Data Protection
Patient information is stored on computer and under the Data Protection Act 1998 we are obliged to inform you of this and that details are held confidentially and only divulged in connection with a medical necessity. Our guiding principle is that we are holding your records in strict confidence.
Anyone who receives information from us is also under a legal duty to keep it confidential.
The principal partner organisations with which information may be shared are: Hospital, Community and Mental Health Trusts, Clinical Commissioning Groups (CCG's). General Practitioners (GPs), Ambulance Services and Social Services (if involved in care). Your information is subject to strict agreements describing how it will be used and, only if necessary for your care, may also be shared with: Local Authorities, NHS Common Service Agencies, Voluntary Organisations and other care providers. Your records are managed in accordance with this Act and under this information you have a right of access to your records.
Data Protection Patient Information
Information Commissioners Office see our Promise here
Patient Information & Confidentiality – GDPR and Privacy Notices
We have a legal duty to explain how we use any personal information we collect about you, as a registered Patient, at the Practice. Staff at this Practice maintain records about your health and the treatment you receive in electronic and paper format.
Read How we use your Health Information and Medical Records
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.
How we will use your information
Your data is collected for the purpose of providing direct Patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest.
In order to comply with its legal obligations, this Practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Additionally, this Practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.
Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR.
Maintaining confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected. These rights are set out under Data Protection Act 2018. If you want to see your records, you should ask Reception for a Subject Access Request Form and allow up to 28 days for it to be completed.
If the record is requested by a company on your behalf and the record is deemed excessive in time and size, then there may be a fee in which price can vary.
If the Patient is requesting the subject access request, then you will not be charged