How we use your information
This document explains why we collect your information and how that information may be used.
The Health and Social Care Act 2012 and Privacy Laws of 2018 have altered the way that your personal confidential data is handled. Consequently, you must be aware and understand these changes and that you have the opportunity to object and understand how to exercise that right.
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare.
NHS health records may be processed electronically, on paper or a mixture of both, and through established working procedures and best practice coupled with technology we ensure your personal data is kept confidential and secure. Records held by us may include but not limited to, the following:
- Your personal data, such as address and next of kin
- Your history with us, such as appointments, vaccinations, clinic visits, etc
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations and referrals such as blood tests, x-rays, etc; and relevant information from other health professionals, relatives or carers
We obtain and hold data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. We can disclose your personal information if:
- It is required in respect of direct patient care
- It is required by law
- The government and various research bodies will request patient information for statistical and research purposes. In these instances, patient date is anonymised before it is sent so that individuals are not identified
Sometimes your information may be requested to be used for research purposes – the practice will always endeavour to gain your consent before releasing the information. You may choose to withdraw your consent to personal data being used in this way.
A patient can object to their personal information being shared with other health care providers but if this limits the treatment that you can receive then the doctor will explain this to you at the time.
Should you have any concerns about how your information is managed, or wish to opt out of any data collection at the Practice, please contact the practice, or your healthcare professional to discuss how the disclosure of your personal information can be limited.
Patients have the right to change their minds and reverse a previous decision. Please contact the practice , if you change your mind regarding any previous choice.
We will use limited information about individual patients when validating invoices received for your healthcare, to ensure that the invoice is accurate and genuine. This will be performed in a secure environment and will be carried out by a limited number of authorised CSU staff.
These activities and all identifiable information will remain with the Controlled Environment for Finance (CEfF) approved by NHS England. Where possible we will strive to use the NHS number as a quasi-identifier to preserve your confidentiality.
We may process your information to ensure that you benefit from good quality medicines and so you may make choice related to better health. This work is always done with your clinician in your GP practice.
We sometimes ask other partners to support in identification of groups of patients which would benefit from a clinical review. This is done by us searching our system for patients with certain markers. We would then contact those patients ad ask if they would like to participate. Once consent is given patients would be asked if they want to come in for a review.
Our Partner Organisations
We may need to share your information, subject to agreement on how it will be used, with the following organisations:
- Health & Social Care Information Centre (HSCIC)
- Specialist Trusts
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Commissioning Support Units
- Social Care Services
- Local Authorities
- Education Services
- Fire and Rescue Services
- Other ‘data processors’
Access to Personal Information Held About You
Under the Data Protection Act 1998, you have a right to access/view information we hold about you, and to have it amended or removed should it be inaccurate.
You can view the information we hold on you by accessing it online by visiting Patient Access.
Alternatively you can make a “Subject Access Request” in writing to the practice. You should allow 28 days for such a request and we will call you when it is ready to collect. We ask for the request in writing so that we can hold your written consent.
We are registered as a data controller under the Data Protection Act 1998. The registration can be viewed online in the public register at: www.ico.org.uk
How we keep your personal information confidential
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
All our staff, contractors and committee members operate in accordance with the requirements of the NHS Constitution and NHS Care Record Guarantee.
All of our staff, contractors and committee members also receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable where appropriate through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it, and even then we will only pass on the minimum necessary personal data. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information.
Changes to this Fair Processing Notice
We keep our Fair Processing Notice under regular review.