What is GDPR?
General Data Protection Regulations (GDPR) 2018 (formerly Data Protection Act 1998), is the legislation that ensures organisations are handling the data they hold for you lawfully. Our Practice Privacy Notice is the document that outlines how we are meeting these regulations.
Information about you and how we use it
When you come to the surgery, information about you, your medical treatment and family background may be recorded, on paper and computer, to help us care for you. The information is part of your health record and will be kept in case we need to see you again. We hold demographic data (name, address, telephone numbers, date of birth, ethnic origin, family relationships, next of kin) and clinical data (diagnoses, family history, allergies and sensitivities, medication, consultation records, investigations, test results, referrals and letters to and from other NHS organisations about your care).
Members of the clinical teams looking after you may share your personal health information with each other. This team may include healthcare professionals and support staff. All NHS staff are bound by law and a strict code of confidentiality, and are monitored by the Surgery’s Caldicott Guardian (Dr Tom Waterfall), who is responsible for ensuring patients' confidentiality is respected. Your confidentiality is very important to us, and we have strict controls in place to protect your information.
Data will be retained only for as long as necessary to provide care for you.
How your records are used to help you
Accurate, up-to-date information about you:
- helps staff to assess your health and care for you
- will help staff to treat you in future, in the surgery or elsewhere
- allows staff to monitor and if necessary investigate the care you have received.
How your records help us
Accurate, up-to-date information about you:
- helps us provide high quality care and meet all our patients' needs
- helps us train healthcare professionals and support research and development
- is necessary for the surgery to be paid for your treatment
- supports audits of NHS services and accounts
- supports investigation of any incidents or issues that arise
- contributes to national NHS statistics.
Sharing your information
Sometimes we have to pass on information by law:
- to notify a birth or death
- when an infectious disease such as meningitis or measles may endanger the safety of others
- where a formal court order has been issued
- when sharing information with the police may prevent a serious crime, or prevent harm to you or other people.
We may have to share information about you with non-NHS staff (for example Social Services): we will only do this if it is necessary, and if we need your consent we will ask you for it. The main NHS organisations which may need your information are Clinical Commissioning Groups, Commissioning Support Units, other NHS trusts, hospitals, other GP practices and ambulance services. If we have to share information about you, we will remove your personal details where possible.
Your information rights
- You have the right to know how we will use your personal information.
- You have the right to see your health record (your medical notes). This is known as Right of Subject Access.
- You have the right to object to us making use of your information.
- You can ask us to change or restrict the way we use your information and we have to agree if possible.
- You have the right to ask for your information to be changed, blocked or erased if it is incorrect.
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.