
Note: you cannot create new proxy access relationships through your NHS account. To create new relationships or change existing ones, please contact your GP practice.
You are responsible for any personal data that you access on behalf of the person you are using proxy access in respect of, and must keep it safe and secure.
You must, to the extent possible bearing in mind their age, condition and capacity:
- make the person you are using proxy access on behalf of aware of, and seek their consent to, your proxy access and any steps you take on their behalf
- make the person you are using proxy access on behalf of aware of this privacy policy and other applicable terms and conditions
4.4 View medical record documents
Where available, if a GP practice has permitted access to files (sometimes called letters) attached to your medical record or that of a person you are using proxy access on behalf of, you will be able to view and download these files through your NHS account.
Once downloaded it is your own responsibility to keep the files secure. If you use a shared computer or mobile device to access your NHS account, make sure you delete any downloaded files when you are finished.
4.5 NHS App Messaging Service
This service enables you to receive updates relating to your NHS account and services available within it, and public health announcements. Connected healthcare providers that use this service, like your GP surgery, may use it to send you messages specific to you or your healthcare.
You cannot use this feature to send a new message to NHS Digital or to your healthcare providers. When needed, your healthcare provider may give you the option to reply to certain messages through your NHS account.
See more information in the NHS account privacy policy for messaging services.
4.6 NHS App notifications
You can choose to activate push notifications from the NHS App to alert you to receipt of messages sent using your NHS account. This functionality may differ from device to device.
This feature is not available when you use the NHS website to log in to your NHS account.
You can opt out of push notifications at any time. Messages can continue to be sent and available via your NHS account whether or not push notifications are activated, but opting out may limit the types of messages you can receive. For example, messages related to your healthcare may continue to be sent by other means.
If you use the NHS App across more than one device, push notifications must be enabled on each one.
If you share the device you use to log into the NHS App with other people, they may see your notifications. Notifications may be sent to more than one user on the same device.
The push notifications sent to you depend on what messaging services your GP surgery or healthcare providers have chosen.
4.7 User research panel, surveys and user research newsletter
We would like to contact you about taking part in user research to improve your NHS account and connected services. We will ask you if you would like to join our user research panel when you register for your NHS account or on a subsequent login. If you choose to do so, we will email you a short survey to fill in about you and your health. Your answers will help make sure we invite you to user research that is relevant to you. We will also ask you if you want to receive our user research newsletter.
When you have signed up, we may ask you to:
- try new features
- answer more questions by email
- talk to our researchers about your experience of using your NHS account or connected services
You can always say no to an invite, and you can leave the user research panel at any time.
We will only use your information to contact you about the NHS account user research panel. It will only be used by NHS England, NHS Digital and DHSC as a partner in NHSx, depending on what you have consented to, and will not be shared with anyone else. You can unsubscribe at any time by selecting the unsubscribe link in any surveys or newsletters we send you, or by contacting the NHS App team.
4.8 Other user research
We may ask you to take part in user research, for example, surveys, interviews or other research activities, to help improve the service we provide. You can always say no to a request, and you can change your mind at any time.
Personal information you provide will only be used by NHS England, NHS Digital and DHSC as a partner in NHSx, depending on what you have consented to, and will not be shared with anyone else. Whether you choose to take part will not affect the care you receive from your health services.
5. What information we collect about you and how it is used
The information processed for the purposes of your NHS account can be split into a number of different categories.
Details of the information and personal data falling within each of the categories where NHS Digital is the controller are set out below.
