We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way and we review this regularly.
Please read this privacy notice (‘Privacy Notice’) carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.
1. Why We Are Providing This Privacy Notice
We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store and hold about you. The Law says:
- A. We must let you know why we collect personal and healthcare information about you;
- B. We must let you know how we use any personal and/or healthcare information we hold on you;
- C. We need to inform you in respect of what we do with it;
- D. We need to tell you about who we share it with or pass it on to and why;
- E. We need to let you know how long we can keep it for.
If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, then please contact our Data Protection Officer.
2. The Date Protection Officer
The Data Protection Officer for the Surgery is Kelly-Anne Gast. You can contact her if:
- A. You have any questions about how your information is being held;
- B. If you require access to your information or if you wish to make a change to your information;
- C. If you wish to make a complaint about anything to do with the personal and healthcare information we hold about you;
- D. Or any other query relating to this Policy and your rights as a patient.
Kelly can be contacted here: email@example.com
3. About Us
We, at the (‘the Surgery’) situated at are a Data Controller of your information. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.
There may be times where we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.
4. Coronavirus Pandemic-Data Protection
Coronavirus (COVID-19) pandemic and your information
The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the Coronavirus (COVID-19) pandemic.
The ICO also recognise that ‘Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.’
The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a Notice under Regulation 3(4) of The Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.
In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the Covid-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease.
Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.
The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 30th September 2020 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.
Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.
5. Information We Collect From You
The information we collect from you will include:
- A. Your contact details (such as your name and email address, including place of work and work contact details);
- B. Details and contact numbers of your next of kin;
- C. Your age range, gender, ethnicity;
- D. Details in relation to your medical history;
- E. The reason for your visit to the Surgery;
- F. Medical notes and details of diagnosis and consultations with our GPs and other health professionals within the Surgery involved in your direct healthcare.
- G. Correspondence
6. Information About You From Others
We also collect personal information about you when it is sent to us from the following:
- A. a hospital, a consultant or any other medical or healthcare professional, or any other person involved with your general healthcare.
- B. Avon & Somerset Police Firearms department
- C. Court Orders
- D. Immigration matters
- E. Solicitors
- F. Fire Brigade
- G. Social Services
- H. Education
7. Your Summary Care Record
Your summary care record is an electronic record of your healthcare history (and other relevant personal information) held on a national healthcare records database provided and facilitated by NHS England. This record may be shared with other healthcare professionals and additions to this record may also be made by relevant healthcare professionals and organisations involved in your direct healthcare. You have the choice of what information you would like to share and with whom.
- Authorised healthcare staff can only view your SCR with your permission.
- The information shared will solely be used for the benefit of your care.
- Your options are outlined below;
- a) Express consent for medication, allergies and adverse reactions only. You wish to share information about medication, allergies and adverse reactions only.
- b) Express consent for medication, allergies, adverse reactions and additional information. You wish to share information about medication, allergies and adverse reactions and further medical information that includes: Your significant illnesses and health problems, operations and vaccinations you have had in the past, how you would like to be treated (such as where you would prefer to receive care), what support you might need and who should be contacted for more information about you.
- c) Express dissent for Summary Care Record (opt out). Select this option, if you DO NOT want any information shared with other healthcare professionals involved in your care.
Please note that it is not compulsory for you to complete a consent form. If you choose not to complete a consent form, a Summary Care Record containing information about your medication, allergies and adverse reactions and additional further medical information will be created for you as described in point b) above.
You may have the right to demand that this record is not shared with anyone who is not involved in the provision of your direct healthcare. If you wish to enquire further as to your rights in respect of not sharing information on this record then please contact our Data Protection Officer.
To find out more about the wider use of confidential personal information and to register your choice to opt out if you do not want your data to be used in this way, please visit: www.nhs.uk/your-nhs-data-matters
Please note: if you do choose to opt out, you can still consent to your data being used for specific purposes. However, if you are happy with this use of information you do not need to do anything. You may however change your choice at any time.
8. Who You May Expect Us To Provide Your Personal Information to, and Why
We may pass your personal information on to the following people or organisations, because these organisations may require your information to assist them in the provision of your direct healthcare needs. It, therefore, may be important for them to be able to access your information in order to ensure they may properly deliver their services to you:
- A. Hospital professionals (such as doctors, consultants, nurses, etc);
- B. Other GPs/Doctors;
- C. Pharmacists;
- D. Nurses and other healthcare professionals;
- E. Dentists;
- F. Any other person that is involved in providing services related to your general healthcare, including mental health professionals.
