Learn from patient safety events service
Data provided by a user to NHS Improvement through LFPSE is defined as “Input Data”. By agreeing these terms and conditions, users license NHS Improvement to use Input Data for the performance of its statutory patient safety functions, which includes for the purposes of LFPSE. Users must ensure that they own or otherwise have an appropriate licence to share Input Data with NHS Improvement before submitting the data through LFPSE. NHS Improvement may share Input Data which has been anonymised, aggregated or otherwise transformed by NHS Improvement with third parties and in accordance with data sharing agreements which NHS Improvement will put in place before any such data sharing or otherwise in accordance with any relevant laws requiring disclosure to a third party.
Data which NHS Improvement generates from the analysis of Input Data through LFPSE is defined as “Output Data”. Output Data will be owned by NHS Improvement and NHS Improvement will publish the Output Data. NHS Improvement may share Output Data with users and third parties. Output Data shared or published by NHS Improvement will be in aggregated and anonymised form.
- not share Output Data with any third parties without the written prior approval of NHS Improvement.
- Keep account details safe – users must keep their access username and password confidential and must not allow any other individual to access the data using their access credentials.
- Not use Output Data for commercial purposes or to inform development of other commercial products.
Notify NHS Improvement of any breaches - users must promptly, and in any event within 48 hours, inform NHS Improvement on email@example.com if they become aware of:
- a breach of these terms and conditions of use; and/or
- any unauthorised users accessing LFPSE and/or
- the need to de-activate a user’s access to LFPSE.
Organisations should appoint an authorised user(s) within their organisations who will have access to LFPSE. An authorised user will be a member of staff employed by the organisation.
By completing the form that follows you are giving NHS Improvement your permission to process the information you provide to learn about patient safety. For further information on how we use your information please see Learning from patient safety incidents.
Please note: we do not investigate individual reports, but we do record public and staff concerns and use this information to improve safety. NHS Improvement does not have powers to investigate individual cases or complaints recorded using LFPSE. To find out who can help you make a complaint about your specific case, or take legal action, see NHS complaints guidance.
Where we would like to further analyse or process your personal data and how you are using LFPSE, we will seek your consent. Your organisation will have access to the Input Data through its appointed authorised users.
Input Data should not be submitted where this can render an individual identifiable. Users should therefore ensure so far as possible that Input Data does not contain personal data which renders an individual identifiable. NHS Improvement does not process information identifying individuals including at the time of recording the patient safety event online. In the event that a user submits Input Data containing data which may or does render an individual identifiable, NHS Improvement will carry out all reasonable steps to ensure the data is anonymised, including before sharing that data with third parties. Your data will be accessed by NHS Improvement staff whilst they support and maintain the LFPSE, manage data submissions and oversee data sharing activities on behalf of NHS Improvement.
Data that you submit via this form will be collated with data provided by other healthcare organisations, and published by NHS Improvement as official statistics, setting out the number of patient safety events recorded, and describing their patterns and trends.
We may share your data directly with organisations such as the Care Quality Commission, the Medicines and Healthcare Products Regulatory Agency (MHRA), NHS Digital, other arm’s length bodies (ALBs) of the Department of Health and Social Care, private bodies and higher education institutions (HEIs) to facilitate the delivery of works that fall within those purposes aforementioned. Disclosure of data to third parties will always be accompanied by an appropriate data sharing arrangement. Some users may be presented with an option to opt out of having individual reports shared with particular organisations. Users should select this opt out option when submitting their reports.
We will periodically publish official statistics on patient safety events recorded on LFPSE.
We want to help all users of LFPSE data to understand and use it appropriately. This is important not only for accurate interpretation, but to ensure we continue to encourage improvements in identifying and sharing information about patient safety events. If you use LFPSE data, then you should follow our data principles.
Output Data is not to be used to make public statements or pronouncements, or cause, or allow the Output Data to appear in public either directly or indirectly, without the permission of NHS Improvement and appropriate attribution. Your Input Data is protected from unauthorised access using several best practice security controls and access is limited to relevant individuals who will have completed NHS Improvement, or other Government agency information governance training.
Should NHS Improvement intend to make any change to any of the above uses, we will endeavour to contact all users and/or place a prominent notice on this page, in particular where your rights as data owners are likely to be affected.
Warranties and liability
- NHS Improvement excludes all liability arising from use of LFPSE, including any loss of profits, revenue, opportunity, contracts, turnover, anticipated savings, goodwill, reputation, business opportunity or loss to or corruption of data (regardless of whether any of these losses or damages are direct, indirect or consequential).
- The user warrants that it will not use LFPSE or any information contained in it for any purpose that is in contravention of any applicable law or regulation or in a manner that will infringe the copyright, trademarks, service marks or other intellectual property rights of third parties or violate the privacy, publicity or other personal rights of others in any defamatory, obscene, threatening, abusive or hateful manner.
- The user shall indemnify and hold harmless NHS Improvement, its employees and agents, against all claims, liability, losses, damages and expenses including, without limitation, legal fees and costs arising out of or incurred as a result of any claims made, or limitation brought, against NHS Improvement, its employees or agents, as a result of the user’s use of LFPSE or any information contained in it, or any data (including the Input Data) the user providers to NHS Improvement, for any purpose whatsoever.
Intellectual Property Rights (IPR)
Except where specified otherwise on LFPSE or agreed in writing with NHS Improvement, you acknowledge that all IPR in LFPSE and its contents (including any subsisting in NHS Improvement’s standard development tools, program components or standard code used in computer programming or in physical or electronic media containing NHS Improvement’s know-how or generic business methodologies applied to LFPSE) and in the Output Data throughout the world belong to NHS Improvement, and that you have no IPR in, or to, LFPSE and its contents or the Output Data other than the right to use LFPSE and its content and the Output Data in accordance with these terms and conditions.
