General Data Protection Regulations (GDPR)/Fair Data Processing Information
Chichele Road Surgery
GDPR, Data Extraction/Data Sharing, and your right to object
General Data Protection Regulations (GDPR) come into force in May 2018. Basically these cover much the same ground as Information Governance (see other link ), but they lay more emphasis on written policies and procedures, and on organisations such as surgeries taking responsibility for informing staff and patients of the data they hold and how it is managed. Most of the data we hold about our patients is on our clinical computer system (EmisWeb), which is managed by Emis Web offsite via the internet, we (the practice) have access to this information via our desk top computers, all access is authorised with individual staff passwords and electronic smartcards. Patients should be aware that this data (and in fact all computerised GP records in doctors' surgeries across the UK) is regularly accessed by a data extraction service called the General Practice Extraction Service (GPES), but that this service only extracts anonymised data for the sake of national statistics about patients and their health.
We share your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist. (For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.nwldesp.co.uk)
Some non-anonymised, personal data for individual patients is also routinely shared with the national Summary Care Record service, which allows other health professionals to see things like your allergies and repeat prescriptions: this information can be very helpful if you have to be admitted to hospital as an emergency. There may also be instances where we ask permission to share your personal details with other health services - for example if we have a Care Plan for an elderly or vulnerable patient, including next-of-kin details and emergency contact telephone numbers, we might ask your permission to share it with the out-of-hours services and the ambulance service, so that they would have access to the information if something happened when the surgery was closed. You are entitled to refuse permission for any of these data extractions or data sharing arrangements: if you do so then your decision will be recorded on your notes and the data extractions and data sharing will not take place for you.Please see below for more information.
How we use your information
This privacy notice explains why the GP Practice collects information about you, and how that information may be used.
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which this GP Practice may hold about you may include the following information;
· Details about you, such as address and next of kin
· Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
· Notes and reports about your health
· Details about your treatment and care
· Results of investigations, such as laboratory tests, x-rays, etc.
· Relevant information from other health professionals, relatives or those who care for you
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical audit to monitor the quality of the service provided.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – the surgery will always endeavour to gain your consent before releasing the information.
Risk stratification tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information using software managed by the North West London Commissioning Support Unit as the data processor and is only provided back to your GP or member of your care team as data controller in an identifiable form. Risk stratification enables your GP to focus on the preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services.
Please note that you have the right to opt out.
Should you have any concerns about how your information is managed at the surgery please contact the Practice Manager to discuss how the disclosure of your personal information can be limited.
If you have received treatment within the NHS, North West London Commissioning Support Unit may require access to your personal information in order to determine which Clinical Commissioning Group should pay for the treatment or procedure you have received.
Information such as your name, address and date of treatment may be passed on to enable the billing process. These details are held in a secure environment and kept confidential. This information will only be used to validate invoices, and will not be shared for any further commissioning purposes.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
· NHS Trusts
· Specialist Trusts
· Independent Contractors such as dentists, opticians, pharmacists
· Private Sector Providers
· Voluntary Sector Providers
· Ambulance Trusts
· Clinical Commissioning Groups
· Social Care Services
· Local Authorities
· Education Services
· Fire and Rescue Services
· Other ‘data processors’
Access to personal information
You have a right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
If you would like to make a ‘subject access request’. please contact the practice manager in writing.
If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Practice Manager, Mr Ian Richards.