- G. Police
- H. Driving Vehicle Licensing Authority (DVLA)
- I. Solicitors
- J. Court Orders
- K. Immigration
- L. Fire Brigade
- M. Social Services
- N. Education
- O. Systems we use to store your information, process it, and communicate to you i.e. SMS Text, Video messaging and ways to share your patient information where appropriate i.e. in the event of an emergency and only if we have the correct lawful basis and appropriate authority to do this. (Also covered in this Privacy Notice see section ) We are the data controllers of your information.
9. Other People Who We Provide Your Information To:
- A. Commissioners
- B. Clinical Commissioning Groups
- C. Local authorities
- D. Community health services
- E. Complying with the law e.g. Police, Solicitors, Insurance Companies;
- F. Consent you have given to view or receive your record, or part of your record.
- G. Extended Access – We provide extended access services to our patients which means you can access medical services outside of our normal working hours. In order to provide you with this service, we have formal arrangements in place with the Clinical Commissioning group and with other practices whereby certain key “hub” practice offer this service on our behalf for you as a patient to access outside of our opening hours. This means, those key “hub” practice will have to have access to your medical record to be able to offer you the service. Please note to ensure that those practices comply with the law and to protect the use of your information, we have very robust data sharing agreements and other clear arrangements in place to ensure your data is always protected and used for those purposes only.
- H. Data Extraction by the Clinical Commissioning Group (Please see above for PHM Data) – the clinical commissioning group at times extracts medical information about you, but the information we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code, that only your practice can identify (it is pseudo-anonymised). This therefore protects you from anyone who may have access to this information at the clinical commissioning group from EVER identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.
- I. Severnside Intergrated Urgent Care Service – incorporates NHS111, this is a new computer booking system that replaces the Out of hours service for GP Practices this service ensures that you receive the right level of care for your condition.
- J. CQC- Care Quality Commission –Regulate and inspect health and social care services across the UK.
- K. Social Prescribing – Social Prescribing involves working with patients to improve their health, wellbeing and social welfare by connecting them to their communities. Your GP practice can refer you to a ‘link worker’, so you can find your own personalised health solutions based around what is strong in your life and not just what is wrong.If you suffer with social, emotional or have practical needs you can be helped to find solutions which improve your health and wellbeing, often using services provided by the voluntary sector or by people in our own community.
Other NHS and non NHS organisations who we share your data with and why?
ometimes the practice shares information with other organisations that do not directly treat you, for example, Clinical Commissioning Groups (CCG). Normally, it will not be possible to identify you from this information. This information is used to plan and improve services. The information collected includes data such as the area patients live, age, gender, ethnicity, language preference, country of birth and religion. The CCG also collects information about whether patients have long term conditions such as diabetes; blood pressure, cholesterol levels and medication. However, this information is anonymous and does not include anything written as notes by the GP and cannot be linked to you The main data sharing agreements are listed below. However, a full list is available on request.
Local Data Sharing Agreements:
- 1. Sirona Community nurses and other health care professionals are able to access GP information about people on their caseload who have recently been discharged from hospital, or who are housebound, or who require longer term rehabilitation from the GP record. This information can be read by the healthcare professional to improve the patients care, but they are not able to amend the GP medical record;
- 2. Connecting Care* enables a range of health care organisations, including local NHS hospital, the Ambulance Service and the Out of Hours service provided by Brisdoc. This information can be read by the healthcare professional to improve the patients care, but they are not able to amend the GP medical record;
- 3. One Care – this agreement allows patients from the surgery to be seen and treated by GPs from other surgeries in the evening and at weekend. The agreement allows a GP in other localities to access the GP record securely and allows information about the consultation to be written into the record.
- 4. St Peter’s Hospice – this agreement enables hospice staff to read the records of patients in their care. This information can be read by the healthcare professional to improve the patients care, but they are not able to amend the GP medical record
- 5. The practice shares anonymised data with a number of research bodies to enable clinical research to be undertaken, but no personally identifiable data is shared.
