As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
[add a named Data Protection Officer.]
As part of our legal duties, this practice is required to;
- Maintain full and accurate records of the care and services we provide you
- Keep records about you confidential and secure
The practice aims to provide you with safe, high quality care that is based on accurate, up to date information.
This information allows us to work others involved in your care and this may involve sharing information with other health and social care organisations.
- Basic details such as address, date of birth and next of kin
- Contact we have had with you
- Notes and reports about your health
- Details and records about your treatment and care
Others may also need to use records about you to:
- Check the quality of care you are receiving
- Protect the health of the general public
- Keep track of NHS spending
- Help investigate any concerns or complaints you ask us to
- Teach students or staff
- Support health and social care research
Sometimes we share your information with third parties to support your care such as:
- Social care
- Community Health
- Clinical Commissioning Groups
- Mental Health Providers
- NHS Digital
When we are sharing information to support third parties in providing your care, we will work hard to ensure it is the minimum necessary and that it is done so securely and lawfully. We aim to ensure that we only use your personal information in a way that you would reasonably expect.
When we share information that is used for healthcare management or planning, this does not allow for you to be identified.
Sometimes we will be required to share information for other reasons;
- When required to by law
- We have special permission for health or research purposes (e.g. if you have agreed to take part in a research trial)
- There is a strong public interest (e.g. there is a risk of serious harm or crime)
You can choose not to have information that could identify you shared beyond your GP practice. You can also choose to prevent information that does not identify you from being shared for planning and research.
Simply contact your GP either to register an opt-out or end an opt-out you have already registered and they will update your medical record. Your GP practice will also be able to confirm whether or not you have registered an opt-out in the past.
If you have previously told your GP practice that you don’t want NHS Digital to share your personal confidential information for purposes other than your own care and treatment, your opt-out will have been implemented by NHS Digital from 29th April 2016 as instructed in a direction from the Secretary of State. It will remain in place unless you change it.
As the Secretary of State’s direction; this included the policy on how to apply opt-outs was not available before April 2016 it was not possible for NHS Digital to honour opt-outs made before this date. This means that information may have been shared without respecting these opt-outs between January 2014 and April 2016.
You can find more information on NHS Digital’s website:
See how NHS Digital uses your information.
Read about how NHS Digital handles your information and your choices.
Under Data Protection law, you have a right to;
- object to certain uses of your data
- to be provided with a copy information held about you
- that your information will not be used for direct marketing purposes
- have any incorrect information amended or erased
Please contact your surgery for any requests made in connection with these rights.
For a copy of your information;
- Your request must be made in writing to your surgery
- The surgery is required to respond to your request in writing within 40 days (a month from May 2018)
- You will need to give the surgery your full name, address, date of birth and NHS number
- You will be required to provide personal identification such as a driving licence or passport
Use of the Website
Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
We intend to protect the confidentiality, quality and integrity of your personal information and we have implemented appropriate technical and organisational measures to do so. These include staff training, up to date policies and procedures and working to align with national cyber security guidelines.