GDPR – for Sunniside Practice 27th May 2020
How we use your information
Our GP Practice holds information about you and this document outlines how that information is used, with whom we may share that information, how we keep it secure (confidential) and what your rights are in relation to this.
What kind of information do we use?
- Details about you, such as address, and next of kin and carer information etc.
- Any contact the surgery has had with you such as appointments, clinic visits, emergency appointments and so on.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays etc.
- Relevant information from other HCPs, relatives or those who care for you.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you maybe used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided and to plan NHS services.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. We are a research active practice and occasionally, your information may be requested to be used for research purposes; this is usually in the form of anonymised information, however the practice or organisation concerned will always look to gain your consent before releasing any identifiable information.
The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS and what control patients can have over this.
The NHS Constitution https://www.gov.uk/government/publications/the-nhs-constitution-for-england establishes the principles and values of the NHS in England. It sets out rights to which patients, public and staff are entitled, and pledges which the NHS is committed to achieve , together with responsibilities, which the public, patients and staff owe to one another to ensure that the NHS operates fairly and effectively.
What do we use your personal and confidential/sensitive information for?
We can only use any information that may identify you (known as personal information) in accordance with the Data Protection Act 1998 and other laws such as the Health and Social Care Act 2012. http://www.legislation.gov.uk/ukpga/1998/29/contents and http://www.legislation.gov.uk/ukpga/2012/7/contents/enacted , however only the minimum necessary identifiers are used in processing personal information for the purpose. We also have a Common Law Duty of Confidentiality to protect your information. This means that where a legal basis for using your personal or confidential information does not exist, we will not do so.
Apart form direct healthcare, sensitive personal information may also be used in the following cases:
- To respond to patients
- We have received consent from individuals to be able to use their information for a specific purpose.
- There is an over-riding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime.
- There is a legal requirement that will allow us to use or provide information (e.g. a formal court order)
- For the health and safety of others, for example to report an infectious disease such as meningitis or measles.
- We have special permission for health and research purposes ( granted by the Health Research Authority)
We have special permission called a “section 251 agreement” (section 60 of the Health and Social Care Act 2001 as re-enacted by section 251 of the NHS Act 2006) which allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for defined medical purposes. An example of where this is used is in risk stratification. Further information can be found on the Health Research Authority’s website here http://www.hra.nhs.uk/about-the-hra/our-committee/section-251/what-is-section-251
Risk stratification tools are increasingly being used in the NHS to help determine a person’s risks of suffering from a particular condition, preventing an unplanned or (re)admission and identifying a need for preventative intervention. Information about you is collected from a number of sources including NHS trusts and from this GP Practice. A risk score is then arrived at through an analysis of your anonymised information using software managed by North of England Commissioning Support Service (NECS), which is based at John Snow House, Durham, DH1 3YG. The data is provided back to the GP Practice or member of your care team in an identifiable form. Risk stratification enables your GP Practice to focus on the prevention of ill health and not just the treatment of sickness. If necessary, your GP Practice maybe able to offer you additional services.
Should you have an concerns about how information is managed at your GP Practice, please write to Susan Hay, Practice Manager so you can discuss how the disclosure of your personal information can be limited.
How do we maintain confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioners Office), Huma Rights Act, the Common Law Duty of Confidentiality and the NHS Codes of Confidentiality and Security.
Every member of staff who works for an NHS Organisation has a legal obligation to keep information about you confidential. Anyone who received information from an NHS Organisation has a legal duty to keep it confidential.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your case have a genuine need for it. We will not disclose you information to any third party without you permission unless there are exceptional circumstances (e.g life or death situations) or where the law requires information to be passed on.
The NHS Digital Code of Practice on Confidential Information applies to all staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All practice staff are expected to make sure information is kept confidential and receive annual training on how to do this. This is monitored by the practice and can be enforced through disciplinary procedures.
We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see od make sense of it)
We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where information that could or does identify a person is processed.
Who are our Partner Organisations?
We may also have to share you information, subject to strict agreements on how it will be used, with the following organisations:
- · NHS Trusts
- · Specialist Trusts
- · Independent Contractors such as Dentists, Opticians & Pharmacists
- · Private Sector Providers
- · Voluntary Sector Providers
- · Ambulance Trusts
- · Clinical Commissioning Groups
- · Social care and Health
- · Local Authorities
- · Education Services
- · Fire and Rescue Services
- · Police
- · Other Data Processors
What are your rights?
Where information from which you can be identified is held, you have the right to ask to:
- View this or request copies of the records by making a subject access request
- Request information is corrected
- Have the information updated where it is no longer accurate
- Ask us to stop processing information about you where we are not required to do so by law – although we will first need to explain how this may affect the care you receive.
Access to Personal Information
You have the right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as “The right of subject access” if we do hold information about you we will:
- Give you a description of it
- Tell you why we are holding it
- Tell you who it could be disclosed to, and
- Let you have a copy of the information in an intelligible form
- If you would like to make a “subject access request” please do so in writing to the Reception Manager/ Reception Supervisor
Summary Care Records (SCR)
The Summary Care Record is a national scheme to share information about the medicine you are prescribed and any allergies or other adverse reactions you have experienced. Health Professionals at other organisations will only be able to access this information with your permission. You can opt out of the scheme, please ask at the surgery if you need more information or follow the appropriate link on our website.
Summary Care Record with Additional Information
This is a national scheme to share more detailed information including your current medical problems and your care wishes. Health professionals at other organisations will only be able to access this information with your permission. This information will be shared unless you tell us in writing that you don’t want us to share it. You can opt out of this scheme — Please ask at reception for the relevant forms.
Your right to withdraw consent
If you are happy for your data to be extracted and used for the purposes described in this Fair Processing Notice, then you do not need to do anything.
If you do not want your personal data being extracted and used for the purposes described in this Fair Processing Notice, then you need to let us know as soon as possible; Please ask at reception for the relevant forms.
Please note that withdrawing your consent from sharing my data may, In some circumstances, cause a delay in your receiving care.
How long do you hold information for?
All records held by the practice will be kept for the duration specified by the national guidance from the Department of Health, The Records Management Code of Practice for Health and Social Care 2015. Confidential Information is securely destroyed in accordance with this code of practice.
Your right to opt out
In some instances, you are allowed to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. To support this, patients are able to register objections with the GP Practice to either prevent their identifiable data being released outside of the GP Practice (known as a Type 1 objection) or to prevent their identifiable data being from any health and social care setting being released by NHS Digital (known as a Type 2 objection) where in either case it is for purposes other than direct patient care. If your wished cannot be followed, you will be told the reasons (including the legal basis) for that decision. There are certain circumstances where a person is unable to opt out but these are only where the law permits this such as in adult or children’s safeguarding situations.
You have a right in law to refuse or withdraw previously granted consent to the use of your personal information. There are possible consequences of not sharing such as the effect this may have on your care and treatment but these will be explained to you to help with making your decision.
If you wish to exercise your right to opt out please ask at reception for the relevant forms. If you would like to speak to somebody to understand what impact this may have, if any, please contact the Susan Hay, The Practice manager.
Complaints or Questions?
We try to meet the highest standards when collating and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. Please contact Susan Hay, Practice Manager, should you have any such concerns.