Category of information | Personal data | Special categories of personal data |
---|---|---|
NHS account audit data | Information captured against your NHS Number about your use of your NHS account, such as the time of use, actions you took using your NHS account, and associated technical log events. | None |
NHS account document download | You may be asked for access to your device’s file storage to download your NHS COVID Pass or medical record documents. Files that you choose to download will be stored on your device. | Any health or special category data included in the downloadable file |
NHS account performance data | IP addresses are transmitted to Adobe Analytics, Hotjar and Qualtrics as part of performance data but are not stored so users cannot be identified. | None |
NHS App Messaging Service | We send messages, and support connected healthcare providers to send messages, and receive replies (if they enable this function). We use your NHS account to do this. Messages from connected healthcare providers may contain information related to your personal health and care. | Health |
NHS App mailing list membership(s) | We contract a specialist organisation to send out bulk emails and manage our lists of email subscribers. We use only your email address and mailing preferences needed to operate this service. | None |
NHS account service desk information | The personal data you provide if you contact the service desk; could include information about your use of your NHS account and services. In order to diagnose and resolve problems we may sometimes securely share this information with other organisations who operate the ‘Platform Services’ described in clause 1.2. of the Terms of Use. | None |
NHS account service desk feedback & surveys | The personal data you provide if you provide feedback such as responding to one of our surveys. | None |
NHS login account information | Logins to your NHS account are managed by NHS login, a separate NHS Digital service. If you're a new user of the NHS account, you may be asked to provide additional information, such as your NHS number or a picture of your passport, to set up a new NHS login account with high-level identity verification. In the case of low-level, mid-level and high-level identity verification accounts we will use your personal information to create an account and enable you to log in to this. In the case of high-level identity verification accounts NHS login will verify your ID online using an automated verification process. Where an automated decision cannot be made successfully, a manual verification process is then used. We use approved ID verification suppliers to complete our automated online ID verification process. As part of the automated ID verification process for high-level identity verification, facial recognition technology is used so that a likeness and liveness check can be conducted. You may be asked for access to your device’s camera which will be used to capture data to support proof of identity. This data is not stored. You may also be asked for access to your device’s file storage to upload documents, photos or videos to support proof of identity. Further details on the automated process, manual process and how your data is stored can be found within the NHS login privacy policy. As a registered user, login information consisting of your email address and password will be processed to enable you to use your NHS account. Find out more about NHS login | Yes |
Your data sharing preferences | Personal data provided in order to identify you and retrieve or set your data sharing preferences. | None |
111 Online symptom checker service | Personal data such as contact details and health data will only be captured if you elect to have 111 Online contact you, otherwise the symptoms you enter will be anonymous. If you allow access to your device’s location then location data will be used to find services in your area. | Health data (symptoms information entered in response to questions, but only if contact information is provided, otherwise anonymous) |
Information inputted into other services on NHS.UK | Personal data will only be captured if you elect to provide it, otherwise your use of NHS.UK other than for the services available in your NHS account will be anonymous. | None |
User research panel membership, survey responses and user research newsletter | Personal data will only be captured if you elect to provide it as part of participating in user research relating to your NHS account or connected services. We will collect your name and email address to maintain a mailing list for the user research newsletter, where you have consented to receive it. | We will ask general questions about your health and background in order to ensure we are inclusive in our research. |
Hospital referral information | Personal data will only be captured if you elect to provide it as part of using the Manage Your Referral service. | Details of your hospital referrals and first appointments, including department. |
Enhanced Appointment Viewing (hospital appointment) information | Details of your hospital referrals, appointments and bookings, including department. | Details of your hospital referrals, appointments and bookings, including department. |
Check your COVID-19 vaccine record | Personal data provided in order to identify you and retrieve your COVID-19 vaccine history. | Details of your COVID-19 vaccine history |
Book or manage a coronavirus (COVID-19) vaccination | Personal data provided in order to send you a confirmation of your COVID-19 vaccine booking. | Details of your appointments and vaccinations |
Other user research | Personal data you choose to provide when taking part in voluntary research activities. | None |
Organisational Data Service (ODS) codes | An ODS code is a unique number used to identify health and social care organisations, including GP surgeries. We may collect an ODS code if you raise a technical issue with the NHS App team, which is then stored outside of the NHS account in an issue management system. | None |
6. How NHS Digital uses your personal data and why
The processing of your personal data is necessary to provide you with NHS account services and ensure the functionality of your NHS account works.
You will not be able to use your NHS account unless you have agreed to its terms of use and this privacy policy.
The organisation that is the controller and/or processor of your personal data will depend on the information in question.
We may need to share your personal information if we are required to do so by law.
We may also analyse or share data that is aggregated or anonymous with organisations within, or whose work helps, the NHS. This is to help the NHS understand how your NHS account is being used so we can make improvements to it and other NHS services.
