Your Personal Information – what you need to know

This Privacy Notice explains why we collect information about you, how that information will be used, how we keep it safe and confidential and what your rights are in relation to this.

Why we collect information about you

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received.  These records help to provide you with the best possible healthcare and help us to protect your safety.

We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form

Our Commitment to Data Privacy and Confidentiality Issues

As a GP Practice, all of our GP’s, Staff and associated Practitioners are committed to protecting your Privacy and will only process data in accordance with the Data Protection Legislation.  This includes the General Data Protection Regulation (EU) 2016/679  (GDPR), now known as the UK GDPR, the Data Protection Act (DPA) 2018, the Law Enforcement Directive (Directive (EU) 2016/680) (LED) and any applicable national Laws implementing them as amended from time to time.  The legislation requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

In addition, consideration will also be given to all applicable Law concerning Privacy, confidentiality, the processing and sharing of personal data including the Human Rights Act 1998, the Health and Social Care Act 2012 as amended by the Health and Social Care (Safety and Quality) Act 2015, the common law duty of confidentiality and the Privacy and Electronic Communications (EC Directive) Regulations.

Data we collect about you

Records which this GP Practice will hold or share about you will include the following:

• Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Special Categories of Personal Data – this term describes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
• Confidential Patient Information – this term describes information or data relating to their health and other matters disclosed to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence. Including both information ‘given in confidence’ and ‘that which is owed a duty of confidence’. As described in the Confidentiality: NHS code of Practice: Department of Health guidance on confidentiality 2003.
• Pseudonymised - The process of distinguishing individuals in a dataset by using a unique identifier, which does not reveal their ‘real world’ identity.
• Anonymised – Data in a form that does not identify individuals and where identification through its combination with other data is not likely to take place
• Aggregated - Statistical data about several individuals that has been combined to show general trends or values without identifying individuals within the data.

How We Share Your Health Information

Your GP record contains important information about your health, such as your medical history, medications, allergies, and test results. Sharing this information securely helps NHS staff provide you with safe, joined-up care. Below is an overview of how your information may be shared and your rights.

1. GP Connect
GP Connect allows authorised NHS staff (such as NHS 111, hospitals, and community services) to securely view parts of your GP record when they are involved in your care.
• What is shared? Medications, allergies, test results, consultations, referrals, 
and immunisations.
• Who can see it? Only staff directly involved in your care.
• Can you opt out? Yes – contact the practice to opt out.
• More info: https://digital.nhs.uk/services/gp-connect/gp-connect-in-your-organisation/gp-connect-privacy-notice

2. Summary Care Record (SCR)
Your SCR is a national summary of key health information created from your GP record. It helps NHS staff in other settings (e.g. hospitals) provide safer care.
• What is shared? Basic details (medications, allergies) and, if you agree, 
additional information.
• Can you opt out? Yes – contact the practice to opt out.
• More info: https://digital.nhs.uk/services/summary-care-records-scr/additional-information-in-scr

3. NHS Research and Planning
Sometimes, information from your health record is used to help the NHS plan services or carry out research. This is usually done using anonymised or pseudonymised data.
• What is shared? Health information that does not identify you.
• Can you opt out? Yes – via https://www.nhs.uk/your-nhs-data-matters/overview/

4. Personal Demographics Service (PDS)
The PDS is a national NHS database that holds basic information like your name, address, and NHS number. It helps match you to your records across the NHS.
• Can you opt out? No, but you can request restricted access in certain cases.
• More info: https://digital.nhs.uk/services/personal-demographics-service

5. Local Shared Care Record (Plexus)
The Sussex Shared Care Record (Plexus) allows health and care professionals across Sussex to view information from your GP record and other providers.
• What is shared? Medications, allergies, test results, care plans.
• Can you opt out? Yes – contact the practice.
• More info: https://www.sussex.ics.nhs.uk/our-work/our-priorities/digital/plexus-care-record/plexus-shared-care-record-partners/

6. System to System Sharing (EMIS-to-EMIS / TPP to TPP)
Some GP practices use the same clinical system and can securely share your record with other organisations using that system if you are receiving care from them.
• What is shared? Your full GP record or selected parts.
• Can you opt out? Yes – contact the practice.

7. Patient Online Services
You can view parts of your own GP record online using the NHS App or other approved apps.
• What is shared? Medications, allergies, test results, appointments.
• Who can see it? Only you (or someone you authorise).
• Can you opt out? Yes – you can choose not to register or withdraw access.

8. Pseudonymised Data 
Pseudonymised data is used in Sussex to help improve services. Your personal details 
are replaced with a code so you cannot be directly identified.
• What is shared? Pseudonymised health and care information.
• Can you opt out? Yes - via: https://www.nhs.uk/your-nhs-data-matters/overview/

The NHS Care Record Guarantee

The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS, what control the patient can have over this, the rights individuals have to request copies of their data and how data is protected under Data Protection Legislation.

http://systems.digital.nhs.uk/infogov/links/nhscrg.pdf

The NHS Constitution

The NHS Constitution establishes the principles and values of the NHS in England. It sets out the rights patients, the public and staff are entitled to.  These rights cover how patients access health services, the quality of care you’ll receive, the treatments and programs available to you, confidentiality, information and your right to complain if things go wrong.

https://www.gov.uk/government/publications/the-nhs-constitution-for-england

To view the complete Privacy Notice Click Here

Child Privacy Notice

NHS Digital Privacy Notice