Privacy Policy

Summary Version

How we use your information
This privacy notice explains why the GP Practice collects information about you, and how that information may be used.

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 1998. This means ensuring that your personal data are handled in ways that are transparent and that you would reasonably expect. The Health and Social Care Act 2012 changes the way that confidential data are processed it is important that you are made aware of these changes, understand that you can object to certain uses, and how to do so.

The health care professionals who provide you with care maintain records about your health and treatment. These records may be electronic, paper, or both and various measures are employed to ensure the security of your records. The information contained in the records is used for your direct care and kept confidential. However, we may be required to disclose your personal information if it is required by law, is justified in the public interest, or you consent for the use for other purposes.

Other reasons why your data may be disclosed are for use for statistical purposes where the information will not be able to identify you, or for research purposes for which your consent will be requested. Under the Health and Social Care Act 2012 the Health and Social Care Information Centre can request personal confidential information from your GP practice without asking for your consent first.

On some occasions it may be necessary to undertake clinical audits of records to ensure that the best possible care has been provided to you or to prevent the spread of infectious disease, wherever possible this will be done in anonymised form.

Your data may also be shared with other healthcare professionals who provide you with care through local integrated care services. Your permission to share your data between the services will be requested, although refusing permission may impact your care. If this is the case your doctor will be able to explain how this could affect your care.

Your GP is encouraged to use a process called Risk Stratification to identify patients who may require additional care due to long term conditions. The information is used to help support patient care and prevent unnecessary hospital admissions.

OpenSAFELY

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register type 1 opt out with their GP.

More information about OpenSAFELY can be found here OpenSAFELY: Home

If you do not want your data used for these purposes you may object by contacting the practice who will explain how you can prevent your data being used in this way.

We are committed to protecting your privacy and will only use data collected lawfully in accordance with the Data Protection Act 1998, Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security. The only staff who have access to your data are those with a legitimate reason to do so, and is controlled by multiple levels of security.

The Data Protection Act 1998 gives you the right to view or access information that the GP Practice holds about you. This is known as ‘the right of subject access’. Under this right you are entitled to have a description of the information, explanation of why it is held, who it could be disclosed to, and you are entitled to a copy of the information. If you would like to make a ‘subject access request’, please contact the practice manager in writing.

If you would like further information about how your information is used by the GP Practice, please contact the Practice Manager, or view the Fair Processing Notice on the practice notice board or the practice website.

The practice is registered as a data controller under the Data Protection Act 1998 – the registration number is and can be viewed online in the public register at www.ICO.gov.uk

Version 1.0

May 2020