BETA This is a new service – your feedback will help us to improve it.

Patient data

Our role is to enable the people of Scotland to experience the best quality of health and social care. As we deliver our role, we have to obtain and work with confidential personal information. This is information relates to an identifiable individual. We would have obtained it in circumstances which mean it is to be held in confidence.

Situations where HIS may obtain and use confidential personal information

HIS may obtain and use confidential information where it is necessary for us:

  • to provide scrutiny of healthcare in Scotland. For example, to inspect or assess the quality of care provided within a specific service. This can include healthcare in prisons and in police custody.
  • to receive and share intelligence about the care systems across Scotland (particularly about the NHS) with other national agencies.
  • to deal with a complaint or a whistleblowing concern relating to a healthcare provider.
  • to gather the experiences of patients and service users for improvement purposes.

Examples of confidential information HIS works with

The confidential personal information HIS may work with may include:

  • details of an individual’s health or social care, including access to health records
  • sensitive personal details provided to HIS by a health or social care professional
  • concerns raised by or about an individual health or social care professional
  • complaints and concerns raised by patients and service users or their loved ones

Our approach to using personal confidential information  

  • We will only obtain and use it where this is necessary to meet our statutory obligations and powers. It will also be in the public interest.
  • We will protect it, applying appropriate security at all times.
  • We will only share it with other regulators where this is necessary, proportionate and in the public interest.
  • We will be transparent with the public and with health and social care professionals about our use of personal confidential information.
  • We will use it in compliance with:
    • data protection law
    • the Caldicott Principles
    • our Common Law duty of confidentiality
    • the NHS Scotland Code of Practice on Confidentiality
  • Where HIS colleagues who are uncertain about the appropriateness of using personal confidential information will seek the advice of our Caldicott Guardian.

For further information

See our privacy notice: (add link)

If you have concerns or questions you can contact: