CarersPolicySS

The practice area has recently changed. The Burnopfield area is no longer in our practice
area. This means that if you are already our patient and living in Burnopfield you will remain
our patient and we will continue to provide all the services that you currently receive.
However, if you move to Burnopfield or from your present address in Burnopfield, to
another house in Burnopfield you will not be able to stay on our list and therefore will
have to register at another practice.
Patients who are not living in Burnopfield and move into the Burnopfield area will not be
able to stay as our patients at this practice.
There are a number of services which are very difficult to provide satisfactory healthcare
for patients who live in County Durham area, but are registered with a Gateshead General
Practitioner. In particular mental health and dementia services are not available; as the
Gateshead services for patients with these conditions are not entitles to the home visit
aspect of the care package as they live outside of the Gateshead area.
Unfortunately, the Durham dementia service will not take on patients who live in
Burnopfield, if they are registered with a Gateshead GP. This also applies for children and
adults of working age who require hospital based mental health services. We have been
trying to do something about this and are continuing to do so.
There is further information on the website or you can enquire from our Practice Manager.
Dr Kath Mather
Dr H Murrell
Susan Hay (Practice Manager)

ChaperonePolicy SS

We accept and appreciate that on occasions you may not be satisfied with the care provided we do follow the NHS Complaints Procedure. Please contact Mrs S Hay, our Practice Manager or a Mrs Joy Lenny for more information.

Our aim is to offer family medicine of the highest quality. This does not mean we are perfect and from time to time things may go wrong. If you are unhappy with the care you have received from us it is always better to talk to us about it in the first instance. Contact our Practice Manager a Mrs Susan Hay or the Head Receptionist Mrs Joy Lenny on 0191 4883200 who will inform you of our complaints procedure.

Alternatively, if you feel you are not satisfied with the above, you can contact:

NHS England

By post to:

NHS England

PO Box 16738

Redditch

B97 9PT

By email to england.contactus@nhs.net(mailto:england.contactus@nhs.net )

If you are making a complaint when emailing please make sure it is stated so in the subject line.

By telephone: 0300 311 22 33

Confidentiality Code of Practice SS

Data Security Protection Policy

Equality Diversity Policy SS

This fair processing notice explains why our Surgery collects information about you and how that information may be used and shared.

The employees and partners of the Surgery use electronic and paper records to create and maintain an in-depth history of your NHS medical care at the Surgery and elsewhere, to help ensure you receive the best possible healthcare. Anyone who accesses your data within the practice can only do so using a “smartcard” that identifies them and what they access creating an auditable trail.

We comply with the General Data Protection Regulations May 2018 (GDPR), which replaced the Data Protection Act 1998 (DPA) in ensuring your personal information is as confidential and secure as possible.

What Information Do We Hold?

Records which this GP Surgery holds about you may include the following information:

• Details about you, such as your address, legal representative, emergency contact details.
• Any contact the Surgery has had with you, such as appointments, telephone conversations, house visits and letters.
• Notes and reports about your physical (including sexual) and mental health.
• Details about your treatment and medications.
• Results of investigations such as laboratory tests, x-rays etc.
• Relevant information from other health professionals, relatives or those who care for you.
• Reports from social services such as child protection reports or police reports if relevant to the care of you or your family.
• Private reports sent, at your request, to other organisations.

Confidentiality

We are committed to protecting your privacy and will only use the information collected lawfully in accordance with the GDPR 2018, Human Rights Act, the Common Law Duty of Confidentiality and the NHS Codes of Confidentiality and Security.

All our staff and contractors receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you, if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on and / or in accordance with the new information sharing principle i.e. “The duty to share information can be as important as the duty to protect patient confidentiality”. This means that health and social care professional should have the confidence to share information in the best interest of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.

Your information may be used with the Surgery for clinical audit to monitor the quality of the service provided or ensure we are providing appropriate care.

Sharing Your Data Outside The Practice

Information held about you may be used to help protect the health of the public and to help the Department of Health manage the NHS. Some of this information will be extracted and held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.

We currently only share information from your records on an individual basis either by fax, letter or courier. It has now also become possible to share your GP records electronically between other NHS organisations.

We will only allow this to happen with your consent, so that you are able to allow doctors, nurses and other Health & Social Care Services to see all the information held on your GP records.

The following are examples of the types of organisations that we are likely to share information with:

• NHS and Specialist Hospitals, Trusts
• Independent Contractors such as dentists, opticians, pharmacists
• Private and Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups and NHS England
• Social Care Services and Local Authorities

Any patient can choose to withdraw their consent to their data being used in this way. A patient can object to their personal information being shared with other health care providers but if this limits the treatment that you can receive then the doctor will explain this to you at the time.

Risk Stratification

Risk stratification is a process for identifying and managing patients who are at a higher risk of emergency hospital admission. This may be because patients have a long term condition such as COPD, cancer or are more frail. NHS England encourage Doctors to use stratification tools as part of their local strategies for supporting patients with long-term conditions and help reduce the patients’ risk of hospital admissions.

Information about you is collected from a number of sources including NHS Trusts and from this Surgery. Your risk is then “scored” after analysis of your anonymous information using computer programmes. Your information is only provided back to your Doctor or a member of your health care team in an identifiable form. Risk stratification enables your Doctor to focus on the prevention of ill health and not just treatment of sickness.

National Data Extractions (Also known as GPES)

The Health and Social Care Act 2012 allows NHS Digital to collate personal confidential data from your Surgery without seeking your specific consent. This is extracted in order to make increased use of information from medical records and either used just by the NHS with the intention of improving healthcare and the quality of care delivered to patients or may be sold to external companies such as university’s or commercial organisations. Please see below if you do not want your data used in this way.

More information about how NHS Digital uses your data can be found at: http://content.digital.nhs.uk/gpes

What If I Want To See My Records?

You have the right under the General Data Protection Regulations (GDPR) to access/view information that the Surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as “the right of subject access”. We are very keen for you to have access to help you manage your own health and maintain the quality of the records about your health. With some provisos, we are now able to give most adults access to their records on-line if they wish. If you would like access on-line, please ask our reception staff.

You can also request a copy of your records in paper form, if you wish to do this; you will need to do the following:

• Make a request in writing to the Doctor at the Surgery or for information from the hospital you should write direct to them.
• There will be a charge to have a printed copy of the information held in your notes
• We are required to respond within 40 days to your request.
• You will need to give adequate information (your full name, address, date of birth and NHS Number) so that your identity can be verified and your records located.

What If I Want To See Who Has Accessed My Records?

You can look at your GP Shared Record History on Patient Access to find our when your GP computer records have been accessed. All you need is your username and password that you were given when you registered for ordering repeat medication and appointments on line. If you do not have this then please register at lapworthsurgery.co.uk and the tab do it online. (If you have chosen to have sharing functionality disabled this will not be available). This only covers instances where your computer records have been accessed outside your Doctors Surgery for direct care purposes, i.e. it does not cover access by your own Doctor, and it does not cover the data that gets copied for research and to NHS Digital.

Notification

The General Date Protection Regulations (GDPR) requires organisations to register a notification with the Information Commissioner to describe the purpose for which they process personal and sensitive information.

This information is publicly available on the Information Commissioners Office website:  www.ico.org.uk

The Surgery is registered with the Information Commissioners Office (ICO) as a data controller under the GDPR

Objections / Complaints

Should you have any concerns about how your information is managed at the Surgery, please contact the Practice Manager a Mrs S Hay on 0191 4883200.If you are still unhappy following a review by the Surgery, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.gove.uk).

If you are happy for your data to be extracted and used for the purposes described in this fair processing notice then you do not need to do anything.

If you do not want your personal data being extracted and leaving the Doctors Surgery for any of the purposes described, you need to let us know as soon as possible so please speak to one of our reception staff.

There are 3 levels of opt-out to prevent your data being shared. Each opt-out requires the Surgery to add a different code to your medical records. (Please be aware that certain regulation such as child protection and court orders may over-rule your choices).

1. You do not want your data to leave the Surgery even for direct patient care.
2. You are happy to share your data for your care but do not want NHS Digital extracting your data.
3. You are happy to share your data for your care and improving public health but do not want NHS Digital selling or sharing your data to third parties.

All patients have the right to change their minds and reverse a previous decision. Please contact the Surgery on 0191 488 3200 if you change your mind regarding any previous choice.

GDPR –Privacy Notice for Sunniside Practice  27th May 2020

How we use your information

Our GP Practice holds information about you and this document outlines how that information is used, with whom we may share that information, how we keep it secure (confidential) and what your rights are in relation to this.

What kind of information do we use?

Details about you, such as address, and next of kin and carer information etc.

Any contact the surgery has had with you such as appointments, clinic visits, emergency appointments and so on.

Notes and reports about your health

Details about your treatment and care

Results of investigations such as laboratory tests, x-rays etc.

Relevant information from other HCPs, relatives or those who care for you.

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you maybe used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided and to plan NHS services.

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. We are a research active practice and occasionally, your information may be requested to be used for research purposes; this is usually in the form of anonymised information, however the practice or organisation concerned will always look to gain your consent before releasing any identifiable information.

The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS and what control patients can have over this.

The NHS Constitution https://www.gov.uk/government/publications/the-nhs-constitution-for-england establishes the principles and values of the NHS in England. It sets out rights to which patients, public and staff are entitled, and pledges which the NHS is committed to achieve , together with responsibilities, which the public, patients and staff owe to one another to ensure that the NHS operates fairly and effectively.

What do we use your personal and confidential/sensitive information for?

We can only use any information that may identify you (known as personal information) in accordance with the Data Protection Act 1998 and other laws such as the Health and Social Care Act 2012. http://www.legislation.gov.uk/ukpga/1998/29/contents and http://www.legislation.gov.uk/ukpga/2012/7/contents/enacted , however only the minimum necessary identifiers are used in processing personal information for the purpose. We also have a Common Law Duty of Confidentiality to protect your information. This means that where a legal basis for using your personal or confidential information does not exist, we will not do so.

Apart form direct healthcare, sensitive personal information may also be used I the following cases:

To respond to patients

We have received consent from individuals to be able to use their information for a specific purpose.

There is an over-riding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime.

There is a legal requirement that will allow us to use or provide information (e.g. a formal court order)

For the health and safety of others, for example to report an infectious disease such as meningitis or measles.

We have special permission for health and research purposes ( granted by the Health Research Authority)

We have special permission called a “section 251 agreement” (section 60 of the Health and Social Care Act 2001 as re-enacted by section 251 of the NHS Act 2006) which allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for defined medical purposes. An example of where this is used is in risk stratification. Further information can be found on the Health Research Authority’s website here http://www.hra.nhs.uk/about-the-hra/our-committee/section-251/what-is-section-251

Risk Stratification

Risk stratification tools are increasingly being used in the NHS to help determine a person’s risks of suffering from a particular condition, preventing an unplanned or (re)admission and identifying a need for preventative intervention. Information about you is collected from a number of sources including NHS trusts and from this GP Practice. A risk score is then arrived at through an analysis of your anonymised information using software managed by North of England Commissioning Support Service (NECS), which is based at John Snow House, Durham, DH1 3YG. The data is provided back to the GP Practice or member of your care team in an identifiable form. Risk stratification enables your GP Practice to focus on the prevention of ill health and not just the treatment of sickness. If necessary, your GP Practice maybe able to offer you additional services.

Should you have an concerns about how information is managed at your GP Practice, please write to Susan Hay, Practice Manager so you can discuss how the disclosure of your personal information can be limited.

How do we maintain confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioners Office), Huma Rights Act, the Common Law Duty of Confidentiality and the NHS Codes of Confidentiality and Security.

Every member of staff who works for an NHS Organisation has a legal obligation to keep information about you confidential. Anyone who received information from an NHS Organisation has a legal duty to keep it confidential.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your case have a genuine need for it. We will not disclose you information to any third party without you permission unless there are exceptional circumstances (e.g life or death situations) or where the law requires information to be passed on.

The NHS Digital Code of Practice on Confidential Information applies to all staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All practice staff are expected to make sure information is kept confidential and receive annual training on how to do this. This is monitored by the practice and can be enforced through disciplinary procedures.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see od make sense of it)

We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where information that could or does identify a person is processed.

Who are our Partner Organisations?

We may also have to share you information, subject to strict agreements on how it will be used, with the following organisations:

• ·        NHS Trusts
• ·        Specialist Trusts
• ·        Independent Contractors such as Dentists, Opticians & Pharmacists
• ·        Private Sector Providers
• ·        Voluntary Sector Providers
• ·        Ambulance Trusts
• ·        Clinical Commissioning Groups
• ·        Social care and Health
• ·        Local Authorities
• ·        Education Services
• ·        Fire and Rescue Services
• ·        Police
• ·        Other Data Processors

What are your rights?

Where information from which you can be identified is held, you have the right to ask to:

• ·        View this or request copies of the records by making a subject access request
• ·        Request information is corrected
• ·        Have the information updated where it is no longer accurate
• ·        Ask us to stop processing information about you where we are not required to do so              by law – although we will first need to explain how this may affect the care you                        receive.

Access to Personal Information

You have the right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as “The right of subject access” if we do hold information about you we will:

• ·        Give you a description of it
• ·        Tell you why we are holding it
• ·        Tell you who it could be disclosed to, and
• ·        Let you have a copy of the information in an intelligible form
• ·        If you would like to make a “subject access request” please do so in writing to the                  Reception Manager/ Reception Supervisor

Summary Care Records (SCR)

The Summary Care Record is a national scheme to share information about the medicine you are prescribed and any allergies or other adverse reactions you have experienced. Health Professionals at other organisations will only be able to access this information with your permission. You can opt out of the scheme, please ask at the surgery if you need more information or follow the appropriate link on our website.

Summary Care Record with Additional Information

This is a national scheme to share more detailed information including your current medical problems and your care wishes. Health professionals at other organisations will only be able to access this information with your permission. This information will be shared unless you tell us in writing that you don’t want us to share it. You can opt out of this scheme — Please ask at reception for the relevant forms.

Your right to withdraw consent

If you are happy for your data to be extracted and used for the purposes described in this Fair Processing Notice, then you do not need to do anything.

If you do not want your personal data being extracted and used for the purposes described in this Fair Processing Notice, then you need to let us know as soon as possible; Please ask at reception for

The relevant forms.

Please note that withdrawing your consent from sharing my data may, In some circumstances, cause a delay in your receiving care.

How long do you hold information for?

All records held by the practice will be kept for the duration specified by the national guidance from the Department of Health, The Records Management Code of Practice for Health and Social Care 2015. Confidential Information is securely destroyed in accordance with this code of practice.

Your right to opt out

In some instances, you are allowed to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. To support this, patients are able to register objections with the GP Practice to either prevent their identifiable data being released outside of the GP Practice (known as a Type 1 objection) or to prevent their identifiable data being from any health and social care setting being released by NHS Digital (known as a Type 2 objection) where in either case it is for purposes other than direct patient care. If your wished cannot be followed, you will be told the reasons (including the legal basis) for that decision. There are certain circumstances where a person is unable to opt out but these are only where the law permits this such as in adult or children’s safeguarding situations.

You have a right in law to refuse or withdraw previously granted consent to the use of your personal information. There are possible consequences of not sharing such as the effect this may have on your care and treatment but these will be explained to you to help with making your decision.

If you wish to exercise your right to opt out please ask at reception for the relevant forms. If you would like to speak to somebody to understand what impact this may have, if any, please contact the Susan Hay, The Practice manager.

Complaints or Questions?

We try to meet the highest standards when collating and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. Please contact Susan Hay, Practice Manager, should you have any such concerns.

NHS England require that net earnings of doctors engaged in the Practice is publicised, and the required disclosure is shown below. However it should be noted that the prescribed method for calculating earnings potentially misleading because it takes no account of how much time doctors spend working in practice, and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.

All GP practices are required to declare the mean earnings (e.g.average pay) for GPs working to deliver NHS services to patients at each practice.

The average pay for GPs working in the practice in the last full financial year was £32,080 before Tax and National insurance. This is for zero full time GPs, four part time GPs and one locum GP who worked in the practice for more than six month.

ICO Registration No: Z4998868

Data Protection Officer:
Liane Cotterill

Email: NECSU.IG@nhs.net

Caldicott Guardian:

Dr Kath Mather

Senior Information Risk Owner:

Susan Hay

Dr Kath Mather

Changes

We have updated this document on 26 May 2020 and made the following changes:

• The GDPR removes the requirement for health and care organisations to explicitly seek your permission to view the shared record where it is for the purposes of direct care. Whilst we believe that it remains best practice to advise you when they will view the shared record, we cannot enforce this. Therefore, to reduce the risk of a misunderstanding, we have added a statement that if you have asked us to refer you to another service or you self-refer to a service, you are acknowledging that you have given permission for them to access the shared record for the purposes of direct care.  You still have the right to opt-out by informing us in writing
• We have added a comment that by being registering with the practice, you have given us permission as your care co-ordinator to seek information from other organisations, including by the Great North Care Record, where necessary and where it is for the purposes of direct care. You still have the right to opt-out by informing us in writing
• We have added a section about primary care networks and what this means for you

Introduction

This document has been created to explain to you the types of personal data we hold about you and how we may use this information for the benefit of your health and wellbeing. The document advises you on how we allow your health record to be made available to other organisations, across a variety of healthcare and other settings.

How we use your information

Sunniside Surgery aims to ensure the highest standard of medical care for our patients. To do this we keep records about you, your health and the care we have provided or plan to provide to you. This document outlines how that information is used, with whom we may share that information, how we keep it secure (confidential) and what your rights are in relation to this.

The Health Care Professionals (HCP) who provides you with care, maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP surgery, Community clinics or staff etc.). These records help to provide you with the best possible healthcare, and:

• Provide a basis for all health decisions made by HCPs with and for you;
• Make sure your care is safe and effective;
• Work effectively with others providing you with care.

NHS health records may be electronic, on paper or a mixture of both and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.

What kind of information do we use?

As your registered GP practice, we hold your electronic health record. This contains sensitive information about you, your health and your wellbeing. The following list provides an example of the type of information (both past and present) that can be held within your record:

• Demographic details about you and contact details (name, date of birth, address, telephone number, email address, gender, sex, religion, marital status etc.)
• Any contact the surgery has had with you such as appointments, clinic visits, emergency appointments, consultations and so on
• Notes and reports about your health
• Details about your treatment and care including diagnoses (this can include physical disabilities and mental health conditions)
• Medication, vaccinations, pathology results (e.g. blood tests) and allergies
• Social care involvement
• Results and investigations
• Hospital correspondence and correspondence from other health and social care settings (including x-rays, discharge letters and referrals)
• Relevant information from other HCPs, relatives or those who care for you
• Relationships/next of kin/carer information etc.

To ensure you receive the best possible direct care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided and to plan NHS services.

Some of this information will be held centrally and used for statistical purposes, such as NHS performance and activity. Where we do this, we take strict measures to ensure that individual patients cannot be identified.

Sometimes your information may be requested to be used for research purposes – the organisation will always endeavour to gain your consent before releasing the information.

Information may be requested for financial validation and Care Quality Commission purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. During Care Quality Commission inspections, the inspectors are required to review random patient records.

We may also process your information when investigating concerns, complaints or legal claims. It could also be used to help staff to review the care they provide to make sure it is of the highest standards, training and educating staff.

The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS and what control patients can have over this.

The NHS Constitution establishes the principles and values of the NHS in England. It sets out rights to which patients, public and staff are entitled, and pledges which the NHS is committed to achieve, together with responsibilities, which the public, patients and staff owe to one another to ensure that the NHS operates fairly and effectively.

We do use automated searches and processes that utilise the information you have shared with us for the purpose of improving your care. Examples might include: producing reminders for reviews or to prompt where you may benefit from additional testing. With very few exceptions (eg the annual flu invitation campaign), these prompts are reviewed by a member of staff to validate them.

What do we mean by direct care?

The term ‘direct care’ means a clinical health activity concerned with the prevention and investigation and treatment of illness. It includes supporting your ability to function and improve your participation in life and society. It also includes the assurance of safe and high quality care and treatment undertaken by one or more registered and regulated health or social professionals and their team with whom you have a legitimate relationship for your care purposes.

What do we use your personal and confidential/sensitive information for?

We are committed to protecting your privacy and will only use information that may identify you (known as personal information) in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), the Data Protection Act 2018, other laws such as the Health and Social Care Act 2012. And http://www.legislation.gov.uk/ukpga/2012/7/contents/enacted, and Article 8 of the Human Rights Act, however only the minimum necessary identifiers are used in processing personal information for this purpose. We also have a Common Law Duty of Confidentiality to protect your information. This means that where a legal basis for using your personal or confidential information does not exist, we will not do so.

Apart from direct health care sensitive personal information (including special categories of data) may also be used in the following cases:

• To respond to patients, carers or Member of Parliament communication.
• We have received consent from individuals to be able to use their information for a specific purpose.
• There is an over-riding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime.
• There is a legal requirement that will allow us to use or provide information (e.g. a formal court order, notification of infectious disease).
• For the health and safety of others, for example to report an infectious disease such as meningitis or measles.
• We have special permission for health and research purposes (granted by the Health Research Authority).
• We have special permission called a ‘section 251 agreement’ (Section 60 of the Health and Social Care Act 2001 as re-enacted by Section 251 of the NHS Act 2006) which allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for defined medical purposes. An example of where this is used is in risk stratification. Further information can be found on the Health Research Authority’s web site

Legal basis

The Legal Basis for the Processing is covered under Article 6 (1)(e) of the General Data Protection Regulation where “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” and Article 9 (2)(h) where:

“Processing is necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee medical diagnosis the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional…”

How do we maintain confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679), Data Protection Act 2018 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality and the NHS Codes of Confidentiality and Security.

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who received information from an NHS organisation has a legal duty to keep it confidential. All persons in the practice sign a confidentiality agreement that explicitly makes clear their duties in relation to personal information and data concerning health, and the consequences of breaching that duty.

Please be aware that your information will be accessed by non-clinical practice staff in order to perform tasks enabling the functioning of the practice. These are, but not limited to:

• Typing referral letters to hospital consultants or other HCPs.
• Opening letters from hospitals and consultants.
• Scanning clinical letters, radiology reports and any other documents not available in electronic format.
• Photocopying or printing documents for referral to consultants.
• Handling, printing, photocopying and postage of medico legal and life assurance reports and of associated documents.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (e.g. life or death situations) or where the law requires information to be passed on.

The NHS Digital Code of Practice on Confidential Information applies to all of our staff, and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All practice staff is expected to make sure information is kept confidential and receive annual training on how to do this. This is monitored by the practice and can be enforced through disciplinary procedures.

We also ensure the information we hold is kept in secure locations, restrict access to information to authorised personnel only and protect personal and confidential information held on equipment such as laptops with encryption (which masks data so that unauthorised users cannot see or make sense of it).

To protect your confidentiality, we will not normally disclose any medical information about you over the telephone, or by email, unless we are sure that we are talking to you. This means that we will not disclose information to your family, friends and colleagues about any medical matters at all, unless we know that we have your consent to do so.

We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where information that could or does identify a person is processed.

We have a senior person responsible for protecting the confidentiality of patient information and enabling appropriate information sharing. This person is called the Caldicott guardian. The Caldicott Guardian for the practice is Dr Kath Mather, who can be contacted using the contact details at the top of this document. We also have a Senior Information Risk Owner (SIRO) who is responsible for owning the practice’s information risk. The SIRO is Susan Hay and Dr K Mather. The Data Protection Officer for the practice is detailed at the start of this policy. Their details can be found at the top of this notice .In addition to these statutory officers, the practice has a trained clinical safety officer, who is responsible for reviewing the risks associated with the digital software and hardware we use.

We are registered with the Information Commissioner’s Office (ICO) as a data controller which describes the purposes for which we process personal data. A copy of the registration is available from the ICO’s web site by searching on our practice name.

Sharing Information with Other Organisations

For Direct Care Purposes

Who are our Partner Organisations?

If you are referred to or attend another health or care organisation, we will share information with them in order that you receive the best and safest possible care. Examples of these organisations include:

• NHS Trusts
• Hospital Laboratories (when we send samples to the hospital lab, the results also become part of the hospital record and will be viewable by hospital staff if they are involved in your care now or in the future)
• Specialist Trusts
• Relevant GP Practices
• Urgent and Unscheduled Care (e.g. Out of Hours Medical Services, A&E, Minor Injury Units (MIU))
• Community services (e.g. physiotherapy, diabetic clinics, district nursing, rehabilitation centres)
• Community pharmacy
• Child health
• Palliative care
• NHS mental health services
• Independent contractors such as dentists, opticians, pharmacists
• Private sector providers such as hospitals, care homes, hospices, contractors providing services to the NHS.
• Voluntary sector providers who are directly involved in your care
• Ambulance Trusts
• Care services

Gateshead Inner West Primary Care Network

We are an active partner in the the Gateshead Inner West Primary Care Network. Primary Care Networks are an NHS imitative to help practices work together, by sharing resource and expertise, to improve the health and wellbeing of their patients.

As part of this initiative we have an additional data sharing agreement with the following practices:

• Chainbridge Medical Partnership
• Sunniside Surgery
• Teams Medical Practice
• The Whickham Practice
• Glenpark Surgery

Practices within the network will from time to time undertake work on each other’s behalf, which may include seeing patients and undertaking quality improvement work. This will involve being able to view the entire medical record. The practices are bound by the same codes of conduct and strict confidentiality rules.

Patients may opt out of his data sharing by informing the practice in writing but it will affect data sharing with community services and may affect the quality of care you receive from other organisations.

EMIS Shared Record

This practice operates a clinical computer system, EMIS Web, on which NHS staff record information securely. EMIS is a UK based company and all our information is stored in data centres in the UK that meet or exceed Government security requirements. Only persons on the secure, dedicated NHS network can access EMIS.

There is a sharing agreement in place with Gateshead Community Partnership (which provides community services such as the district nurses) so that everyone caring for you is fully informed about your relevant medical history.

Similarly, sharing agreements are in place with GP Extra Care and the GP out of Hours service, who offer both additional in hours and urgent out of hour’s appointments. As they are acting as our deputies, we will share information as though you were seeing a doctor in our practice; this information being necessary to provide you with the same level of care you expect from the practice.

To provide around the clock safe care, unless you have asked us not to, we will make information available to trusted organisations that also use EMIS Web locally. Wherever possible, staff will ask your consent before information is viewed, but by accessing the service or asking us to refer you, you are agreeing to the sharing of that information.

The practice can also access the EMIS Shared Record to view other organisations’ details. As your GP and therefore care co-ordinator, when you joined the practice there is implied consent for us to view information relevant to provide you with direct care.

You can opt out of the EMIS record sharing by informing the practice in writing, though this may affect the quality of care you receive if we cannot communicate effectively.

Summary Care Record (SCR)

The Summary Care Record is a national scheme linked to the central NHS secure network (“spine”) to share information about the medicines you are prescribed and any allergies or other adverse reactions you have experienced. This information is uploaded to a central NHS database automatically from the GP clinical record.

The spine is also used in practice for electronic transportation of referral letters to the hospital and medication requests to your nominated pharmacy.

Health Professionals at other organisations will only be able to access this information with your permission. This might be important if you need urgent medical care when the GP practice is closed. Out of Hours medical services can look at your SCR if they need to treat you when the practice is closed. They will ask for consent before they look at your records. In an emergency and if you are unconscious, staff may look at your SCR without your agreement to let them give you the best possible care. Whenever NHS staff looks at your SCR, a record will be kept so we can always check who has looked at your information. The general principle is that information is passed to these systems unless you request this does not happen, but that system users should ask for your consent before viewing your records.

You have the right to opt-out of having a summary care record by informing the practice in writing, though this can place your health at risk if that information is not available in an emergency.

Summary Care Record with Additional Information

This is a national scheme to share more detailed information including your current medical problems and your care wishes. Health Professionals at other organisations will only be able to access this information with your permission. This information will only be available to other agencies if you have given us your permission to share it.

Great North Care record (GNCR)

A local initiative to share health and care information in the North East. The information shared is similar to that in the Summary Care Record with Additional Information. Unlike the Summary Care Record, no information is transferred out of the GP clinical system or stored elsewhere. In the future, the practice will also be able to view information in other health and care organisations’ systems – as your care co-ordinators it is assumed that you have given us permission to view that information for the purposes of providing you care.

Health and Care Professionals at other organisations will normally ask your permission to access the shared record; however, by accessing the service whether by self – referral or by asking us to refer, it is assumed that you are agreeing to them accessing the shared record for the purposes of caring for you. More information about the GNCR and which organisations are involved can be found at: Great North Care Record /

Depending on their role, Health and Care Professionals can currently view:

• Demographic information
• Diagnoses and any other coded information
• Investigation Results
• Medication and allergies

They are unable to read consultation notes or any information that we have ‘locked’. You can ask for any information you consider to be sensitive to be locked.

You have the right to opt-out of allowing the GNCR to view your record summary by informing the practice in writing, though this can place your health at risk if that information is not available in an emergency. Note also that opting-out of the GNCR will also result in opting out of the EMIS Shared Record – the two systems share the same opt out code.

Medicines Management

The practice may conduct medicines management reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments. This service is provided by CBC Health Ltd, a not-for-profit organisation made up of local GP practices, of which Sunniside is a member.

Sharing for Purposes Other than Direct Care

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations. This will be anonymised where possible:

• Offender health (care providers within organisations such as Prisons and Custody Suites)
• Clinical Commissioning Groups
• Social Care and Health
• Local Authorities
• Education Services
• Fire & Rescue Services
• General Medical Council
• Medical Indemnity Companies
• Police
• Other data processors

Who else may ask to access your information?

The court can insist that we disclose medical records to them.

Solicitors also often ask for medical reports. These will always be accompanied by your signed consent for us to disclose information. We will not normally release details about other people that are contained in your records e.g. spouse, children, parent etc., unless we also have their consent.

Social Services may require medical reports on you from time to time. These will often be accompanied by your signed consent to disclose information. Failure to co-operate with these agencies can lead to loss of benefit or other support. However, if we have not received your signed consent we will not normally disclose information about you.

Other Government Departments such as the Department of Work and Pensions, or the DLVA, may ask for medical information. They will have sought consent as part of the process; the law currently requires us to provide information to them if they have assured us that they have your consent, we are not provided with a copy of that consent. We will supply only that information which is relevant and necessary.

Life assurance companies frequently ask for medical reports on prospective clients. These are always accompanied by your signed consent. We will only disclose the relevant medical information according to your consent. You have the right, should you request it, to see reports prepared for insurance companies or employers before they are sent.

Sharing your information without consent

We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:

• Where you have become hospitalised and the provider requires medical information such as medication.
• Where there is a serious risk of harm or abuse to you or other people;
• Where a serious crime, such as assault, is being investigated or where it could be prevented;
• Where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not sensitive information such as HIV/AIDS);
• Where a formal Court Order has been issued;
• Where there is a legal requirement, e.g. if you had committed a Road Traffic Offence.

Use of the practice website

The practice is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our website, and then you can be assured that it will only be used in accordance with this Fair Processing Notice?

You may choose to restrict the collection or use of your personal information in the following ways:

• Information you supply using any electronic form(s) on the practice website will only be used for the purpose(s) stated on the form.
• Your information will not be shared with third parties if you sign up to the practice website.

CCTV

CCTV is in operation in the building for the purposes of patient and public safety. Our CCTV policy is published separately and available at the bottom of this page.

Right of Access to your Health Information

The GDPR and DPA 2018 allow you to find out what information about you is held on a computer and in manual records. Where information from which you can be identified is held, you have the right to ask to:

• Be informed why, where and how we use your information.
• View this or request copies of the records by making a subject access request – also see below.
• Ask for your information to be corrected if it is inaccurate or incomplete.
• Ask for your non-health care related information to be deleted or removed where there is no need for us to continue processing it. Note that healthcare information is a special category and cannot be deleted
• Ask us to restrict the use of your information for non-direct care purposes or for any information we hold that is not part of your healthcare record.
• Ask us to transfer your information to another healthcare organisation
• Object to processing and ask us to stop processing information about you where we are not required to do so by law – although we will first need to explain how this may affect the care you receive.
• Be informed about any automated decision making and profiling if this were to be carried out. And challenge any decisions made without human intervention (automated decision making).
• Withdraw consent where relevant

These rights apply in circumstances where relevant conditions are met.

It is important that you tell us if any of your details such as your name, address or telephone number have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are kept accurate and up to date for you.

Access to personal information

You have a right under the GDPR and DPA 2018 to access/view what information the practice holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject accesses. If we do hold information about you, we will:

• Give you a description of it
• Tell you why we are holding it
• Tell you who it could be disclosed to, and
• Let you have a copy of the information in an intelligible form

We will normally provide you with access via our patient portal, unless you advise us that you do not have access to a computer.

Making a Subject Access Request

If you would like to make a ‘subject access request’, this can be accepted either verbally or, preferably for the avoidance of doubt and errors, in writing to the Practice.

• You will need to give us adequate information e.g. full name, address, date of birth, NHS number etc., to enable us to identify you and provide the correct information.
• You will be informed whether a charge will be made for printed copies (a charge will only be made in certain circumstances).
• You will receive a response within calendar one month. Where the request is excessive you will be informed if it will take longer for us to respond to your request.

The practice has a leaflet available on making a Subject Access Request; this is available on our website or please asks at reception if you require a copy.

Records Retention – How long do you hold information for?

All records will be retained in line with the Department of Health, The Records Management Code of Practice for Health and Social Care 2016 and will not be held for longer than necessary. This is available on the NHS Digital website at: NHS Records Management Code of Practice. Confidential information is securely destroyed in accordance with this code of practice. This complies with Article 5 of the GDPR Principle 5: kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.

You’re right to withdraw consent

If you are happy for your data to be extracted and used for the purposes described in this Fair Processing Notice, then you do not need to do anything.

If you do not want your personal data being extracted and used for the purposes described in this Fair Processing Notice, then you need to let us know as soon as possible in writing to the Practice.

Please note that withdrawing your consent from sharing data may, in some circumstances, cause a delay in your receiving care which may result in harm to your health or death if we or other organisations do not have a complete care record.

