Skip to main content

NHS check if you need a lung scan privacy policy

1. How we use your personal information

This privacy policy explains how we use your personal data when you use the NHS check if you need a lung scan digital service. The NHS check if you need a lung scan pilot is provided as an alternative to the phone appointment, the lung health check. Find out more about the NHS lung cancer screening.

1.1 Terms we use in this policy

You may find it helps to understand these terms when reading this policy.

  • Personal data: information that relates to an identified or identifiable individual.
  • Special category data: sensitive personal data given special protection in data protection law including personal data about your health.
  • Data is “processed” when any action is taken with it. For example, when it is collected or reviewed.
  • Controller: the person or organisation (alone or with others) who decides what personal data to process and how it will be used.
  • Processor: an organisation which processes personal data on behalf of, and under the instruction, of the controller.
  • Joint data controller: if two or more controllers jointly determine the purposes and means of processing the same personal data.

You can find out more about these terms on the Information Commissioner's Office website.

In this privacy policy, 'we' or 'us' means NHS England and Department of Health and Social Care (DHSC). 'You' or 'your' means you, a member of the public who is using the NHS check if you need a lung scan.

2. Data controllers and processors for NHS check if you need a lung scan

The NHS check if you need a lung scan has been designed in line with the NHS lung cancer screening programme standards.

Under data protection law, NHS England and DHSC are joint controllers for the personal data put into the NHS check if you need a lung scan. The DHSC have commissioned NHS England to deliver the NHS check if you need a lung scan.

NHSE controller:
NHS England's Data Protection Officer at england.dpo@nhs.net

DHSC controller:
Lee Cramp, DHSC data protection officer at data_protection@dhsc.gov.uk

NHSE handles operational delivery, SARs, security. They are the main point of contact.

DHSC acts as commissioning authority for NHSE.

Individuals can exercise rights via NHSE contact point.

NHS England is controller of NHS login.

Edenred are a processor for the personal data that is entered into the NHS check if you need a lung scan. For more information, see the Edenred privacy policy.

3. What the NHS check if you need a lung scan involves

The NHS check if you need a lung scan invites adults aged 55 to 74 years who have ever smoked to take part in lung cancer screening.

The check - mainly done by a phone appointment called the lung health check, asks a person questions about their medical history and lifestyle to work out their chances of developing lung cancer in the next 5 years.

We will compare your answers from the online questionnaire and phone appointment to assess the clinical safety and effectiveness of the service.

  • The NHS check if you need a lung scan is provided by NHS England and Department of Health and Social Care as a pilot. It allows you to complete a lung health check online before you complete your phone appointment.

The NHS check if you need a lung scan involves:

  • filling in an online questionnaire about your health and lifestyle
  • completing your phone appointment and repeating the questionnaire to find out if you would benefit from a lung scan

You can access NHS check if you need a lung scan using your NHS login details. You will be informed that NHS login will share limited identity information required to access the service.

We will use your NHS number to compare your responses to NHS check if you need a lung scan to your responses in your phone appointment. Once you have completed your phone appointment we will also use your NHS login email to offer you a £10 voucher from Edenred vouchers.

Your NHS login email address will be shared with Edenred once you have completed your phone appointment. Edenred will use your email to send you a £10 voucher as a thank you for testing the online service.

We will not use your NHS login information for any other purposes. You can only share your NHS login information if you have proved your identity to NHS login.

For more information, see the NHS login privacy notice and terms and conditions.

4. What information we collect about you

When you use the NHS check if you need a lung scan, we will collect the following information
Category of information Description

NHS login account information

The personal data provided by NHS login to access the NHS check if you need a lung scan, such as name, NHS number, and email.

Audit data

Information filled in the NHS check if you need a lung scan about your use of the system such as time of use, actions you took and related technical log events. Your NHS number is also stored against these records.

The logs enable analysis for:

  • incident investigation
  • fault analysis
  • non-repudiation (proof that a user has taken action such as agreeing to terms or sending data)

Performance data

How long the system takes to complete tasks, number of errors, success or failure at task completion.

NHS check if you need a lung scan demographic data

The personal information you provide to use the NHS check if you need a lung scan such as your:

  • first name and last name
  • NHS number
  • email address

NHS check if you need a lung scan health and lifestyle questionnaire data

The personal data you provide to calculate the results of the check such as:

  • medical history of you, your parents and siblings
  • if you smoke
  • your height and weight
  • your education
  • if you have been exposed to damaged asbestos

Application metadata

The personal data created from the NHS check if you need a lung scan based on the demographic information you provide. Metadata includes date and time of submission, NHS number.

5. How we use your data

5.1 To compare your responses to NHS check if you need a lung scan to your lung health check phone appointment

NHSE uses the information you have provided in NHS check if you need a lung scan to compare your responses to similar questions in your lung health check phone appointment. This comparison will help us assess the clinical safety of the NHS check if you need a lung scan pilot. We remove all personal details, such as your name and email address when we do this.

