Privacy Notice                        

 Data Controller: Elizabeth Baldock, Practice Manager                                                           

Your information, what you need to know

This privacy notice explains why we collect information about you, how that information may be used, how we keep it safe and confidential and what your rights are in relation to this. Privacy Notice

During the Coronavirus outbreak we have written this additional COVID-19 Privacy Notice

 

Why we collect information about you

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation.

We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments.

 

Details we collect about you

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. from Hospitals, GP Surgeries, A&E, etc.). These records help to provide you with the best possible healthcare.

 Records which this GP Practice may hold about you may include the following:

  • Details about you, such as your address and next of kin
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you
 

How we keep your information confidential and safe

Everyone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law.  The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

The health records we use may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel.

We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • Data Protection Act 1998
  • Human Rights Act
  • Common Law Duty of Confidentiality
  • NHS Codes of Confidentiality and Information Security
  • Health and Social Care Act 2015
  • And all applicable legislation

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.

 

Third party processors

In order to deliver the best possible service, the practice will share data (where required) with other NHS bodies such as other GP practices and hospitals. In addition the practice will use carefully selected third party service providers. When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by third parties includes:

  • Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.

  • Delivery services (for example if we were to arrange for delivery of any medicines to you).

  • Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

 

How we use your information

Improvements in information technology are also making it possible for us to share data with other healthcare organisations for the purpose of providing you, your family and your community with better care. For example it is possible for healthcare professionals in other services to access your record with your permission when the practice is closed.  This is explained further in the Local Information Sharing section below.

Under the powers of the Health and Social Care Act 2015, NHS Digital can request personal confidential data from GP Practices without seeking patient consent for a number of specific purposes, which are set out in law. These purposes are explained below.

You may choose to withdraw your consent to personal data being shared for these purposes. When we are about to participate in a new data-sharing project we will display prominent notices in the Practice and on our website at least four weeks before the scheme is due to start. Instructions will be provided to explain what you have to do to ‘opt-out’ of the new scheme. Please be aware that it may not be possible to opt out of one scheme and not others, so you may have to opt out of all the schemes if you do not wish your data to be shared.

You can object to your personal information being shared with other healthcare providers but should be aware that this may, in some instances, affect your care as important information about your health might not be available to healthcare staff in other organisations. If this limits the treatment that you can receive then the practice staff will explain this to you at the time you object.

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS.

For details of the NHS and other Government organisations with whom your information may be shared please Click

For further information on the following areas please click on the links below:

Data Retention

Access and Personal Information

Further Information