As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find our Privacy Notice below
Data protection officer: Pan Sakulsaeng
How we look after your information
We take the security and confidentiality of your information very seriously. We recognise that when Patients tell us information about themselves they expect that this information is kept strictly confidential. We ensure that we comply with all legal and professional obligations to keep data secure, and ensure that our staff are fully trained in how to do so.
What information will we hold about you?
We will hold the following information about your:
- Medical information
- Personal information (such as name, address, contact details)
- Characteristics (such as ethnicity, language and disability status)
Why do we use this information?
We will use your information to allow us to carry out the following:
- To allow us to diagnose and treat your healthcare problems
- To allow us to look into any complaints or concerns that you may have with our services
- To allow us to contact you to find out what you thought about our services
- To allow us to process requests that you make for information either under the Freedom of Information Act or General Data Protection Regulations
- Anonymised data may be to support and develop tools and software to help deliver better care to patients, including audit tools, clinical decision support tools and diagnostic tools
The lawful basis on which we process your information
The General Data Protection Regulations define specific reasons that allow us to collect and use your information. The reasons are:
- We are processing your data under article 9(2,h) of the General Data Protection Regulations. This allows us to process your data to provide health care and treatment
- To allow us to monitor and manage your healthcare services
How we collect this information
We collect and record the information that you tell us as part of your appointments.
We also receive information about you from your GP.
If you decide not to let us collect this information
If you decide not to allow us to hold and process your information, we will unfortunately not be able to provide care and treatment to you.
Storing this information
We store your information securely ourselves. We may share your information with carefully chosen partners who help us store and hold this information. We will ensure that these partners are held to the same high standards that we hold ourselves to, and we retain overall responsibility for this.
Your medical record will not be destroyed or deleted.
Any information that we hold about a complaint that you have made will be retained for 10 years.
Information that we hold about a request for information under either the Freedom of Information Act or General Data Protection Regulations will be held for 3 years unless you appeal our decision, in which case, it will be held for 6 years.
Your information is stored exclusively within the United Kingdom, or within providers approved by the European Union as being appropriate to securely store your information.
We do not use automated decision making. This means that when decisions need to be made about how we manage and use your information, these decisions are made in a transparent way by people, and not by a computer algorithm.
Sharing your information
We will only share your data in the following circumstances:
- If we refer you to another health care provider, we will share your information with that provider to enable them to provide care and treatment
- There are situations where we have a legal or professional obligation to share your information, such as safeguarding, notifiable diseases or if a serious crime is disclosed to us
For further information about the professional duty of confidentiality, please see www.gmc-uk.org – Confidentiality: good practice in handling patient information.
You have the following rights about your information:
- The right to be informed
- The right of access to your data
- The right to having incorrect data that we hold about you corrected
- The right to having your data deleted
- The right to ask us not to process your data
- The right to have your data transferred to another provider
- The right to object to us processing your data
- The right to be exempt from automated decision making
Please not that if we do stop processing or delete your information, our medical record will retain a record of the fact that this information has been deleted. We are unable to remove this audit trail, however, it will not form part of your medical record any more.
You have the right to withdraw consent to us processing your data at any time.
If you are concerned about how we have handled your information, you have a right to make a complaint to the Information Commissioner’s Office by calling their helpline on 0303-123 1113.
ACR project for patients with diabetes (and/or other conditions)
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home. We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care. Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care. Further information about this is available at: https://lp.healthy.io/minuteful_info/.
If you would like further information about this privacy notice, please contact email@example.com.