You are here

Privacy statement

  • Public

Information about using information on our site

When you browse through the information on the CQC website, it does not store or capture your personal information. We do log your IP address (as it is automatically recognised by the web server).

Please be aware that some systems on our website require the use of cookies, but we will always state if this is the case. We will never collect and store information about you without your permission.

We will always take necessary steps to ensure that your information is protected and treated securely. Any details you give us will be held in accordance with the Data Protection Act 1998 and CQC's data protection policy (part of our overall Information Governance Policy) and code of practice on confidential and personal information.

CQC will only collect personal information volunteered by you, such as:

  • feedback from surveys and online forms.
  • email addresses.
  • preferred means of communication.

All personal information about you will be used to exercise our functions, and to improve the quality and safety of care.

We will never include your personal information in survey reports.

This privacy statement covers the CQC site. This does not cover links within this site to other websites.

Online services – 'Your CQC account'

Any details we collect through your CQC account and our online notification and registration forms will be held in accordance with the Data Protection Act 1998 and CQC's Data Protection Policy on confidential and personal information.

Information that has been saved (or autosaved) in our online forms but not sent or submitted to us will not ordinarily be reviewed by us. In certain circumstances, or if we are required to as part of an investigation, we may need to view pending versions of forms.

Signing up to our e-newsletter

We use a third-party supplier to provide our e-newsletter service. By subscribing to this service you will be agreeing to them handling your data.

The third-party supplier handles the data purely to provide this service on our behalf. This supplier observes the requirements of the Data Protection Act 1998 in how they obtain, handle and process your information and will not make your data available to anyone other than CQC.

Code of practice

We treat information we receive from people who use services, professionals and others as confidential.

It is a criminal offence under the Health and Social Care Act (HSCA) to disclose confidential information we have obtained. The act however, does set out circumstances where we are allowed to disclose information.

In some cases we are also able to share information with:

  • other organisations we work with.
  • Experts by experience who help us complete our regulatory work.

We will only do this if we are legally able to, and if there is a very good reason to do so.

If we can, we will contact you first to tell you how we plan to share your information.

Our code of practice details how we obtain, handle and use your personal information.

Looking at care records

When we inspect care services, it helps us to look at some people’s care records as part of our checks that care is being provided in the right way.

If you don’t want us to look at your records, please tell the manager of the organisation that provides your care service ie the hospital, care home, GP surgery or dentist. We will respect your wishes where it is possible to carry out our checks without looking at your records.

This guidance explains what our powers to look at records are, and how we use them.

Personal information

We do not hold personal information about the majority of people who use care services, but we sometimes take copies of some information, and in rare cases, we may need to share that information with other public bodies.

If you think that we may hold your personal information and you want to make a request to see it, please visit Freedom of information for more details. We may ask you for proof of identity and to pay a small fee before responding to your request.

Data and statistics

CQC may receive data about an organisation's quality of care from NHS Digital, the trusted national provider of high-quality information, data and IT systems for health and social care.

We use three particular sources, Hospital Episode Statistics (HES), Mental Health data, and Office for National Statistics (ONS) mortality data that contain information about care in hospitals and mental health units. You can find more specific information about what we hold and how we use these sources on the NHS Digital registers of approved data releases.

What data do we hold that could potentially identify someone?

We hold the following data items deemed identifiable by NHS Digital:

  • date of birth (patient),
  • local patient identifier,
  • patient pathway ID,
  • postcode of patient,
  • mother’s date of birth,
  • NHS number,
  • birth date (baby),
  • date of death

We need this information to help meet our purpose of ensuring safe, effective and compassionate, high-quality care. For example, we may compare death rates at different hospitals, look for unusually high rates of infection in women who have recently given birth, and check for appropriate use of the Mental Health Act (the law that can detain someone for treatment).

NHS Digital send us this information because we meet their strict requirements on keeping it secure and only using it in a way that supports our work

Could others identify individuals from the data?

To meet our purpose and ensure your safe care, we may have to raise questions or concerns with a hospital directly; for example, if we are concerned about a hospital's death rates. This only happens in exceptional circumstances.

Under agreement of NHS Digital, we may send codes to the hospital to allow them to review their own medical records identifying specific patients to see if their care had been lacking in some way. These codes originate from the hospital and cannot identify those patients to CQC staff. We always treat this data with the utmost care, and CQC will never identify individuals from it in this or any other way.

Last updated:
29 May 2017


Help us improve this page