Statement on agreement with Experian for identifying overseas visitors
The NHS provides free healthcare to anyone who is a legal resident of the UK (defined as “ordinary residence”). NHS trusts are required by law to charge patients who are not ordinarily residents in the UK for the treatment they receive (although treatment in emergency departments is exempt from charges for everyone).
It is important that patients who may not be ordinarily UK residents are identified in a non-discriminatory way. As one of its ways of doing this, Lewisham and Greenwich NHS Trust has a data sharing agreement with the credit reference agency, Experian, to check whether patients who are booked for treatment are economically active in the UK. This is one of several indicators used by the Trust to help identify that patients are eligible for free care.
It is important to stress that:
- Experian do not carry out credit checks on Lewisham and Greenwich NHS Trust’s patients. No credit footprint is left on anyone’s credit report as a result of this process.
- Data is transferred between Lewisham and Greenwich NHS Trust and Experian through a secure system
- Experian do not keep a copy of the data they are sent, and they do not use it for any purpose other than processing information for the Trust
- Experian use a fully automated system to process the data they are sent
Lewisham and Greenwich NHS Trust does have a notice on its website about sharing some information with non-NHS organisations. However, due to concerns that have been raised about the processes for notifying patients about how their data is used, the Trust is commissioning an external review to look at all data sharing processes that are in place at the organisation. The review will be carried out by independent data specialists and arrangements with Experian have been suspended until the independent review is completed.
The Trust is also seeking advice from the Information Commissioner Office on the issues that have been raised, and any further actions that we may need to take to ensure full compliance with the Data Protection Act (2018).