1 Trevelyan Square
Boar Lane
Leeds LS1 6AE
0300 303 5678
01 March 2019
Our ref: NIC-268665-K5M5D
Dear Mr Booth,
Re: Information Request – Freedom of Information Act (FOIA) 2000
Thank you for your email dated 01 February 2019 requesting the following information:
“1) Provide a copy of any Data Protection Impact Assessment (DPIA) and/or Privacy Impact
Assessment undertaken for the Hospital Episode Statistics reflecting the changes to law in the Data
Protection Act 2018.
2) Confirm what is the most recent DPIA / PIA for HES, and - if it is not the one available on the
StatsUserNet website (link above) - provide a copy of that as well.”
We have considered your request and in accordance with S.1 (1) of the Freedom of Information Act
2000 (FOIA) I can confirm that we do hold the information that you have requested.
The Privacy Impact Assessment for HES has been superceded with a Data Protection Impact
Assessment (DPIA), as required under Article 35 of GDPR.
The draft document is currently being finalised prior to publication. It is our intention to publish the
DPIA by the end of next week.
A public interest test has been undertaken, and we believe that there is no benefit to the general
public by releasing this information ahead of publication date. As the publication date is in the near
future, we believe that releasing a draft copy of this information may be misleading. Once the
document has been published, it will provide further understanding to the public of the use of Hospital
Episode data by NHS Digital.
Therefore Section 22 of the Freedom of Information Act applies.
In line with the Information Commissioner’s directive on the disclosure of information under the
Freedom of Information Act 2000 your request will form part of our disclosure log. Therefore, a
version of our response which will protect your anonymity will be posted on the NHS Digital website.
I trust you are satisfied with our response to your request for information. However, if you are not
satisfied, you may request a review from a suitably qualified member of staff not involved in the initial
query, via th
e xxxxxxxxx@xxxxxxxxxx.xxx.xx email address or by post at the above postal address.
Your request to NHS Digital will now be closed on our internal CRM (customer relationship
management) system.
www.digital.nhs.uk
xxxxxxxxx@xxxxxxxxxx.xxx.xx
Yours sincerely,
A Simpson
Information Assurance Advisor
Further information about your right to complain under the Freedom of Information Act is available from the
Information Commissioner’s Office, Wilmslow, Cheshire, and on The Information Commissioner’s website
www.ico.org.uk. NHS Digital values customer feedback and would appreciate a moment of your time to respond to our Freedom
of Information (FOI) Survey to let us know about your experience. Please access the survey through this link
here
www.digital.nhs.uk
xxxxxxxxx@xxxxxxxxxx.xxx.xx