Every attempt has been made to ensure LFPSE is of high quality and free from malicious code, but NHS Improvement does not guarantee that LFPSE will be free from viruses. You should use your own virus protection.
Access to LFPSE
NHS Improvement does not guarantee that LFPSE, or any content on it, will always be available or be uninterrupted. NHS Improvement may suspend or withdraw or restrict the availability of all or any part of LFPSE without notice for any reason at any time.
Governing law and jurisdictions
The terms and conditions of use of LFPSE shall be governed by the law of England and Wales and shall be subject to the non-exclusive jurisdiction of the courts of England and Wales.
Both NHS Improvement and the user acknowledge that none of the Input Data or Output Data in LFPSE should contain any person identifiable information. Notwithstanding this acknowledgement, should data protection legislation become applicable in connection with any information connected to LFPSE, including the types of information described in the remainder of this section. for the purposes of the General Data Protection Regulation (GDPR), the joint data controller is the NHS Trust Development Authority and Monitor, known collectively as NHS Improvement.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, please contact the DPO on firstname.lastname@example.org.
- Identity and contact data you provide when you register to use LFPSE, including your name, role, organisation and email address.
- Identifiable LFPSE usage data that is automatically collected by LFPSE database when you visit, such as pages visited and documents opened, how often you use LFPSE and when.
- Technical information, including your Internet Protocol (IP) address, session ID, timestamp and details of which version of web browser you are using.
For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy.
The legal bases for processing of your personal data:
- The processing of identity and contact categories of personal data noted above is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in either Monitor or the NHS Trust Development Authority.
- The processing of identity and contact data and identifiable LFPSE usage data noted above is undertaken on the basis of NHS Improvement’s legitimate interests necessary for providing access to LFPSE (the service) and sharing usage data with nominated LFPSE trust super admin user(s).
- The processing of identity and contact data is undertaken on the basis of NHS Improvement’s legitimate interests necessary for providing users with newsletters, notifications and invitations related to LFPSE.
- The processing of identifiable feedback or queries data is undertaken on the basis of your voluntary consent to send us these.
- The processing and further individual level analysis of how you use LFPSE is undertaken on the basis of your explicit consent captured separately as part of your LFPSE data use preferences.
Purposes of processing your personal data
Necessary requirements to provide LFPSE (service) to you. All data categories will be used:
- for the administration of a user account, audit and as part of our efforts to keep LFPSE safe and secure;
- to monitor and improve usage of LFPSE at an NHS Improvement and local trust level;
- to administer LFPSE for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve the performance, design and usefulness of LFPSE.
Sending notifications and invitations to you. Identity and contact data will be used:
- to make suggestions and recommendations to you and other users about the information available on LFPSE and how it may be beneficial to you or them
- to notify you if your Learn from patient safety events account has not been accessed for an extended period of time and any intention of NHS Improvement to de-activate the account within a specified timeframe.
You will receive the above notifications and invitations but can object at any time by contacting us on email@example.com.
To respond to your feedback or queries.
- Identity and contact data linked with your voluntary feedback or query data will be used to respond to you and inform LFPSE improvements and future developments.
To support targeted user engagement and/or inform LFPSE developments and future improvements.
- Further analysis of identity and contact data linked with identifiable LFPSE usage data will be used for targeted engagement activities and/or to inform LFPSE developments and improvements, but only with your consent.
- Anonymous user information will be used to inform LFPSE developments and future improvements.
Where we store your personal data
We store your data on secure servers within the UK that meet the safeguards as set out under Data Protection requirements. We do not intend to transfer any personal data outside the UK.
- Data provided by you as part of registration using Okta (identify management service) is held securely under contract with Okta within the cloud. Okta is used to manage access to NHS Improvement’s business tools and products.
- Personal data provided by you which is included within LFPSE usage reports is held securely within NHS Improvement’s secure network available to the internal LFPSE team and nominated trust super admin user(s).
- Data automatically collected by LFPSE database is stored securely under contract within the Microsoft Azure Cloud.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. We have procedures and security features in place to try and keep your data secure once we receive it.
Further disclosure of your information to other third parties
We may disclose your personal information to third parties:
- if we have a legal obligation to do so; or
This includes exchanging information with other organisations for legal reasons.
We won’t share your information with any other organisations for marketing, market research or commercial purposes, and we won’t pass on your personal identifiable data to other websites.
How long will we use your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or LFPSE audit and monitoring requirements. For LFPSE we will retain data for 12 months at which point we will check logs of users and delete dormant accounts and user details.
Keeping accurate and up to date information
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes (for example your email address) during your relationship with us or if you leave or move to another organisation.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
- the right of access to personal data held about you and check that we are lawfully processing it;
- the right to rectification- in regards to any personal data you consider we hold but is factually inaccurate;
- the right to request erasure or deletion of personal data we hold about you;
- the right to restrict how we are processing and or using your personal data;
- the right to object to how we are processing your personal data or making contact with you;
- rights in relation to automated decision making and profiling- we do not make use of automated decision making in relation to personal data and therefore any right to data portability does not apply to the personal data we collect.
- the right to withdraw consent at any time- where we are processing your personal data under consent you can change your mind and withdraw your consent at any time by editing your consent preferences within LFPSE.
- You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance by emailing firstname.lastname@example.org.
If you would like to exercise or find out more about your rights please contact email@example.com