The surgery confidentially records details of your consultations, medication and letters on an electronic clinical system. This is only shared with other organisations with your consent, although some relevant information may be shared with other health professionals when we refer you for further treatment.
Reception and administrative staff may require access to your medical record in order to carry out their role. These members of staff are bound by the same rules on confidentiality as their clinical colleagues. Identifiable information about you will be shared with others in the following circumstances:
There have been developments to allow other healthcare professionals access to your records to improve the care you receive elsewhere.
Some data was uploaded to your Summary Care Record and this allowed hospitals and other healthcare providers, with your consent) to see limited but important information such as significant illnesses, repeat medication and allergies.
NHS England have also put a system in place to enable the NHS to use health information, sent from your record to a secure system along with your postcode and NHS number - but not your name. This allows those planning NHS services or carrying out medial research to use information from different parts of the NHS in a way which does not identify you.
If you have any concerns or wish to prevent this from happening, please let the practice know of visit the Care Data website page.
NHS Digital & Care
Strict information governance standards are in place to protect patient data. All of our staff are trained to observe confidentiality standards and comply with strict data operating procedures.
You have the right to object to your information being shared. Should you wish to opt out of data collection.
Type 1 opt-out prevents information being shared outside a GP Practice for purposes other than direct care. A type 2 opt-out prevents information being shared outside NHS Digital for purposes beyond an individual's direct care.
If you wish to have further advice or help please contact a member of our reception team.
General Data Protection Regulations
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous.
There are new protections for patient data:
Due to the Covid-19 pandemic there could be a delay of up to 90 days for all subject access requests
The Information Commissioner's Office has confirmed that penalties will not be issued for delays in fulfilling a subject access request.
Please click the following button to access our Online Services options
The General Data Protection Regulations allows you to find out what information is held about you including information held within your medical records, either in electronic or physical format. This is known as the “right of subject access”. If you would like to have access to all or part of your records, you can make a request in writing.
You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified. You should however be aware that some details within your health records may be exempt from disclosure, however this will in the interests of your wellbeing or to protect the identity of a third party.
If you wish to have access to your medical records, please contact the surgery. If you have reviewed your medical record (you can apply to do this on-line, see the Online Services tab) and wish to object or request a change to the information we hold please contact us.
Once completed you need to return the form to the practice in person, bringing a recognised form of photo-ID, such as a passport or driver's license with you, so we can verify your identity.
We define consent as “any freely given specific and informed indication of wishes by which the data subject signifies their agreement to personal data relating to them being processed.”
This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records. Individuals also have the right to withdraw their consent at any time.
The changes in GDPR mean that we must get explicit permission from patients when using their data, which is information that relates to a single person, such as diagnosis, name, age, earlier medical history etc. One of the considerations patients may make is about how their personal data is used and specifically whether it is shared, with consent, and under strictly controlled circumstances, with professionals outside the practice.
Privacy Notice One of the requirements of this legislation is that all organisations that hold personal data, whether that be data concerning patients, customers or employees, must make their policies and processes around personal information available in the form of a Privacy Notice.PRIVACY NOTICE
Your confidentiality is very important to us, all NHS staff are bound by law and a strict code of confidentiality and we have strict controls in place to protect your information.
The Surgery's Caldicott Guardian is responsible for ensuring patients' confidentiality is respected. The GDPR also requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office (ICO) and the practice is registered with them.
Our Data Protection Officer is TBA. Our Data Controller, responsible for keeping your information secure and confidential is the Practice Manager.