Practice Privacy Notice
This explains why information is collected about you and the ways in which this information may be used.
What information do we collect and use? | |
As your registered GP practice, we are the data controller for any personal data that we hold about you.
All personal data must be processed fairly and lawfully, whether it is received directly from you or from a third party in relation to the your care.
We will collect the following types of information from you or about you from a third party (provider organisation) engaged in the delivery of your care:
The information can include:
- ‘Personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes, but is not limited to name, date of birth, full postcode, address, next of kin and NHS number
- And
- ‘Special category / sensitive data’ such as medical history including details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations, supportive care arrangements, social care status, race, ethnic origin, genetics and sexual orientation.
- Your healthcare records contain information about your health and any treatment or care you have received previously (e.g. from an acute hospital, GP surgery, community care provider, mental health care provider, walk-in centre, social services). These records may be electronic, a paper record or a mixture of both. We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.
How your records are used to help you | |
Your records are used to guide and administer the care you receive. They ensure that:
- the professionals involved have accurate and up-to-date information on your needs and future care requirements
- relevant information is available, should you need to see another professional, or be referred to specialist NHS services
- there is a good basis for assessing the quality of the care your receive
- your concerns can be properly investigated, should you need to complain
How your records are used to help the NHS | |
Your information may also be used to help us:
- make sure that our services can meet everyone’s needs in the future
- prevent fraud
- review and monitor the overall quality of care we provide, to make sure it is of the highest standard
- train and educate our staff.
- In order to comply with its legal obligations this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Act 2012. This practice contributes to national clinical audits and will send the data which are required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form, for example, the clinical code for diabetes or high blood pressure.
- This practice contributes to medical research and may send relevant information to medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.
How we keep your records confidential | |
This practice is committed to protecting your privacy and will only use information that has been collected lawfully. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.
Information is not held for longer than is necessary. This practice will hold your information in accordance with the Records Management Code of Practice for Health and Social Care 2016.
Who are our partner organisations? | |
Your information may also, subject to strict agreements describing how it will be used, be shared with:
- other NHS organisations eg: hospitals, GPs etc
- 111 and Out of Hours Service
- Local Authority Departments, including Social Services and Education
- voluntary and other private sector care providers
Whilst this practice might share your information with the above organisations, we may also receive information from them to ensure that your medical records are kept up to date and so that your GP can provide the appropriate care.
How you can get access to your own health records | |
The Data Protection Act and General Data Protection Regulations allow you to find out what information is held about you including information held within your medical records. This is known as the “right of subject access”. If you would like to have access to all or part of your records, you can make a request in writing to the organisation that you believe holds your information. This can be your GP, or a provider that is or has delivered your treatment and care. You should however be aware that some details within your health records may be exempt from disclosure, however this will in the interests of your wellbeing or to protect the identity of a third party.
This practice may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. We will contact you if we are required to share your information for any other purpose which is not mentioned within this notice
You have the right to write to withdraw your consent at any time for any particular instance of processing, provided consent is the legal basis for the processing.
In the event that you feel this practice has not complied with the current data protection legislation, the Data Protection Officer for this practice is:
Liane Cotterill
Senior Governance Manager & Data Protection Officer
North of England Commissioning Support
Teesdale House
Westpoint Road
Thornaby
Stockton-on-Tees
TS17 6BL
Alternatively, you can use the following email: NECSU.IG@nhs.net
If you remain dissatisfied with the response you can contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wimslow, Cheshire SK9 5AF – Enquiry Line: 01625 545700 or online at www.ico.gov.uk