Learn from patient safety events service
LFPSE Input and Output Data
Data provided by a user to NHS England through the LFPSE service is defined as “Input Data”. By agreeing these terms and conditions, users license NHS England to use Input Data for the performance of its statutory patient safety functions, which includes for the purposes of the LFPSE service. Users must ensure that they own or otherwise have an appropriate licence to share Input Data with NHS England before submitting the data through the LFPSE service.
Data which NHS England generates from the analysis of Input Data through the LFPSE service is defined as “Output Data”. Output Data will be owned by NHS England and NHS England will publish the Output Data. NHS England may share Output Data with users and third parties. Output Data shared or published by NHS England will be in aggregated and anonymised form.
- Not share Output Data with any third parties without the written prior approval of NHS England.
- Keep account details safe – users must keep their access username and password confidential and must not allow any other individual to access the data using their access credentials.
- Not use Output Data for commercial purposes or to inform development of other commercial products.
Notify NHS England of any breaches - users must promptly, and in any event within 48
hours, inform NHS England on firstname.lastname@example.org if they become aware of:
- a breach of these terms and conditions of use; and/or
- any unauthorised users accessing the LFPSE service and/or
- the need to de-activate a user’s access to the LFPSE service.
Organisations should appoint an authorised user(s) within their organisations who will have access to the LFPSE service. An authorised user will be a member of staff employed by the organisation.
By submitting Input Data you are giving NHS England your permission to process the information you provide to learn about patient safety. For further information on how we use your information please see Learning from patient safety incidents.
Please note: we do not investigate individual reports, but we do record public and staff concerns and use this information to improve safety. NHS England does not have powers to investigate individual cases or complaints recorded using the LFPSE service. To find out who can help you make a complaint about your specific case, or take legal action, see NHS complaints guidance.
We want to help all users of the LFPSE service data to understand and use it appropriately. This is important not only for accurate interpretation, but to ensure we continue to encourage improvements in identifying and sharing information about patient safety events. If you use the LFPSE service data, then you should follow our data principles.
Output Data is not to be used to make public statements or pronouncements, or caused, or allowed to appear in public either directly or indirectly, without the permission of NHS England and appropriate attribution. Your Input Data is protected from unauthorised access using several best practice security controls and access is limited to relevant individuals who will have completed NHS England, or other Government agency information governance training.
Account Use Data
Where we would like to further analyse or process your personal data and how you are using the LFPSE service, we will seek your consent.
Your organisation will have access to the Input Data through its appointed authorised users.
Routine disclosure of data to third parties will always be accompanied by an appropriate data sharing arrangement (except in relation to data-sharing with NHS Integrated Care Boards).
Some users may be presented with an option to opt out of having individual reports shared with particular organisations. Users should select this opt out option when submitting their reports if they have specific need to do so.
However, NHS England may share Input Data, in the minimum required form and redacted as appropriate, in the following circumstances:
- If such action is required to comply with any order of any court of competent jurisdiction or any regulatory, judicial, governmental or similar body or taxation authority of competent jurisdiction including any request or requirement to cooperate with any public, parliamentary or ministerial inquiry, including but not limited to any current or future inquiry or other investigation by the National Audit Office, or the Health and Social Care Committee;
- If such action is required by the laws or regulations of England and Wales;
- If law enforcement authorities that require the data for law enforcement purposes such as the prevention, investigation and detection of crime;
- Where such action is required to respond to concerns associated with patient safety within a given organisation or location; or
- Where such action is required to respond to concerns associated with safeguarding or protecting the safety of an individual.
This may be done even where users have ‘Opted Out’ of sharing the event record.
We will periodically publish official statistics on patient safety events recorded on the LFPSE service.
Should NHS England intend to make any change to any of the above uses, we will endeavour to contact all users and/or place a prominent notice on this page, in particular where your rights as data owners are likely to be affected.
Warranties and liability
- NHS England excludes all liability arising from use of the LFPSE service, including any loss of profits, revenue, opportunity, contracts, turnover, anticipated savings, goodwill, reputation, business opportunity or loss to or corruption of data (regardless of whether any of these losses or damages are direct, indirect or consequential).
- The user warrants that it will not use the LFPSE service or any information contained in it for any purpose that is in contravention of any applicable law or regulation or in a manner that will infringe the copyright, trademarks, service marks or other intellectual property rights of third parties or violate the privacy, publicity or other personal rights of others in any defamatory, obscene, threatening, abusive or hateful manner.
- The user shall indemnify and hold harmless NHS England, its employees and agents, against all claims, liability, losses, damages and expenses including, without limitation, legal fees and costs arising out of or incurred as a result of any claims made, or limitation brought, against NHS England, its employees or agents, as a result of the user’s use of the LFPSE service or any information contained in it, or any data (including the Input Data) the user provides to NHS England, for any purpose whatsoever.
Intellectual Property Rights (IPR)
Except where specified otherwise on the LFPSE service or agreed in writing with NHS England, you acknowledge that all IPR in the LFPSE service and its contents (including any subsisting in NHS England’s standard development tools, program components or standard code used in computer programming or in physical or electronic media containing NHS England’s know-how or generic business methodologies applied to the LFPSE service) and in the Output Data throughout the world belong to NHS England, and that you have no IPR in, or to, LFPSE and its contents or the Output Data other than the right to use LFPSE and its content and the Output Data in accordance with these terms and conditions.