- 6. AccuRX – AccuRx is a British software company that has developed a messaging service for doctor surgeries to communicate with patients via SMS and Video messaging
- 7. EMIS – EMIS Health, formerly known as Egton Medical Information Systems, supplies electronic patient record systems and software used in primary care, acute care and community pharmacy in the United Kingdom.
- 8. eConsult – eConsult Health is a collection of digital triage solutions for Primary and Emergency Care eConsult enables NHS based GP practices to offer online consultations to their patients. This allows patients to submit their symptoms or requests to their own GP electronically, and offers around the clock NHS self-help information, signposting to services, and a symptom checker.
- 9. Patient Access – Patient Access connects you to local health services when you need them most. Book GP appointments, order repeat prescriptions and discover local health services for you or your family via your mobile or home computer
The project requires health care organisations to work together with communities and partner agencies. The organisations will share information with each other in order to get a view of health and services for the population in a particular area.
In your area, a population health management programme has been introduced. The programme will combine information from GP practices, community service providers, hospitals and other health and care providers.
How will my Personal Data be Used?
The information will include information about your health care.
The information will be combined and anything that can identify you (like your name or NHS Number) will be removed and replaced with a code.
This means that the people working with the data will only see the code and cannot see which patient the information relates to.
If we see that an individual might benefit from some additional care or support, we will send the information back to your GP or hospital provider and they will use the code to identify you and offer you services.
The information will be used for a number of healthcare related activities such as;
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
Who Will My Personal Data Be Shared With?
Your GP and hospital providers will send the information they hold on their systems to the South Central and West Commissioning Support Unit, who are part of NHS England.
They will link all the information together in order to review and make decisions about the whole population or particular patients that might need support. During this process any identifiable data will be removed berore it is shared with Optum Healthcare.
Both the Commissioning Support Unit and Optum are required to protect your information and maintain confidentiality in the same way that your doctor or hospital provider is.
Is Using My Information in This Way Lawful?
Health Care Providers are permitted by data protection law to use information where it is ‘necessary for medical purposes’. This includes caring for you directly as well as management of health services more generally.
Some of the work that happens at a national level with your information is required by other parts of the law. For more information, speak to our Data Protection Officer.
Sharing and using your information in this way helps to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law and in the majority of cases, anonymised data is used so that you cannot be identified.
What will happen to My Information When the Project is Finished?
Once the 20-week programme has completed the information will be securely destroyed.
Can I Object?
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.
*If you require any further information on any of the above, please do not hesitate to ask the Data Protection Officer Kelly@almc.co.uk
Please note: if you give another person or organisation consent to access your record we will need to contact you to verify your consent before we release that record. It is important that you are clear and understand how much and what aspects of, your record you give consent to be disclosed.
10. Anonymised Information
Sometimes we may provide information about you in an anonymised form. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.
11. Your Rights as a Patient
The Law gives you certain rights to your personal and healthcare information that we hold, as set out below:
- A. Access and Subject Access Requests
You have the right to see what information we hold about you and to request a copy of this information.
If you would like a copy of the information we hold about you please contact.
We will provide this information free of charge however, we may in some limited and exceptional circumstances have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive. We have one month to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require.
- B. Online Access
You may ask us if you wish to have online access to your medical record. However, there will be certain protocols that we have to follow in order to give you online access, including written consent and production of documents that prove your identity.
Please note that when we give you online access, the responsibility is yours to make sure that you keep your information safe and secure if you do not wish any third party to gain access.
- C. Correction
We want to make sure that your personal information is accurate and up to date. You may ask us to correct any information you think is inaccurate. It is very important that you make sure you tell us if your contact details including your mobile phone number has changed.
- D. Removal
You have the right to ask for your information to be removed however, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your healthcare, then removal may not be possible.
We cannot share your information with anyone else for a purpose that is not directly related to your health, e.g. medical research, educational purposes, etc. We would ask you for your consent in order to do this however, you have the right to request that your personal and healthcare information is not shared by the Surgery in this way. Please note the anonymised Information section in this Privacy Notice.
- F. Transfer
You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation, but we will require your clear consent to be able to do this.
12. Third Parties Mentioned on Your Medical Record
Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself. Third parties can include: spouses, partners, and other family members.
13. How We Use the Information About You
We use your personal and healthcare information in the following ways:
- A. when we need to speak to, or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or on going healthcare;
- B. when we are required by Law to hand over your information to any other organisation, such as the police, by court order, solicitors, or immigration enforcement.
