The NHS App privacy policy provides details of how we use, and process, any personal information you give us.
The information below describes how we use your information when you receive or access a message in your NHS App. The information in this policy also applies when you access these same services by logging in through the NHS website in a web browser.
See help using messaging services in the NHS App.
Types of messaging services
The messaging services available in your NHS App depend on what your GP surgery or healthcare providers have chosen.
You may be able to:
- view and reply to messages from your NHS healthcare services (through the NHS App Messaging Service)
- send messages to your GP surgery (through GP surgery systems)
- request advice and view responses from your GP surgery (through an online consultation service)
- view and send messages between you and your healthcare provider, for example from specialist doctors at a hospital (through a personal health record service)
Sending messages through GP surgery systems
These are messages between you and your GP surgery.
The messages are sent to and from, and stored by, individual GP surgery systems (such as EMIS and TPP). NHS England displays them in your NHS App.
Your GP remains in charge of your personal information and decides what health information from your health record, appointments and prescriptions is displayed to you.
Your GP surgery is the controller of your personal data. Contact your GP surgery for a copy of their privacy policy.
Online consultation services
Online consultations enable you to use a secure online system to ask questions, report symptoms and get advice.
Your GP surgery contracts with one or more suppliers to deliver online consultation services. The suppliers are commercial organisations and provide a service for your surgery.
Although accessed through your NHS App, they are hosted by a supplier contracted by your healthcare provider. You may be taken to the supplier's system to access this service and see messages.
There is a separate privacy policy for online consultation services.
Personal health record services
Personal health record services typically allow you to access messages between you and your healthcare provider online and view information about your health.
Your healthcare provider contracts with one or more suppliers to deliver personal health record services. The suppliers are commercial organisations and provide a service for your healthcare provider.
Although accessed through your NHS App, they are hosted by a supplier contracted by your healthcare provider. You'll often be taken to the supplier's system to log in and view any messages sent through this service.
If you have notifications turned on in the NHS App, you may get notifications when you get a message.
There is a separate privacy policy for personal health record services.
NHS App Messaging Service
The NHS App Messaging Service is where you view messages from your NHS healthcare services, including:
- updates relating to your NHS App and services available within it
- public health announcements
- messages specific to you or your healthcare from healthcare providers
You cannot use this feature to send a new message (to NHS England or to your healthcare providers). When needed, your healthcare provider may give you the option to reply to certain messages through your NHS App.
If you have notifications turned on, you'll also get a notification to your device about the message.
Who is involved in the NHS App Messaging Service
As well as NHS England, this service is also provided by:
- sending organisations, such as a healthcare provider
- contracted communications suppliers
Sending organisations
Sending organisations are healthcare providers who send you messages relating to your healthcare, such as your GP surgery or hospital. They are a controller for the personal data they process to provide you with messages.
They may use a contracted communications supplier to send you a message to your NHS App.
Sending organisations are responsible for:
- the content of the message
- any onward services they provide, such as a link to another service
- acting on any information you provide through messages
- supporting non-technical issues with the message contents
- processing your preference to opt out of receiving messages in your NHS App
Each sending organisation (healthcare provider) will have their own privacy policy which will explain how they process your personal data to provide you with healthcare services. These are normally available on their websites.
Contracted communications suppliers
Communication suppliers are commercial organisations that are contracted to provide a messaging service on behalf of the sending organisation (your healthcare provider).
The communications supplier is a processor for the sending organisation, which means they only process your data according to the sending organisation's instructions and they cannot use your data for any other purposes.
What personal data is processed and why
Personal data | Reason for processing |
---|---|
Your NHS number, NHS app user status and your notifications preference | Used to send you messages to your NHS App. We keep a record of which NHS numbers are registered to use the NHS App and if you have notifications enabled. We share this with sending organisations and communications suppliers so they can decide whether to send you messages and notifications via the NHS App Messaging Service. |
Your NHS login ID | Used to verify your identity so that you can access messages in your NHS App via the NHS App Messaging Service. |
Message delivery status and meta data | Used to monitor and improve the service, we keep a record of whether the message is delivered to your NHS App or fails and whether you read it. |
Message body | We are responsible for maintaining a secure repository of the messages sent through the NHS App Messaging Service. These messages may contain personal data, including information about your health (special category data). |
Replies to messages | If your healthcare provider gives you the option to reply to a message, we are responsible for sending the reply to the sending organisation. We'll keep a copy of your reply, which is available to view in your NHS App. The sending organisation is responsible for answering questions and taking any actions in relation to your reply. |
How long we store messages
Messages are stored in your NHS App for as long as your NHS login exists. This is to provide the same service you would get if you received messages from another channel, such as text messages.
If you delete your NHS login, you will lose access to these messages and it may affect your access to other NHS services.
The sending organisation will keep a record of your messages and replies according to their own privacy policies.
Your rights
Data protection law provides you with a number of rights. You can exercise your rights by contacting the appropriate controller.
- For your rights in relation to your NHS App Messaging Service data, see the NHS App privacy policy
- For your rights in relation to the content of the messages you have received in your NHS App and how this affects your health and care, contact the sending organisation (your healthcare provider)
- For your rights in relation to any data privacy objections or complaints, see section 9 of the NHS App privacy policy for details of how to contact our Data Protection Officer