How We Use Your Information

 

General Practice Privacy Notice – summary version
 

This privacy notice explains why the GP Practice collects information about you, and how that information may be used. 

As data controllers, GPs have fair processing responsibilities under the GDPR (General Data Protection Regulation) and the Data Protection Act 1998. This means ensuring that your personal data is handled in ways that are transparent and that you would reasonably expect.  The Health and Social Care Act 2012 changes the way that confidential data is processed. It is important that you are made aware of these changes, understand that you can object to certain uses and how to do so.

Records we hold

The health care professionals who provide you with care maintain records about your health and treatment.  These records may be electronic, paper, or both and various measures are employed to ensure the security of your records.  The information contained in the records is used for your direct care and kept confidential.  However, we may be required to disclose your personal information if it is required by law, is justified in the public interest, or you consent for the use for other purposes.

Data sharing

Your data may also be shared with other healthcare professionals who provide you with care through local integrated care services.  Your permission to share your data between the services will be requested, although refusing permission may impact your care.  If this is the case your doctor will be able to explain how this could affect your care.

Other reasons why your data may be disclosed are for statistical purposes where the information will not be able to identify you, or for research purposes for which your consent will be requested.  Under the Health and Social Care Act 2012 the Health and Social Care Information Centre can request personal confidential information from your GP practice without asking for your consent first. 

Risk Stratisfication

Your GP is encouraged to use a process called Risk Stratification to identify patients who may require additional care due to long term conditions.  The information is used to help support patient care and prevent unnecessary hospital admissions.

Opt out

If you do not want your data used for these purposes you may object by contacting the practice who will explain how you can prevent your data being used in this way. 

Confidentiality

We are committed to protecting your privacy and will only use data collected lawfully in accordance with the GDPR, Data Protection Act 1998, Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.  The only staff who have access to your data are those with a legitimate reason to do so, and your records are controlled by multiple levels of security. 

Right of Access

The GDPR gives you the right to view or access information that the GP Practice holds about you.  This is known as ‘the right of subject access’. Under this right you are entitled to have a description of the information, explanation of why it is held, who it could be disclosed to and you are entitled to a copy of the information.  If you would like to make a ‘subject access request’, please contact the practice manager in writing. 

Additional Information

The practice is registered as a data controller under the Data Protection Act 1998 – the registration number is Z6878620  and can be viewed online in the public register at ico.org.uk

If you would like further information about how your information is used by the GP Practice, please contact the practice manager or view the Fair Processing Notice and Practice Data Privacy Policy by selecting the links below.

 

Useful Links:

Freedom of Information Act 2000
Medical Interperability Gateway (MIG)
Fair Processing Notice
Practice Data Privacy Policy
Patient Access to Medical Records Policy
Records Management and Retention Policy