Website privacy notice: Updated: 1st September 2020

General Practice Privacy Notice

The information we hold on you

Our practice keeps data on you relating to who you are, where you live, contact details, what you do, your family, possibly your friends, your employers, your habits, your problems and diagnoses, the reasons you seek help, your appointments, if you have a carer, where you are seen and when you are seen, who by, referrals to specialists and other healthcare providers, tests carried out here and in other places, investigations and scans, treatments and outcomes of treatments, your treatment history, the observations and opinions of other healthcare workers, within and without the NHS as well as comments and aide memoires reasonably made by healthcare professionals in this practice who are appropriately involved in your health care.

 

When registering for NHS care, all patients who receive NHS care are registered on a national database, the database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.

 

Identifying patients who might be at risk of certain diseases

  • Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
  • This means we can offer patients additional care or support as early as possible.
  • This process will involve linking information from your GP record with information from other health or social care services you have used.
  • Information which identifies you will only be seen by this practice.

If you would like more information, please speak with the practice manager.

 

Who we share information with.

As GPs, we cannot handle all your information ourselves, so we need to delegate this responsibility to others within the practice and sometimes with other organisations.

If your care requires treatment outside the practice, we will exchange with those providing such care and treatment whatever information may be necessary to provide safe, high quality care.

Once you have seen the care provider, they will normally send us details of the care they have provided you with, so that we can understand your health better.

Your consent to this sharing of data, within the practice and with those others outside the practice is assumed and is allowed by the Law, however we will gladly discuss this with you in more detail if you would like to know more.

The Practice team (clinicians, administration and reception staff) only access the information they need to allow them to perform their function and fulfil their roles.

You have the right to object to our sharing your data in these circumstances but we have an overriding responsibility to do what is in your best interests.

We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.

 

1) Data Controller

 

 Thurleigh Road Practice

88a Thurleigh Road, London SW12 8TT
 

2) Data Protection Officer

 

 Umar Sabat

South West London CCG

Dpo.swl@nhs.net
3) Purpose of the processing

 

 To provide the Secretary of State and others with information and reports on the status, activity and performance of the NHS. To provide specific reporting functions on identified.

The national data opt-out was introduced on 25 May 2018,
enabling patients to opt out from the use of their data for research
or planning purposes, in line with the recommendations of the
National Data Guardian in her Review of Data Security, Consent
and Opt-Outs.
4) Lawful basis for processing  The legal basis will be:-

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
5) Recipient or categories of recipients of the shared data The data will be shared with NHS Digital according to directions which can be found at https://digital.nhs.uk/article/8059/NHS-England-Directions-

Please also see issued Data Provision Notices: https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/directions-and-data-provision-notices/data-provision-notices-dpns

We may also have to share relevant information from your medical record, subject to strict agreements on how it will be used, with the following organisations;

  • NHS Trusts / Foundation Trusts/ specialist Trusts
  • GP’s
  • NHS Commissioning Support Units
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Providers
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police & Judicial Services
  • Other ‘data processors’ which you will be informed of
  • Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record.  For more information see:  https://digital.nhs.uk/summary-care-records or alternatively speak to your practice.

You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.

You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required. We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.
5) Rights to object You have the right to object to information being shared between those who are providing you with direct care.

  • This may affect the care you receive – please speak to the practice.
  • You are not able to object to your name, address and other demographic information being sent to NHS Digital.
  • This is necessary if you wish to be registered to receive NHS care.
  • You are not able to object when information is legitimately shared for safeguarding reasons.
  • In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
7) Right to access and correction You have the right to access the data that is being shared and have any inaccuracies corrected.

There is no right to have accurate medical records deleted except when ordered by a court of Law.
8) Retention period The data will be retained for active use during the processing and thereafter according to NHS Policies and the law.
9) Right to complain If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO). If you wish to complain, please visit: www.ico.org.uk/global/contact-us or call the helpline on 0303 123 1113.