Fair Processing Notice

National Duplicate Registration Initiative 2009/10

The NHS is required by law to protect the public funds it administers.  In doing so, it may share information provided to it with other bodies responsible for auditing or administering public funds.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how they match.  This usually involves accessing personal information.  This type of computerised data matching helps to identify transactions or data items which may indicate an inconsistency and therefore benefit from further investigation. Any actual inconsistencies identified upon investigation may be the result of fraud, error or other explanation.

The Auditor General for Wales (Auditor General) currently requires us to participate in a data matching exercise to assist in the identification of duplicate patient registrations within GP practices.  The use of the data by the Auditor General is carried out with statutory authority under Part 3 of the Public Audit (Wales) Act.  Local Health Boards therefore have a statutory duty to provide the relevant data under paragraph 17 of Schedule 8 to the Government of Wales Act 2006.  It does not require the consent of individuals concerned under the Data Protection Act 1998.

The Local Health Board will work with the Auditor General and his staff to ensure that only the minimum necessary amount of personal information will be shared for the purpose of this audit.  This information will be transferred to the Auditor General in an encrypted format and stored securely before being confidentially disposed of at the end of the audit. The exercise will be conducted in accordance with the Auditor General’s Code of Data Matching Practice.