General Data Protection Regulation (GDPR)
We take your privacy very seriously. We are registered with the Information Commissioner's Office as a Data Controller and our registration number is Z517161X.
Our Data Officer is Mr Scott Ridley and may be contacted through the switchboard.
We aim to provide you with the highest quality health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
Your doctor and other health professionals caring for you, such as nurses and physiotherapists, keep records about your health treatment so that they are able to provide you with the best possible care. These records are called your 'health care record' and may be stored in paper form or on computer and electronic systems and mat include Personal Data:
- basic details about you, such as address, date of birth, NHS Number and next of kin
as we as Sensitive Personal Data:
- contact we have had with you, such as clinical visits
- notes and reports about your health
- details and records about your treatment and care
- results of x-rays, laboratory tests etc.
Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.
What do we do with your information?
- Refer you to other healthcare providers when you need other services or tests
- Share samples with laboratiries for testing (like blood samples)
- Share test results with hospitals or community services (like blood tests)
- allow out of hours Ps to look at your practice record when you go to an appointment
- Send prescriptions to a pharmacy
- Patients are texted in relation to healthcare service
- Samples are provided to the courier for delivery to pathology
- Share reports with the coroner
- Receive reports of appointments you have attended elsewhere such as with the community nurse or if your have had a stay in hospital
What else do we do with your information?
Along with these avtivities that allos us to provide health care to you, we use information in other ways whcih allow us to ensure that care is safe and to provide data for the improvement and planning of services.
- Quality / payment / performance reports are provided to service commissioners
- As part of clinical research - information that identifies you will be removed, unless you have consented to being identified
- Undertaking clinical audits with in the Practice
- Supporting staff training
Sharing when Required by Law
Sometimes we will be required to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults or where required by court order.
Information Access and Rights
Data protection law provides you with a number of rights that the practice must support you with.
Care Quality Commission Access to Health Records
CQC has powers under the Health and Social Care Act 2008 to access and use your helth information where it is necessary to carry out their functions as a regulator. This means that inspectors may ask to look at certain records to decide whether we are providing safe, good quality care. More information about the CQC can be obtained on their website https://cqc.org.uk/about-us/our-policies/privacy-statement
Right to Access
You have the right to obtain:
- confirmation that information is being used, stored or shared by the practice.
- a copy of information held about you
If you only require a particular part of your record, tell us and we will amend the charge accordingly.
We will respond to your request within one month of receipt or tell you when it might take longer.
We are required to validate your identity of someone making a request on your behalf
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it but only if this is a genuine error such as data in a wrong record.
There may be occasions, where we are required by law to maintain the original information - our Data Protection Officer will talk to you about this and you may request that the information is noy used during this time.
We will respond to your request within one month of receipt or tell you dhen it might take longer.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Sometimes your information will be used to identify whether you need particular support from us. Those involved in your care might look at particular indicators and contact you to take action for healthcare purposes such as preventing you from having to visit accident and emergency by supporting you in your own home or in the community.
We will automated technology tp help us ideitify people that might required but ultmately, the decision about how to support you is made by those involved in your care.
Our practice uses Fed Bucks to support us to deliver some of our services such as providing appointments when our practice is closed or community services such as Improved Access (sometimes know as 8 to 8).
Our Data Protection Officer will be happy to speak to you about this if you have any concerns or onjections.
The practice will use third parties to provide services that involve your information such as:
- Removal and destruction of confidential waste
- Provison of clinical systems
- Provision of connectively and servers
Data analytics or warehousing (these allow us to make decisons about care or see how effectively the practice is run - personal data will never be sold or made avaialable to organisations not related to the to your care delivery)
We have contracts in place with these third parties that prevent them from using it in any other was than instructed. Thses contracts also require them to maintain good standards of security to ensure your confidentiality.
How do we Protect your Information?
We are committed to ensuring the security and confidentiality of your information. There are a number of ways in which we do this:
Staff receive annual training about protecting and using personal data
- Policies are in place for staff to follow and are regularly reviewed
- We check that only minimum amount of data is shared or accessed
- We use 'smartcards' to access systems, this helps ensure that the right people are accessing data - people with a 'need to know'
- We use encrypted emails and storage which would make it difficult for someone to 'intercept' your information
- We report and manage incidents to make sure we learn from them and improve
- We put in place contracts that require providers and suppliers to protect your data as well
- We do not send your data outside of the EEA