Building Healthier Communities


You and Your Information

Find out more about how and why CityCare holds information about people. Follow the links to understand more about the data we collect, how you can access your health records and how to raise concerns and questions.

How we use your information (Data Protection - Fair Processing Notice)

Who we are

CityCare - officially known as Nottingham CityCare Partnership Community Interest Company (CIC) - provides community healthcare and education services. We are a private company limited by guarantee and a social enterprise, which means that we use any profits we make to improve our services or for other charitable purposes.

CityCare services are bought (commissioned) for local people by public authorities such as NHS Nottingham City Clinical Commissioning Group (CCG) and Nottingham City Council.

As part of our commissioning contracts we follow the same principles and standards as NHS organisations and provide information to our commissioners on the quality and safety of our services.

CityCare is registered as a data controller with the Information Commissioner’s Office under the Data Protection Act (1998).

Why do we collect information about you?

CityCare aims to provide you with the highest quality care. To do this effectively, efficiently and safely, we must keep records about you, your health and the care we have provided or plan to provide to you.

These records may include information such as:

How your records are used and shared

The people who provide you with health and social care use your records to make sure your care is safe and effective; to support decisions about your health made between you and care professionals and to work effectively with other health and social care professionals who are providing you with care.

Health and social care professionals who are involved in providing treatment or care have a duty to fully involve you with decisions about your care, including discussing and agreeing with you what they will record about you, and to share information with other care providers when it’s needed to make sure you get the best possible care. This is as important as the duty to protect your confidentiality.

Health and social care professionals have always shared information about people in order to provide the best possible care. The most secure and effective way to do this is to allow other organisations who provide you with care to access your records directly. Sharing may be locally between providers who use the same records systems or through the Medical Interoperability Gateway (MIG). This is a GP sharing service held inside the secure NHS network.

Sharing is ONLY between professionals directly involved with your care.

Your records are also used for essential legal purposes which do not directly relate to care, such as:

Wherever possible, all information that could identify you is removed from records before using them for purposes other than your direct care. Some research or audits require person-identifiable information to be effective. We will always ask your permission before information that could identify you is used for research. We will never sell your information or provide it to any organisation for sales or marketing purposes.

There are some occasions where we are legally obliged to share information that names you without asking you, for example:

In rare situations, sharing may be authorised when the public good outweighs your rights to confidentiality, for example:

How we keep your information confidential and secure

Everyone working for health and social care providers has a legal duty to keep information about you confidential. Other organisations providing you with care,who have access to your records, also have a legal duty to keep it confidential.

Information which is collected about you may be electronic, on paper or a mixture of both. CityCare’s computer network and email systems are kept on the NHS secure network, N3, which is held within high security British Telecom provided facilities.

CityCare electronic records about your health are stored on a records system called SystmOne, which is used by many healthcare providers in England and Wales. The system and all records on it are also held on N3. SystmOne automatically records who has accessed any of your records that are held on this system.

Paper records are locked in secure locations. All our staff are trained on how to manage confidential information and annual audits are carried out to make sure that our systems are working. We also use technology such as password protecting documents to make sure your information is kept confidential and secure.

To protect your privacy, our staff may not leave telephone messages for routine contacts, or will only leave their first names. CityCare sometimes uses general or team email addresses because these can be checked daily, whereas an individual may be out of the office and unable to respond to you.


Keep up-to-date with all the latest news from CityCare.



Check out our blog.