Toggle site contrast Toggle Contract

NHS Bedfordshire, Luton and Milton Keynes Clinical Commissioning Group ceased to exist at midnight on 30 June 2022.  From 1 July 2022, its functions have been transferred to NHS Bedfordshire, Luton and Milton Keynes Integrated Care Board which is part of our new Health and Care Partnership.  This website is no longer being maintained and will be archived shortly.  
Please visit our new Integrated Care Board website or the Health and Care Partnership website.

Data Protection

Data Protection (Information Governance)

We are committed to ensuring the personal information we hold is processed in line with data protection regulations, legislations and national guidance including, but not limited to, the General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018.

We measure our compliance using the NHS Digital Data Security and Protection Toolkit. A self-assessment on line tool for which we provide evidence of our compliance. All staff are required to complete mandatory data protection and security training.

We have policies and procedures in place which our staff (including, agency, temporary and volunteers) have a legal obligation to comply with. All staff are also required to complete annual mandatory Data Protection & Security training.


To view our policies please see below.

BLMK CCG Policies

Backup Policy

N365 Local Policy & Guidelines

Data Protection Impact Assessments

As required by UK GDPR we conduct DPIAs, which help us to identify any risks which may occur from the implementation of new IT systems and processing of personal information. To view a list of DPIAs recently undertaken, please click here.

Information Sharing

All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

As a partner of the BLMK Integrated Care System (BLMK ICS we are signed up to the overarching Information Sharing Agreement (ISA) to support the sharing of patient & service user information for the purpose of direct care.

Later this year this agreement will be replaced with the Shared Health and Care Record. For more information about the Shared Heath and Care Record, please visit

Subject Access & Access to Health Records Requests

UK GDPR gives you (or your authorised representative e.g. somebody who has Power of Attorney to deal with your affairs) the right to request and be provided with a copy of the information we hold about you. This is known as ‘the right of access’, also more commonly known as a Subject Access Request (SAR).

Some individuals may also have the right (under the Access to Health Records (Deceased) Act), to request and be provided with information we hold about a deceased individual. However, strict exemptions do apply.

To submit a request please print and complete the form below and send it to us as instructed in the form. Following receipt of your form we will do all we can to provide you with the requested information within 30 calendar days.

Subject Access & Access to Health Records Request form

If you are unable to print the form, please email our IG Department who will be happy to assist you [email protected]

Fair Processing Notice

Our Fair Processing Notice (sometimes referred to as a Privacy Notice) provides details about the information we collect and hold, what we do with it, how we look after it, who we might share it with and your rights.

It covers information we collect directly from you or receive from other individuals or organisations and which organisations process it on our behalf.

To view our Fair Processing Notice, please see below:

BLMK CCG Fair Processing Notice October 2021

BLMK CCG Fair Processing Notice

BLMK CCG Fair Processing Notice for sharing Commissioning Data with ICS Partners 30.1.22