If you provide any information to us, and we are able to identify you, for example in feedback forms or contact with us, that suggests a serious risk of harm to yourself or someone else we may contact you, or pass details to your health or social care provider or emergency services.
6.1 Personal data for which NHS Digital is the controller within the scope of your NHS account
Category of information | Legal basis for using this data | Retention period |
---|---|---|
NHS account audit data | Legal obligation – processing is necessary for compliance with the legal obligation to which NHS Digital is subject | 8 years after the audit event occurred |
NHS account mailing list membership(s) | Your consent specifically provided when you opted to join a mailing list | Varies depending upon which mailing list you are joining |
NHS App Messaging Service | Legal obligation - processing is necessary for compliance with the legal obligation to which NHS Digital is subject | Messages and replies to messages are stored in the 'Messages' area of your NHS account for as long as your NHS login exists. This is to provide the same service you would get if you received messages from another channel, such as a text message. If you delete your NHS login, you will lose access to these messages and it may affect your access to other NHS services |
Enhanced Appointment Viewing (hospital appointment) information | Legal obligation – processing is necessary for compliance with the legal obligation to which NHS Digital is subject | Transient |
NHS account service desk information | Legal obligation – processing is necessary for compliance with the legal obligation to which NHS Digital is subject | 12 months |
NHS account service desk feedback and surveys | Your consent via acceptance of our privacy policy and giving your agreement to take part in a survey | 12 months |
NHS account performance data | Your consent via acceptance of our cookies policy | 12 months |
User research panel membership, survey responses and user research newsletter | Your explicit consent via acceptance of our privacy policy and giving your agreement to take part in a survey, and/or join the NHS account user research panel, and/or receive the user research newsletter | Varies depending upon which survey you are responding to, we shall tell you specifically before we ask you for your consent |
Other user research | Your explicit consent via acceptance of our privacy policy and giving your agreement to take part in research | Varies depending upon which research activity you are taking part in. We shall tell you specifically before we ask you for your consent |
Find out more about the directions issued to NHS Digital
Where this data is stored and processed
We only store and process your personal data within the UK and European Economic Area (EEA).
6.2 Personal data for which NHS Digital is the controller outside the scope of the NHS account
In respect of certain connected services NHS Digital has a role outside the scope of the NHS account as NHS Digital also provides these services. They are separate from the NHS account and subject to their own privacy policies which you should read before use.
Category of information | How the data is used and handled |
---|---|
NHS login account information | See the NHS login privacy policy |
Your data sharing preferences | See the National Data Opt-out Service privacy notice |
111 Online symptom checker service | See the 111 Online privacy policy |
Information inputted into NHS.UK | See the NHS.UK privacy policy |
Hospital referral Information | See the Manage Your Referral privacy policy |
Check your COVID-19 vaccine record | Find out more about the Check your COVID-19 vaccine record service |
Book or manage a coronavirus (COVID-19) vaccination | See the National Booking Service privacy policy |
6.3 Personal data for which NHS Digital is neither the controller or processor
In respect of certain connected services, NHS Digital's role is simply enabling you to access the services in the same format as the NHS account. NHS Digital is neither the controller nor processor for personal data that you submit or view in such connected services. Such services are separate from the NHS account and subject to their own privacy policies which you should read before use.
Category of information | Privacy policy |
---|---|
Information in personal health records (whether supplied by you or not) | This service is contracted by your GP practice or hospital with a personal health records provider. Find out more about personal health record services. |
NHS COVID Pass | This service is managed by the Department of Health and Social Care. Find out more about the NHS COVID Pass service. |
Information within your GP medical record | Contact your GP practice for a copy of their privacy policy. |
Information relating to GP appointments | Contact your GP practice for a copy of their privacy policy. |
Information relating to the repeat prescription service and your nominated pharmacy | Contact your GP practice and pharmacist for copies of their privacy policies. |
Information relating to messaging through GP surgery systems | Contact your GP practice for a copy of their privacy policy. See the NHS account privacy policy for messaging services. |
Organ donation preferences | This service is managed by NHS Blood and Transplant (NHSBT), which is separate from NHS Digital. Find out more about NHSBT. |
Online consultation responses | This service is contracted by your GP practice with an online consultations provider. Find out more about online consultation services. |
7. Your rights
Data protection laws provide a number of rights to you. These rights are listed below.