5.2 Service improvement, audit and troubleshooting

We use technical and audit data to:

  • monitor system performance
  • investigate incidents
  • improve the service

We may also collect optional user feedback through surveys. This feedback is:

  • stored securely
  • not directly linked to your health questionnaire data
  • used only to improve the service

6. Our legal basis

Statutory basis for NHS England to deliver the NHS check if you need a lung scan pilot

NHSE relies on its powers under the National Health Service Act 2006 to undertake its role which is primarily:

  • system delivery
  • collection of audit data
  • service management
  • storage of static data to present to users (such as their results)

UK General Data Protection Regulation and the Data Protection Act 2018

UK GDPR Article 6(1)(e) ‘…processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller'.

Underpinned by statutory powers set out above.

Processing of special categories of personal data:

UK GDPR Article 9(2)(h)

‘processing is necessary …for the provision of health or social care or treatment or the management of health or social care systems and services on the basis of domestic law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.’

Underpinned by DPA2018 Sch1:

Health or social care purposes

2(1) This condition is met if the processing is necessary for health or social care purposes.

(2) In this paragraph “health or social care purposes” means the purposes of—

….

(f) the management of health care systems or services or social care systems or services.

NHS login:

Directions issued pursuant to the Health and Social Care Act 2012, Section 254(1):

  • NHS Login Directions 2021, which enabled NHS Digital (now NHS England) to provide the NHS Digital Citizen Identity Platform and related services, collectively the NHS login Services.

Setting aside the duty of confidence:

Implied consent is given by participants choosing to use the NHS check if you need a lung scan. NHS England's processing of personal data is not in itself directly for direct care but for the operation and maintenance of the system to support direct care.

Service management and user research:

Any personal data collected and processed for these activities will be done pursuant to UK GDPR Article 6(1)(a) '….the data subject has given consent to the processing of his or her personal data for one or more specific purposes' and UK GDPR Article 9(2)(a) '…the data subject has given explicit consent to the processing of those personal data for one or more specified purposes'.

Statutory basis for the Department of Health and Social Care to deliver the NHS check if you need a lung scan pilot

Article 6(1)(e) of the UKGDPR which permits processing that is necessary for the performance of a task in the public interest or in the exercise of the Controller’s official authority.

The processing is in line with the Secretary of State for Health and Social Care’s duties in relation to the promotion and provision of the health service (including public health functions), as outlined in Part 1 of the NHS Act 2006 (as amended by the Health and Social Care Act 2012).

The Department of Health and Social Care rely on the same conditions under Article 9 of the UKGDPR as NHS England, outlined above.

7. How long we keep your data for

How long we keep your data for
Category of information Description

Audit data

Audit events - duration of the pilot plus 1 year

Performance data

  • Service-related logs - duration of the pilot plus 1 year
  • Backups - duration of the pilot plus 1 year

NHS check if you need a lung scan demographic data

Duration of the pilot plus 1 year

NHS check if you need a lung scan health and lifestyle questionnaire data

Duration of the pilot plus 1 year

8. Where your data is stored

We process and store your data in the United Kingdom within Microsoft Azure.

9. Your rights

The right to be informed - this privacy policy explains how we use your personal data to provide the NHS check if you need a lung scan.

The right of access - to get a copy of your data submitted to the NHS check if you need a lung scan, you can request this by completing a Subject Access Request (SAR). If you would like a copy of your GP record, please contact your GP surgery.

The right of rectification - Individuals can ask for corrections to be made to their records.

The right to erasure - This right does not apply to data collected under 6(1e) Public Task. Where information is provided by the recipient for service management and user research under GDPR consent, the requests for erasure can be exercised through the email address above.

The right to the restriction of processing - You have the right to ask us to limit the way we use your data.

The right to data portability - This right does not apply.

The right to object - We will consider any objection, but may continue processing where we have compelling legitimate grounds or a statutory obligation.

The right not to be subject to automated decision making - The NHS check if you need a lung scan does not make automated decisions that have legal or similarly significant effects.

Asking a question or finding out more

If you have a general question about using the NHS check if you need a lung scan, you can contact us by email at: england.digitallungcancerscreening@nhs.net

Your GP health record and healthcare

You can contact your GP surgery for more information about your GP health record data, and data about your care.

Contact the Information Commissioner

If we are unable to resolve any queries or concerns about the use of your personal information in connection with the NHS check if you need a lung scan, you can raise your concern with the Information Commissioner.

You can contact the Information Commissioner’s Office:

  • using the ICO's online contact service
  • by calling 0303 123 1113
  • by writing to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We ask that you try to resolve any issues with us first. However, you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at any time about our processing of your personal information. The ICO is the UK regulator for data protection and upholds information rights.

Changes to this policy

The terms of our privacy policy may change from time to time. Any updates to the privacy policy will be published on the NHS website.

More in NHS check if you need a lung scan terms of use, privacy policy, and cookies policy.