Please note: We will never pass on your personal information to anyone else who does not need it, or has no right to it, unless you give us clear consent to do so.
14. How the NHS use Your Information – National Data Opt-Out
The Practice is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at: www.hra.nhs.uk/information-about-patients (which covers health and care research); and www.understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. **Practice is currently compliant with the national data opt-out policy.
15. Legal Justification for Collecting and Using Your Information
The Law says we need a legal basis to handle your personal and healthcare information.
- CONTRACT: We have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.
- CONSENT: Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs.
Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.
- NECESSARY CARE: Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent.
- LAW: Sometimes the Law obliges us to provide your information to an organisation.
16. Special Categories
The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:
- PUBLIC INTEREST: Where we may need to handle your personal information when it is considered to be in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organisations to ensure you receive advice and/or treatment;
- CONSENT: When you have given us consent;
- VITAL INTEREST: If you are incapable of giving consent, and we have to use your information to protect your vital interests (e.g. if you have had an accident and you need emergency treatment);
- DEFENDING A CLAIM: If we need your information to defend a legal claim against us by you, or by another party;
- PROVIDING YOU WITH MEDICAL CARE: Where we need your information to provide you with medical and healthcare services
17. How Long We Keep Your Personal Information
We carefully consider any personal information that we store about you, and we will not keep your information for longer than is necessary for the purposes as set out in this Privacy Notice.
18. Under 16s
Up until the age of 16 your parents will be able to access your medical information. This means they can discuss your care with staff at the Practice and may request to see copies of your medical information, unless you request us to withhold this information from them.
If you do not want your parents to have access to your medical information please speak to a member of the Practice team. (Please see attached Privacy Notice for 13-16 year olds)
19. If English is Not Your First Language
Our privacy notice explains how we use information. If you would like a summarised translation of this, please email firstname.lastname@example.org
Nasza informacja o prywatności wyjaśnia, w jaki sposób wykorzystujemy informacje. Jeśli chcesz streszczone tłumaczenie, napisz na adres email@example.com
Ogeysiiskayaga ku saabsan Xogta dhowrsan ah (Privacy notice) waxa uu sharxayaa siyaabaha aanu u isticmaalno wixii xog ah ee aanu kaydkayaga ku hayno. Haddii jeceshahay in ad hesho iyado Afka soomaaliga ah ku qoran, fadlan ciiwankan nagala soo xidhiidh firstname.lastname@example.org
ہمارے رازداری کے نوٹس میں یہ بتایا گیا ہے کہ ہم معلومات کو کس طرح استعمال کرتے ہیں۔ اگر آپ اس کا خلاصہ ترجمہ چاہتے ہیں تو ، براہ کرم email@example.com پر ای میل کریں
Notice Nuestro aviso de privacidad explica cómo usamos la información. Si desea una traducción resumida de esto, envíe un correo electrónico a firstname.lastname@example.org
If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, with your data or how we have used or handled your personal and/or healthcare information, then please contact our Data Protection Officer.
You also have a right to raise any concern or complaint with the UK information regulator:Information Commissioner’s Office (ICO): www.ico.org.uk
21. Our Website
The only website this Privacy Notice applies to is the Surgery’s website. If you use a link to any other website from the Surgery’s website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.
We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.
24. Test Messaging and Contacting You
Because we are obliged to protect any confidential information we hold about you and we take this very seriously, it is imperative that you let us know immediately if you change any of your contact details.
We may contact you using SMS texting to your mobile phone in the event that we need to notify you about appointments and other services that we provide to you involving your direct care, therefore you must ensure that we have your up to date details. This is to ensure we are sure we are actually contacting you and not another person.
25. Where to Find Our Privacy Notice
You may find a copy of this Privacy Notice in the Surgery’s reception, on our website, or a copy may be provided on request.
26. Data Storage
NHS Digital sub-contract Amazon Web Services (AWS) to store your patient data. We have been informed that the data will remain in the UK at all times and will be fully encrypted both in transit and at rest. We have further been advised that AWS offers the very highest levels of security and support. The Practice do not have any influence over how the data is stored as this is decided centrally by NHS Digital.
27. Changes to Our Privacy Notice
We regularly review and update our Privacy Notice. This Privacy Notice was last updated on 20/08/2020.