Every attempt has been made to ensure the LFPSE service is of high quality and free from malicious code, but NHS England does not guarantee that the LFPSE service will be free from viruses. You should use your own virus protection.
Access to LFPSE
NHS England does not guarantee that the LFPSE service, or any content on it, will always be available or be uninterrupted. NHS England may suspend or withdraw or restrict the availability of all or any part of the LFPSE service without notice for any reason at any time.
Governing law and jurisdictions
The terms and conditions of use of the LFPSE servive shall be governed by the law of England and Wales and shall be subject to the non-exclusive jurisdiction of the courts of England and Wales.
Both NHS England and the user acknowledge that none of the Input Data or Output Data in the LFPSE service should contain any person identifiable information. Notwithstanding this acknowledgement, should data protection legislation become applicable in connection with any information connected to the LFPSE service, including the types of information described in the remainder of this section, for the purposes of the General Data Protection Regulation (GDPR), the joint data controller is NHS England.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, please contact the DPO on email@example.com.
- Identity and contact data you provide when you register to use the LFPSE servive, including your name, role, organisation and email address.
- Identifiable LFPSE service usage data that is automatically collected by the LFPSE service database when you visit, such as pages visited and documents opened, how often you use the LFPSE servive and when.
- Technical information, including your Internet Protocol (IP) address, session ID, timestamp and details of which version of web browser you are using.
For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy.
The legal bases for processing of your personal data:
- The processing of identity and contact categories of personal data noted above is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in NHS England.
- The processing of identity and contact data and identifiable LFPSE service usage data noted above is undertaken on the basis of NHS England’s legitimate interests necessary for providing access to the LFPSE service and sharing usage data with nominated LFPSE service trust super admin user(s).
- The processing of identity and contact data is undertaken on the basis of NHS England’s legitimate interests necessary for providing users with newsletters, notifications and invitations related to the LFPSE service.
- The processing of identifiable feedback or queries data is undertaken on the basis of your voluntary consent to send us these.
- The processing and further individual level analysis of how you use the LFPSE service is undertaken on the basis of your explicit consent captured separately as part of your LFPSE service data use preferences.
Purposes of processing your personal data
Necessary requirements to provide the LFPSE service to you. All data categories will be used:
- for the administration of a user account, audit and as part of our efforts to keep the LFPSE service safe and secure;
- to monitor and improve usage of the LFPSE service at an NHS England and local trust level;
- to administer the LFPSE service for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve the performance, design and usefulness of the LFPSE service.
Sending notifications and invitations to you. Identity and contact data will be used:
- to make suggestions and recommendations to you and other users about the information available on the LFPSE service and how it may be beneficial to you or them
- to notify you if your Learn from patient safety events account has not been accessed for an extended period of time and any intention of NHS England to de-activate the account within a specified timeframe.
You will receive the above notifications and invitations but can object at any time by contacting us on firstname.lastname@example.org.
To respond to your feedback or queries.
- Identity and contact data linked with your voluntary feedback or query data will be used to respond to you and inform the LFPSE service improvements and future developments.
To support targeted user engagement and/or inform the LFPSE service developments and future improvements.
- Further analysis of identity and contact data linked with identifiable LFPSE service usage data will be used for targeted engagement activities and/or to inform the LFPSE service developments and improvements, but only with your consent.
- Anonymous user information will be used to inform the LFPSE service developments and future improvements.
Where we store your personal data
We store your data on secure servers within the UK that meet the safeguards as set out under Data Protection requirements. We do not intend to transfer any personal data outside the UK.
- Data provided by you as part of registration using Okta (identity management service) is held securely under contract with Okta within the cloud. Okta is used to manage access to NHS England’s business tools and products.
- Personal data provided by you which is included within the LFPSE service usage reports is held securely within NHS England’s secure network available to the internal LFPSE team and nominated trust super admin user(s).
- Data automatically collected by the LFPSE service database is stored securely under contract within the Microsoft Azure Cloud.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. We have procedures and security features in place to try and keep your data secure once we receive it.
Further disclosure of your information to other third parties
We may disclose your personal information to third parties:
- if we have a legal obligation to do so; or
This includes exchanging information with other organisations for legal reasons.
We won’t share your information with any other organisations for marketing, market research or commercial purposes, and we won’t pass on your personal identifiable data to other websites.
How long will we use your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or LFPSE service audit and monitoring requirements. For the LFPSE service we will retain data for 12 months at which point we will check logs of users and delete dormant accounts and user details.
Keeping accurate and up to date information
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes (for example your email address) during your relationship with us or if you leave or move to another organisation.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- the right of access to personal data held about you and check that we are lawfully processing it;
- the right to rectification- in regards to any personal data you consider we hold but is factually inaccurate;
- the right to request erasure or deletion of personal data we hold about you;
- the right to restrict how we are processing and or using your personal data;
- the right to object to how we are processing your personal data or making contact with you;
- rights in relation to automated decision making and profiling- we do not make use of automated decision making in relation to personal data and therefore any right to data portability does not apply to the personal data we collect.
- the right to withdraw consent at any time- where we are processing your personal data under consent you can change your mind and withdraw your consent at any time by editing your consent preferences within the LFPSE service.
- You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance by emailing email@example.com.
If you would like to exercise or find out more about your rights please contact firstname.lastname@example.org