PRIVACY NOTICE

Adult Psychiatric Morbidity Survey 2014-Mood Disorders and Personality Disorders

The University of Birmingham (UoB), Institute for Mental Health is conducting a quantitative study with the overall aim of understanding the socio-economic, clinical and service level associations with having a mood disorder and / or personality disorder (including ADHD traits) in order to better develop mental health care in the UK.

In order to undertake this research project, we have been provided information by NHS Digital. Some of this information is personal data. Under data protection law, where we have processed personal data which we have obtained from someone other than the person, we have to provide you with very specific information about the source of that information, what we do with it and what your rights are.

The University of Birmingham’s web page ‘Data Protection - How the University Uses Your Data’ sets out much of this information, including how to ask any questions you may have about how your personal data is used, exercise any of your rights or complain about the way your data is being handled.  The rest of the key information you need to know about how we used your personal data is set out below.

Who is the Data Controller?

The University of Birmingham, Edgbaston, Birmingham B15 2TT is the data controller for the personal data that we process in relation to you.

What data are we processing and for what purpose will we use it?

The study will utilise data from the Adult Psychiatric Morbidity Surveys (APMS) (2014), a nationally representative survey of mental health, and analyse data in standard statistical ways.

APMS series provides data on the prevalence of both treated and untreated psychiatric disorder in the English adult population (aged 16 and over). The 2014 survey is the fourth in a series and was conducted by NatCen Social Research, in collaboration with the University of Leicester, for NHS Digital. Use of data from the 2014 APMS will be purely a secondary analysis of anonymised data with no attempts to link back to the original sample.

APMS data will be used to understand the socio-economic, clinical and service level associations with having a mood disorder and / or personality disorder (including ADHD traits) in order to better develop mental health care in the UK. APMS data will not be used for automated decision making or profiling.

Findings from the analyses will ultimately contribute to the development of developing mental health care to better help this group. Participants will not be identifiable in any research outcomes (e.g. publications).

What is our legal basis for processing your data?

The University of Birmingham’s legal basis for processing personal data under GDPR is function of a public task (by a public organisation) as set out in Article 6(1), point (e) (“necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) and Article 9(2), point (j) (“necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes”).

Who will my personal data be shared with?

The APMS 2014 dataset will be obtained from NHS digital. This is pseudomymised health related data obtained from screening questionnaires used in the survey.

Approval to access APMS 2014 data was acquired by the Institute for Mental Health and a Data Sharing Agreement is in place. The dataset provided by NHS Digital contains limited personal information that could potentially allow participants in the study to be identified; however the risk is considered very small, making this highly unlikely.

How will my personal data be kept secure?

The University takes great care to ensure that personal data is handled, stored and disposed of confidentially and securely. Our staff receive regular data protection training, and the University has put in place organisational and technical measures so that personal data is processed in accordance with the data protection principles set out in data protection law.

The University has an Information Security Management System based on ISO27001 with a range of controls covering the protection of personal information. Annual security awareness training is mandatory for staff and the University is accredited under the NHS Data Security and Protection Toolkit.

The University has an Information Security Management System based on ISO27001 with a range of controls covering the protection of personal information. Annual security awareness training is mandatory for staff and the University is accredited under the NHS Information Governance Toolkit, the Payment Card Industry Data Security Standard and is in the process of gaining Cyber Essentials Plus for defined services.

In relation to this project, only approved research staff at the UoB will be able to access APMS data. All the study responses are key-coded or pseudonymised.

How long will my personal data be kept?

As legally required, the data is not kept for longer than needed and is securely destroyed at an agreed date (see above). The data will be retained for 3 years from receipt

What are my rights?

Your ‘right to be forgotten’ (right to erasure, under Article 17 of the GDPR) does not apply in relation to this study as stored data is non-identifiable. The National Data Opt-out Programme (https://digital.nhs.uk/services/national-data-opt-out-programme) is also not applicable in relation to this study. Requests for data opt-out under this programme cannot be fulfilled as data is non-identifiable and cannot be associated with individual requestors.

For more information about your rights and what we do with personal data, please see our Privacy Notice.

Are changes made to this webpage?

This privacy notice is effective from 1st June 2019 and is reviewed when necessary.