Your information, what you need to know
This privacy notice explains why we collect information about you, how that information may be used, how we keep it safe and confidential and what your rights are in relation to this. Practice Fair Processing Privacy Notice – V1.3
Why we collect information about you
Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare and help us to protect your safety.
We collect and hold data for providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form.
The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments.
Details we collect about you
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. from Hospitals, GP Surgeries, A&E, etc.). These records help to provide you with the best possible healthcare.
Records which this GP Practice may hold about you include the following:
- Details about you, such as your address and next of kin
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments,
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays,
- Relevant information from other health professionals, relatives or your carers
How we keep your information confidential and safe
Everyone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law. The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure information is kept confidential and receive regular training on how to do this.
The health records we use may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel.
We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 2018
- Human Rights Act
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
- Health and Social Care Act 2015
- And all applicable legislation
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on.
How we use your information
Improvements in information technology are also making it possible for us to share data with other healthcare organisations for providing you, your family and your community with better care. For example, it is possible for healthcare professionals in other services to access your record with your permission when the practice is closed. This is explained further in the Local Information Sharing section below.
Under the powers of the Health and Social Care Act 2015, NHS Digital can request personal confidential data from GP Practices without seeking patient consent for a number of specific purposes, which are set out in law. These purposes are explained below.
You may choose to withdraw your consent to personal data being shared for these purposes. When we are about to participate in a new data-sharing project we aim to display prominent notices in the Practice and on our website four weeks before the scheme is due to start.
Instructions will be provided to explain what you have to do to ‘opt-out’ of the new scheme. Please be aware that it may not be possible to opt out of one scheme and not others, so you may have to opt out of all the schemes if you do not wish your data to be shared.
You can object to your personal information being shared with other healthcare providers but should be aware that this may, in some instances, affect your care as important information about your health might not be available to healthcare staff in other organisations. If this limits the treatment that you can receive then the practice staff will explain this to you at the time you object.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS.
As part of our legal duties, this practice is required to;
- Maintain full and accurate records of the care and services we provide you
- Keep records about you confidential and secure
- Basic details such as address, date of birth and next of kin
- Contact we have had with you
- Notes and reports about your health
- Details and records about your treatment and care
Others may also need to use records about you to:
- Check the quality of care you are receiving
- Protect the health of the general public
- Keep track of NHS spending
- Help investigate any concerns or complaints you ask us to
- Teach students or staff
- Support health and social care research
Sometimes we share your information with third parties to support your care such as:
- Social care
- Community Health
- Clinical Commissioning Groups
- Mental Health Providers
- NHS Digital
When we are sharing information to support third parties in providing your care, we will work hard to ensure it is the minimum necessary and that it is done so securely and lawfully. We aim to ensure that we only use your personal information in a way that you would reasonably expect.
When we share information that is used for healthcare management or planning, this does not allow for you to be identified.
Sometimes we will be required to share information for other reasons;
- When required to by law
- We have special permission for health or research purposes (e.g. if you have agreed to take part in a research trial)
- There is a strong public interest (e.g. there is a risk of serious harm or crime)
You can choose not to have information that could identify you shared beyond your GP practice. You can also choose to prevent information that does not identify you from being shared for planning and research.
Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record. Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past.
If you have previously told your GP practice that you don’t want NHS Digital to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by NHS Digital from 29th April 2016 as instructed in a direction from the Secretary of State. It will remain in place unless you change it.
As the Secretary of State’s direction; this included the policy on how to apply opt-outs was not available before April 2016 it was not possible for NHS Digital to honour opt-outs made before this date. This means that information may have been shared without respecting these opt-outs between January 2014 and April 2016.
You can find more information on NHS Digital’s website:
Under Data Protection law, you have a right to;
- object to certain uses of your data
- to be provided with a copy information held about you
- that your information will not be used for direct marketing purposes
- have any incorrect information amended or erased
Please contact your surgery for any requests made in connection with these rights.
For a copy of your information;
- Your request must be made in writing to your surgery
- The surgery is required to respond to your request in writing within 40 days (a month from May 2018)
- You will need to give the surgery your full name, address, date of birth and NHS number
- You will be required to provide personal identification such as a driving licence or passport
Use of the Website
Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
We intend to protect the confidentiality, quality and integrity of your personal information and we have implemented appropriate technical and organisational measures to do so. These include staff training, up to date policies and procedures and working to align with national cyber security guidelines.
Cardiovascular Disease Prevention Audit
The CVDPREVENT Audit is a new national primary care audit being commissioned by NHS England to support the implementation of the NHS Long Term Plan, the annually negotiated General Medical Services contract and the national CVD Prevention programme. Six high- risk conditions for CVD are included in the audit: atrial fibrillation, high blood pressure, high cholesterol, diabetes, pre-diabetes, and chronic kidney disease. These conditions are major causes of CVD.
CVDPREVENT Audit will utilise an initial extract containing historical information and then rolling three monthly extracts of routinely recorded General Practice data, providing detailed insight into the diagnosis, investigation, and management of patients at risk of cardiovascular events. The data will be extracted for three cohorts: patients who have one of the six high-risk conditions, patients who have established CVD, and patients not in the first two cohorts but whose records contain entries indicating that they may have an undiagnosed high-risk condition. The extracts will include diagnostic codes, recording of risk factors such as smoking and alcohol, physical measurements such as blood pressure and body mass index (BMI), blood tests such as kidney function and cholesterol, as well as drug treatment and lifestyle interventions. To find out more and the benefits of CVD: CVD Audit 1.1
Data Provision Notice
Physical Health Checks for people with Severe Mental Illness (PHSMI)
NHS England has directed NHS Digital to collect and analyse data in connection with Physical Health Checks for people with Severe Mental Illness (referred hereafter to as “PHSMI”).
In 2016, the Five Year Forward View for Mental Health (MHFYFV) set out NHS England and NHS Improvement’s (NHSE/I) approach to reducing the stark levels of premature mortality for people living with severe mental illness (SMI) who die 15-20 years earlier than the rest of the population, largely due to preventable or treatable physical health problems.To ensure monitoring drives the right clinical behaviour, it is crucial that NHSE/I is able to monitor delivery of the full comprehensive SMI health check and to collect benchmarking information on the uptake of the corresponding relevant follow-up interventions and access to national cancer screening programmes. For farther information please visit: Physical Health Checks- V 1.0