You’re right to opt out

In some instances, you are allowed to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. To support this, patients are able to register objections with the GP Practice to either prevent their identifiable data being released outside of the GP Practice (known as a Type 1 objection) or to prevent their identifiable data from any health and social care setting being released by NHS Digital (known as a Type 2 objection) where in either case it is for purposes other than direct patient care. If your wishes cannot be followed, you will be told the reasons (including the legal basis) for that decision. There are certain circumstances where a person is unable to opt out, but these are only where the law permits this, such as in adult or children’s safeguarding situations.

You have a right in law to refuse or withdraw previously granted consent to the use of your personal information. There are possible consequences of not sharing such as the effect this may have on your care and treatment but these will be explained to you to help with making your decision.

If you wish to exercise your right to opt-out, or to speak to somebody to understand what impact this may have, if any, please contact the Practice using the contact details at the top of this document.

What is the right to know?

The Freedom of Information Act 2000 (FOIA) gives people a general right of access to information held by or on behalf of public authorities, promoting a culture of openness and accountability across the public sector.

What sort of information can I request?

In theory, you can request any information that the practice holds about you, that does not fall under an exemption. Your request should be in writing for clarity and can be either posted or emailed to the practice.

We will inform you in advance if any work you request should it attract a fee.

Concerns about Sharing Your Information

If you have any concerns about how we use or share your information, or you do not wish us to share your information, then please contact the Practice.

Complaints or Queries

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. If you have any queries or concerns about how your information is managed at the practice, please contact the Practice.

Information will be held for the purposes of the complaint with your consent and will be used in the investigation and as part of any necessary enquiries.

If you have any further queries on the uses of your information, please contact:

Data Protection Officer
Liane Cotterill
Email: NECSU.IG@nhs.net

If you are not content with the outcome of your confidentiality and data protection concern / complaint raised with the practice you have the right to apply directly to the Information Commissioner’s Office for a decision.

Information Commissioner’s Office (ICO)

For independent advice about data protection, privacy, data sharing issues and your rights you can contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 or 44 1625 545 745 (outside UK)
Email: casework@ico.org.uk
Visit the ICO website here https://ico.org.uk/

Changes to this Fair Processing Notice

We keep our Fair Processing Notice under regular review. This Fair Processing Notice will be reviewed on an ongoing basis and changes will be posted on our website.

Useful Links:

Information Commissioners Office for more information regarding the Data Protection Act

Sunniside Surgery

7-8 Dewhurst Terrace

Sunniside

Newcastle upon Tyne

Ne16 5LP

Telephone number 0191 4883200

How the NHS and care services use your information

Sunniside Surgery is one of many organisations working in the health and care system to improve care for patients and the public) .

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided

• research into the development of new treatments

• preventing illness and diseases

• monitoring safety

• planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:

• See what is meant by confidential patient information

• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care

• Find out more about the benefits of sharing data

• Understand more about who uses the data

• Find out how your data is protected

• Be able to access the system to view, set or change your opt-out setting

• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone

• See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

“You may be offered a remote consultation as an alternative to attending the practice in person. If you agree to a remote consultation the GP or healthcare professional may need to receive and store images taken by patients for clinical purposes; this could include images for the purpose of intimate clinical assessment. This will only be done in the interests of the patient where it is necessary for providing health care and with patient consent. The approach to video consulting, image sharing, and storage is the same as it would be for face to face interactions. If we need to store images on your GP record this will be only for as long as necessary. It is a patient’s choice to share an image either of a patient’s own accord or on request of the health professional treating you. Refusal to share an image does not prevent access to care and treatment or result in patients receiving an inferior standard of care. Further details about how remote consultation works can be obtained by contacting the practice. “

SafeguardingChildren SS
At Risk Adults SS

Sunniside Surgery welcomes comments and suggestions from their patients and these can be
submitted via the suggestions box in reception or in writing to the Practice Manager. We have
noticed a developing trend where a patient will use a Social Media site such as Facebook to
comment on the practice and members of staff at the surgery.
We would ask that if you have a complaint about or service, we encourage you to report this to
the Practice Manager using our complaints procedures. The surgery will always investigate and
respond to complaints.
The partners reserve the right to remove a patient from the surgery list and report them to the
social networking site if they are found to have made libellous statements or defamatory
comments about the surgery or a member of staff. The legal definition of defamation is:
“Any intentionally false communication, either written or spoken, that harms a person’s
reputation; decreases the respect, regard or confidence in which a person is held or induces
disparaging, hostile or disagreeable opinions or feelings against a person.”
Ethical Social Networking
The GMC’s guidance states that, Doctors’ use of social medical should never be used to discuss
individual patients or their care. If a GP is contacted by a patient through their private profile for
medical advice, the patient will be asked to direct their query to the surgery.

Our practice has signed up to the NHS zero Tolerance Campaign which makes verbal abuse,threat and physical violence to all the NHS staff unacceptable. Any behaviour as such from patients may result in removal from our practice.