Data protection

Data protection

The NHS 24 website ( and NHS 24 111 phone service is owned and operated by NHS 24. This is on behalf of NHS Scotland and the Scottish Government.

NHS 24 is committed to ensuring that:

  • your privacy is protected
  • user’s information will only be used in line with the data protection and privacy needs outlined in this policy

This policy is available in other languages.

Data protection policy 

The data protection policy outlines: 

  • what data we collect about you when you access NHS 24 
  • how we collect this data 
  • how we store this data securely 
  • who we share it with 
  • how you can access it 


This policy is compliant with the relevant data protection legislation. We are committed to compliance procedures that show this. 

Types of data collection 

The type of information we collect will depend on how you access and interact with us. For example, you may contact us by: 

  • phoning the 111 service
  • visiting our website 

NHS 24 deals with personal and special category (sensitive) data, as classified under the relevant data protection legislation. This includes the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018. 

Data protection security 

NHS 24 are data controllers for personal data collected, stored and shared by NHS 24. 

As is delivered through NHS Scotland. We follow all data security standards and protocols that apply to the NHS in Scotland. 

Systems that operate as part of have had a system security policy assessment. This is in line with nationally recommended standards. 

Read the NHS 24 Data Protection Notice 

Sharing your data 

Any data we collect will only be shared to: 

  • investigate and respond to enquiries 
  • track the performance of the service 

Loss and misuse of data 

We take technical and organisational precautions to prevent the loss, misuse or alteration of your personal data. 

Disclosure checks 

All health professionals who handle personal data must go through Disclosure Scotland checks. This is before they start their employment at NHS 24. 

Accessing your data 

You have a right to know what data we collect about you, and to access this data. 

You can request this by emailing us at: 

How to contact us 

This website is maintained by NHS 24 on behalf of NHS Scotland and the Scottish Government. 

If you have a question or comment about our data protection notice, or would like access to your personal information, email us at: 

More information is available on the Information Commissioner’s Office website 

Storing and sharing call information

When you phone NHS 24, you’ll be asked to give some basic information about yourself. You’ll also have to describe the reason for your call. This is so that we can offer you the most appropriate treatment and care as soon as possible.

What information we will need

The personal information we need when you phone 111 includes your:

  • name
  • address
  • date of birth
  • postcode
  • telephone number
  • GP’s name
  • symptoms

Storing information from your call

When you call NHS 24, we’ll use the information you give to:

  • provide healthcare services
  • protect and improve public health
  • create a record to identify you and maintain your personal details
  • make sure we have the right information when you call the service again
  • help staff review the care they provide to ensure it’s of the highest standard
  • investigate complaints or possible adverse incidents
  • review our services and help plan our service in future
  • conduct clinical research, audit and training

Sharing information from your call

Sometimes we will have to pass relevant information from a call to an appropriate care giver. This is if we decide it’s required under the legal obligations we’re governed by.

For example, it may be necessary to share information with:

  • your GP
  • out-of-hours service
  • Scottish Ambulance Service
  • Accident and Emergency (A&E) Department

We may also use the information to contact you about the care you’ve received.

Providing your personal information

You can decide how much information you want to give. You can even use NHS 24 anonymously if you wish.

We will need some information like your symptoms. This is so that we can arrange for you to receive appropriate treatment safely.

If you do not want to give your personal details, we may not be able to provide you with the most appropriate care.

How we use your personal information

Staff training and development involves reviewing patient records and listening to calls. This is to ensure that NHS 24 staff are competent in what they do. It also enables them to provide the best possible service to people in Scotland.

Information is also helpful to carry out medical and other health research. This is for the benefit of everyone. Only anonymised data will be used for audit and research purposes. You’ll be asked for your consent to take part in identifiable research.

NHS research is usually approved by the Public Benefit and Privacy Panel before being carried out.

Sometimes information is needed to manage the wider health service. If this is the case, careful measures are taken to ensure that individual patients cannot be identified.

Anyone who receives information from us is under a legal duty to keep it confidential.

How we keep your information confidential

Everyone who works for the NHS has a legal duty to keep information about you confidential.

For NHS 24 this includes the information:

  • recorded during your call
  • documented on our computer systems

Calls to NHS 24 are recorded and stored securely on our computer systems along with any other information we may have about your contact with us. Only approved relevant members of staff at NHS 24 have access to this information.

If you’re receiving care from other people as well as NHS staff, NHS 24 may be legally obliged to pass on relevant information for your care or treatment.

As with other NHS organisations, NHS 24 has a ‘Caldicott Guardian’. They have responsibility for the safe keeping of your personal and clinical information and records.

This ensures that your personal health information is treated appropriately. NHS 24’s Caldicott Guardian is also the Medical Director, who can be contacted at

NHS 24

Lumina Building,

40 Ainslie Road,



G52 4RU

Data protection and the law

Data protection legislation are laws that state information about you can only be used in certain ways.

The data protection legislation contains many principles. One of these is that information must be processed lawfully, fairly and in a transparent manner. This means that you have a right to know how we intend to use the information you provide.

The legal duty of confidentiality also governs information passed in confidence.

Read our Data Protection Notice

Processing your information

NHS 24 processes your information under a legal basis defined in the data protection legislation. NHS 24 considers there are several legal bases like:

  • the use of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
  • processing is necessary to protect the vital interests of the data subject or of another natural person
  • Sensitive personal information includes your health information. This is known as ‘special category’ information. If we use this, our legal basis is usually that the use is necessary for the:
  • provision of health or social care or treatment
  • the management of health or social care systems and services

Where it’s appropriate, NHS 24 will share all relevant information with appropriate organisations.

Storing and sharing web information

Any data we collect is stored securely in an NHS Scotland database. This database has been formally risk assessed and accredited in line with NHS Scotland standards. No third parties will have access to it.

This data will be kept no longer than is necessary and reasonable. After this period, the data will be deleted.

Web forms contains some web forms that send information to NHS 24.

NHS 24 manage data collection for the:

  • feedback form
  • freedom of information form
  • data protection form

To help our patient affairs and operations teams to respond to feedback and service updates, we’ll collect and store your:

  • name
  • address
  • phone number
  • email address

Find out more about how we manage the data collected by cookies on our website.