As part of our legal duties, this practice is required to;
- Maintain full and accurate records of the care and services we provide you
- Keep records about you confidential and secure
The practice aims to provide you with safe, high quality care that is based on accurate, up to date information. This information allows us to work others involved in your care and this may involve sharing information with other health and social care organisations.
- Basic details such as address, date of birth and next of kin
- Contact we have had with you
- Notes and reports about your health
- Details and records about your treatment and care
Others may also need to use records about you to:
- Check the quality of care you are receiving
- Protect the health of the general public
- Keep track of NHS spending
- Help investigate any concerns or complaints you ask us to
- Teach students or staff
- Support health and social care research
Sometimes we share your information with third parties to support your care such as:
- Social care
- Community Health
- Clinical Commissioning Groups
- Mental Health Providers
- NHS Digital
When we are sharing information to support third parties in providing your care, we will work hard to ensure it is the minimum necessary and that it is done so securely and lawfully. We aim to ensure that we only use your personal information in a way that you would reasonably expect. When we share information that is used for healthcare management or planning, this does not allow for you to be identified. Sometimes we will be required to share information for other reasons;
- When required to by law
- We have special permission for health or research purposes (e.g. if you have agreed to take part in a research trial)
- There is a strong public interest (e.g. there is a risk of serious harm or crime)
ACR project for patients with diabetes (and/or other conditions):
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care. Further information about this is available at: https://lp.healthy.io/minuteful_info/.
Coronavirus (COVID-19) response information governance hub:
NHS Digital are undertaking a range of work to support the government response to the coronavirus (COVID-19) outbreak. Find out how NHS Digital is using your data in its work to support the government response to coronavirus (COVID-19). The notice below details legal bases for processing personal data in the course of this work.
You can choose not to have information that could identify you shared beyond your GP practice. You can also choose to prevent information that does not identify you from being shared for planning and research. Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record. Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past. If you have previously told your GP practice that you don’t want NHS Digital to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by NHS Digital from 29th April 2016 as instructed in a direction from the Secretary of State. It will remain in place unless you change it. As the Secretary of State’s direction; this included the policy on how to apply opt-outs was not available before April 2016 it was not possible for NHS Digital to honour opt-outs made before this date. This means that information may have been shared without respecting these opt-outs between January 2014 and April 2016. You can find more information on NHS Digital’s website: See how NHS Digital uses your information. Read about how NHS Digital handles your information and your choices.
Under Data Protection law, you have a right to;
- object to certain uses of your data
- to be provided with a copy information held about you
- that your information will not be used for direct marketing purposes
- have any incorrect information amended or erased
Please contact your surgery for any requests made in connection with these rights. For a copy of your information;
- Your request must be made in writing to your surgery
- The surgery is required to respond to your request in writing within 40 days (a month from May 2018)
- You will need to give the surgery your full name, address, date of birth and NHS number
- You will be required to provide personal identification such as a driving licence or passport
Use of the Website:
Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above. Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
We intend to protect the confidentiality, quality and integrity of your personal information and we have implemented appropriate technical and organisational measures to do so. These include staff training, up to date policies and procedures and working to align with national cyber security guidelines.