Our GDPR Statement

General Data Protection Regulation (GDPR) – enquiries from Trusts


HQIP are receiving communications from Trusts and provider organisations asking us to complete variations of contract or confirm our level of confidence towards our compliancy towards GDPR.  Due to our unique relationship with those organisations, in support of these requests we have provided some additional context to our statement of GDPR compliance.

Our Work

HQIP commissions, manages, supports and promotes national and local programmes of quality improvement. This includes the National and Local clinical audit programmes, the Clinical Outcome Review Programmes and the National Joint Registry (NJR) on behalf of NHS England (NHSE) and other healthcare departments and organisations.

The NHS Standard Contract requires provider organisations to participate in the in the National Clinical Audit and Patient Outcomes Programme (NCAPOP) and Trusts are responsible for funding a proportion of the NCAPOP costs through a process known as Subscription Funding. Each financial year, NHS England (NHSE) publishes a Gateway letter detailing the charge and HQIP is tasked with collecting it from Trusts.  HQIP do not hold direct contracts with Trusts for this purpose. It is therefore not appropriate for HQIP to agree contract variations with individual Trusts and provider organisations as we are only the recipients of this funding, on behalf of NHSE.

We have developed a GDPR statement (see below) that provides information regarding our preparation for the GDPR. It is our intention that the detail of this activity provides re-assurance that HQIP is preparing for compliance in accordance with our current understanding of our regulatory obligations.  For further information, please also see our ICO statement of data processing statement.

We will continue to review this statement so we encourage you to check back regularly and review any updates.

If you have any further queries about our commitment to GDPR please review the statement below or contact our Information Governance Lead Concetta Laird at [email protected]

HQIP GDPR commitment statement

The Healthcare Quality Improvement Partnership (HQIP) was established to promote quality in healthcare, and in particular to increase the impact that clinical audit has on healthcare quality improvement.  HQIP processes information in its capacity as an employing organisation.  HQIP is also data controller for the National Clinical Audit Patient Outcome Programme (NCAPOP) and the National Joint Registry (NJR) and has committed to achieving compliance with the General Data Protection Regulation (GDPR), which took effect on 25th May 2018.

HQIP has an internal team, with executive oversight, who have assessed the requirements of the GDPR and planned a programme of work to achieve compliance.  We are working externally with our suppliers and partner organisations to ensure this work programme is delivered to enable HQIP to meet our obligations.

Our work programme falls into the following areas:

  • We have appointed a Data Protection Officer (DPO): You can contact them at  [email protected]
  • Policy Development: We continue to develop and review our range of policies to ensure they meet GDPR standards.
  • Privacy policy and transparency: We have undertaken a systematic review of the data we process and control and have updated our documentation to be as open and clear to individuals about how their personal data is used.
  • Individuals Rights: We are working to ensure we have policies and processes in place to implement individual’s rights under GDPR.
  • Data Protection Impact Assessments (DPIA): We are working to ensure DPIAs are embedded into our processes and undertaken where needed.
  • Training & Awareness: We continue to build awareness and undertake training across HQIP on the GDPR and its implications.
  • Supplier & Partner relationships: Where appropriate, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.

HQIP will continue to monitor compliance with the GDPR.   If you have any further queries about our commitment to GDPR please contact our Information Governance Lead on email:  [email protected] .org.uk