Data Protection
We need to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.
Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.
All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.
In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.
To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.
You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.
DPO Update
|
Technical Solution Pseudonymisation |
Purpose: Personal confidential and special category data in the form of medical record, is extracted under contract for the purpose of pseudonymisation. This will allow no patient to be identified within the data set that is created. SCWCSU has been commissioned to provide a data processing service for the GPs, no other processing will be undertaken under this contract.
Legal Basis: Under UKGDPR the legitimate purpose for this activity is under contract to provide assistance. Article 6(1)(e); “necessary… in the exercise of official authority vested in the controller’ And Article 9(2)(h) Health data as stated below
Processor: SCW CSU |
|
Shared Care Record |
Purpose: In order for the practice to have access to a shared record, the Integrated Care Service has commissioned a number of systems including GP connect, which is managed by NHS Digital, to enable a shared care record, which will assist in patient information to be used for a number of care related services. These may include Population Health Management, Direct Care, and analytics to assist with planning services for the use of the local health population. Where data is used for secondary uses no personal identifiable data will be used. Where personal confidential data is used for Research explicit consent will be required.
Legal Basis: Under UK GDPR Article 6(1)(e); “necessary… in the exercise of official authority vested in the controller’ And Article 9(2)(h) Health data as stated below
Processor: Plexus, NHS Digital, ESHT, ICS member providers |