Our GDPR Statement

HQIP commissions, manages, supports and promotes national and local programmes of quality improvement. This includes the national and local clinical audit programmes, the clinical outcome review programmes and the National Joint Registry (NJR) on behalf of NHS England (NHSE) and other healthcare departments and organisations.

The NHS Standard Contract requires provider organisations to participate in the National Clinical Audit and Patient Outcomes Programme (NCAPOP). NHS Trusts are responsible for funding a proportion of the NCAPOP costs through a process known as subscription funding. Each financial year, NHS England (NHSE) contacts NHS Trusts detailing the charge and the payment process and HQIP is tasked with collecting it from NHS Trusts. We do not hold direct contracts with NHS Trusts for this purpose. It is therefore not appropriate for us to agree contract variations with individual Trusts and provider organisations as we are only the recipients of this funding, on behalf of NHSE.

Our GDPR commitment statement

The Healthcare Quality Improvement Partnership (HQIP) was established to promote quality in healthcare, and in particular to increase the impact that clinical audit has on healthcare quality improvement.  HQIP processes information in its capacity as an employing organisation.  HQIP is also data controller for the National Clinical Audit Patient Outcome Programme (NCAPOP) and the National Joint Registry (NJR) and has committed to achieving compliance with the General Data Protection Regulation (GDPR), which took effect on 25th May 2018.

HQIP has an internal team, with executive oversight, who have assessed the requirements of the GDPR and planned a programme of work to achieve compliance.  We are working externally with our suppliers and partner organisations to ensure this work programme is delivered to enable HQIP to meet our obligations.

Our work programme falls into the following areas:

  • We have appointed a Data Protection Officer (DPO): You can contact them at [email protected]
  • Policy Development: We continue to develop and review our range of policies to ensure they meet GDPR standards.
  • Privacy policy and transparency: We have undertaken a systematic review of the data we process and control and have updated our documentation to be as open and clear to individuals about how their personal data is used.
  • Individuals Rights: We are working to ensure we have policies and processes in place to implement individual’s rights under GDPR.
  • Data Protection Impact Assessments (DPIA): We are working to ensure DPIAs are embedded into our processes and undertaken where needed.
  • Training & Awareness: We continue to build awareness and undertake training across HQIP on the GDPR and its implications.
  • Supplier & Partner relationships: Where appropriate, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.

For further information, also see our ICO statement of data processing statement.

If you have any further queries about our commitment to GDPR please contact us on [email protected]