This is an HTML version of an attachment to the Freedom of Information request 'Hospital Episode Statistics (HES) Privacy Impact Assessment / Data Protection Impact Assessment'.



 
 
1 Trevelyan Square 
Boar Lane 
 
Leeds LS1 6AE 
 
 
 
0300 303 5678 
 
 
01 March 2019 
 
Our ref: NIC-268665-K5M5D 
 
Dear Mr Booth, 
 
Re: Information Request – Freedom of Information Act (FOIA) 2000 
 
Thank you for your email dated 01 February 2019 requesting the following information: 
 
“1) Provide a copy of any Data Protection Impact Assessment (DPIA) and/or Privacy Impact 
Assessment undertaken for the Hospital Episode Statistics reflecting the changes to law in the Data 
Protection Act 2018. 
 
2) Confirm what is the most recent DPIA / PIA for HES, and - if it is not the one available on the 
StatsUserNet website (link above) - provide a copy of that as well.” 
 
We have considered your request and in accordance with S.1 (1) of the Freedom of Information Act 
2000 (FOIA) I can confirm that we do hold the information that you have requested. 
 
The Privacy Impact Assessment for HES has been superceded with a Data Protection Impact 
Assessment (DPIA), as required under Article 35 of GDPR.   
 
The draft document is currently being finalised prior to publication.  It is our intention to publish the 
DPIA by the end of next week. 
 
A public interest test has been undertaken, and we believe that there is no benefit to the general 
public by releasing this information ahead of publication date. As the publication date is in the near 
future, we believe that releasing a draft copy of this information may be misleading. Once the 
document has been published, it will provide further understanding to the public of the use of Hospital 
Episode data by NHS Digital. 
 
Therefore Section 22 of the Freedom of Information Act applies.  
 
In line with the Information Commissioner’s directive on the disclosure of information under the 
Freedom of Information Act 2000 your request will form part of our disclosure log.  Therefore, a 
version of our response which will protect your anonymity will be posted on the NHS Digital website.  
 
I trust you are satisfied with our response to your request for information. However, if you are not 
satisfied, you may request a review from a suitably qualified member of staff not involved in the initial 
query, via the xxxxxxxxx@xxxxxxxxxx.xxx.xx email address or by post at the above postal address. 
 
Your request to NHS Digital will now be closed on our internal CRM (customer relationship 
management) system. 
www.digital.nhs.uk 
 
xxxxxxxxx@xxxxxxxxxx.xxx.xx 
 




 
 
Yours sincerely, 
 
A Simpson 
Information Assurance Advisor 
 
Further  information  about  your  right  to  complain  under  the  Freedom  of  Information  Act  is  available  from  the 
Information  Commissioner’s  Office,  Wilmslow,  Cheshire,  and  on  The  Information  Commissioner’s  website 
www.ico.org.uk. 
 
NHS Digital values customer feedback and would appreciate a moment of your time to respond to our Freedom 
of Information (FOI) Survey to let us know about your experience.  Please access the survey through this link 
here   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
www.digital.nhs.uk 
xxxxxxxxx@xxxxxxxxxx.xxx.xx