You can exercise your rights by contacting the appropriate controller.
If you wish to contact NHS Digital, please use the contact details at the bottom of this page.
The personal data NHS Digital holds as a controller within the scope of the NHS account is limited to:
- NHS account audit data
- NHS account mailing list membership(s)
- NHS App Messaging Service data
- NHS account service desk information
- NHS account service desk feedback and surveys
- NHS account performance data
- User research panel membership and survey responses
- Other user research activity responses (for example, survey responses or interviews)
Your rights applicable to audit data, mailing list membership(s), NHS App Messaging Service data, service desk information, service desk feedback and surveys, and user research panel membership and survey and other user research activity responses are:
- to know how your data will be collected, processed and stored, and for what purposes
- to withdraw your consent, which applies to your participation in user research panel membership, survey responses and unsubscribe to mailing list membership
- to request a copy of your personal data
- to correct your personal data errors or omissions
- to data portability - this means you can obtain a copy of your data in a structured, commonly used and machine-readable format (applies only to your participation in user research panel membership, survey responses and to mailing list membership)
- to request we delete your personal data (only applies for mailing list membership(s), NHS account service desk feedback and surveys, user research panel membership, survey responses and other user research activity responses)
- to request we restrict our use of your personal data (for example, if you think it's inaccurate and needs to be corrected before it's used)
You can also manage the NHS account performance data ("analytic cookies"). See the NHS account cookies policy for details on how to do this.
8. Points of contact for queries
If you have any queries in relation to the use of your personal data within your NHS account, or about your NHS account generally, refer to the table below to find out where to direct your query.
Query | Who do I contact? |
---|---|
Queries about the content of your medical records and/or the medical records you can view via your NHS account | Your GP surgery |
Queries about your healthcare, such as GP appointments or repeat prescriptions | Your GP surgery |
Queries about your ordered prescriptions or nominated pharmacy | Your GP surgery or pharmacist |
Queries about your NHS account functionality and how to use the NHS App or NHS website to log in to your NHS account | See our help and support page |
Queries about messaging in your NHS account | See the NHS account privacy policy for messaging services |
Queries about login information or issues | See our help and support page |
Queries about the 111 symptom checker service | See our help and support page |
Queries about the NHS.UK website | Contact us |
Queries about your data sharing preferences | See the National Data Opt-out Service privacy notice |
Queries about your organ donation preferences | See NHS Blood and Transplant's organ donation FAQ |
Queries about your online consultation responses | Your GP surgery. NHS England (if applicable). See online consultation services for details. |
Queries about personal health record services | Your GP surgery or hospital(s); a contracted personal health records provider. See personal health record services for details. |
Queries about user research panel memberships, survey responses and user research newsletters | See our help and support page |
Queries about hospital referral and appointments information | See our help and support page |
Queries about Check your COVID-19 vaccine record | Find out more about the Check your COVID-19 vaccine record service |
Queries about NHS COVID Pass | This service is managed by the Department of Health and Social Care. Find out more about the NHS COVID Pass service. |
Queries about Book or manage a coronavirus (COVID-19) vaccination | See the National Booking Service privacy policy. |
9. Objections and complaints about your NHS account
We will investigate and attempt to resolve any data privacy objections and complaints relating to your NHS account.
We will make every reasonable effort to allow you to exercise your rights as quickly as possible and within the timescales provided by data protection laws.
You can contact our Data Protection Officer to make a complaint:
By email
By post
Privacy Transparency and Ethics team
7 and 8 Wellington Place
Leeds
West Yorkshire
LS1 4AP
We ask that you try to resolve any issues with us first, although you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at any time about our processing of your personal information.
The ICO is the UK regulator for data protection and upholds information rights.
10. Changes to the privacy policy
The terms of our privacy policy may change from time to time. We will inform you via your NHS account and request your continued agreement if we make any significant changes to our privacy policy, cookies policy or terms of use.