How we use your personal information
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. Hospital, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice hold about you may include the following information;
Your records will be retained in accordance with the NHS Code of Practice for Records Management
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
Every member of staff who works for the Practice or another NHS organisation has a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any 3rd party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on for example Child/Adult Protection and Serious Criminal Activity.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations or receive information from the following organisations:-
You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required.
We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.
Third Party Processors
In order to deliver the best possible service, the practice will share data (where required) with other NHS bodies such as other GP practices and hospitals. In addition the practice will use carefully selected third party service providers. When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by third parties includes:
Further details regarding specific third party processors can be found below.
The safety and availability of your data is our utmost concern and we are confident that this approach will improve data security, integrity and performance.
Access to personal information
You have a right under the Data Protection Act to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:
Objections / Complaints
Should you have any concerns about how your information is managed at the GP, please contact the Practice Manager. If you are still unhappy following a review by the GP practice, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.org.uk).
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
The Data Protection Act requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
This information is publicly available on the Information Commissioners Office website www.ico.org.uk
The practice is registered with the Information Commissioners Office (ICO).
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is:
Robert Johnson, Practice Manager
Who are our partner software suppliers / businesses?
We use various software and organisations outside of the NHS to facilitate your healthcare. These are as follows:
|Can employees of the organisation access patient information?
|Telephone system – call recording onto a cloud-based server
|All the call recordings are recorded onto X-on’s cloud-based secure servers.
|EMIS / Egtons
|Clinical and online system that holds patient demographic and medical information
|The servers and the connection to the practice are encrypted, so EMIS staff are not able to access patient information in this way. EMIS support staff are able to dial in remotely with the consent of our staff for problem solving.
|Clinical software which holds patient letters and documents
|Docman support staff can remotely dial in with the consent of our staff for problem solving.
|Provides the platform for online consultations requests
|Patient data is encrypted, consultation information is stored in pseudonymised form on eConsult’s servers.
|SMS system between the practice and patients
|EMIS (clinical system) reference numbers are uploaded to the accuRx website. This website has an encrypted link to the patient database which is interrogated for the patient’s name and mobile number. accuRx employees would only have access to this identifiable information when troubleshooting.
accuRx also provides our COVID-19 vaccine appointment system.
|Docmail is an automated mailing agency which we use to send individual and group letters
|All letters are sealed in a labelled envelope.
Docmail employees will never have access to unsealed letters, as the software if automated.
|eMR is a software tool that assists us with creating insurance reports and fulfilling subject access requests
|Clinicians employed by eMR will carry out redaction work and read through of reports.
|Shred paper on which is printed patient or other confidential data
|Representative comes to the practice and collects our shredding bins full of paper. This is then disposed of off-site.
|MDU / MPS / MDDUS / NHS Resolution
|We will sometimes send by email or discuss by phone identifiable information when the organisation is supporting a GP in a patient complaint or litigation. Information will be redacted where possible.