Practice Privacy Notice

How we use your information

We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way and we review this regularly.

Please read this Privacy Notice carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.

A new data privacy law was introduced in the UK in May 2018. As a result, we’ve published a new privacy notice to make it easier for you to find out how the NHS uses and protects your information.

Why are we providing this Privacy Notice?

We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store and hold about you. If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, then please do contact our Data Protection Officer.

The Law says:

We must let you know why we collect personal and healthcare information about you
We must let you know how we use any personal and/or healthcare information we hold on you
We need to inform you in respect of what we do with it
We need to tell you about who we share it with or pass it on to and why
We need to let you know how long we can keep it for

What is a Privacy Notice?

A Privacy Notice (or ‘Fair Processing Notice’) is an explanation of what information the Practice collects on patients, and how it is used. Being transparent and providing clear information to patients about how a Practice uses their personal data is an essential requirement of the new General Data Protection Regulations (GDPR).

Under the GDPR, the Practice must process personal data in a fair and lawful manner, and applies to everything that is done with patient’s personal information. In practice, this means that the Practice must:

have legitimate reasons for the use or collection of personal data
not use the data in a way that may cause adverse effects on the individuals (e.g. improper sharing of their information with third parties)
be transparent about how you the data will be used, and give appropriate privacy notices when collecting their personal data
handle personal data only as reasonably expected to do so
make no unlawful use of the collected data

Legal justification for collecting and using your information

The Law says we need a legal basis to handle your personal and healthcare information.

Contract – we have a contract with NHS England to deliver healthcare services to you. This contract provides that we are under a legal obligation to ensure that we deliver medical and healthcare services to the public.
Consent – Sometimes we also rely on the fact that you give us consent to use your personal and healthcare information so that we can take care of your healthcare needs. Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us
Necessary Care – Providing you with the appropriate healthcare, where necessary. The Law refers to this as ‘protecting your vital interests’ where you may be in a position not to be able to consent.
Law – Sometimes the Law obliges us to provide your information to an organisation

Special Categories

The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:

Public Interest – Where we may need to handle your personal information when it is considered to be in the public interest. For example, when there is an outbreak of a specific disease and we need to contact you for treatment, or we need to pass your information to relevant organisations to ensure you receive advice and/or treatment.
Consent – When you have given us consent.
Vital Interest – If you are incapable of giving consent and we have to use your information to protect your vital interests (eg. if you have had an accident and you need emergency treatment)
Defending a Claim – If we need your information to defend a legal claim against us by you, or by another party
Providing You with Medical Care – where we need your information to provide you with medical and healthcare services

Who is the Data Controller?

The Ryeland Surgery is registered as a Data Controller under the Data Protection Act 1998. The registration number is Z6820810 and can be viewed online in the public register at the ICO. This means we are responsible for collecting, storing and handling your personal and healthcare information when you register with us as a patient.

There may be times when we also process your information. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors. The purposes for which we use your information are set out in this Privacy Notice.

Fair Processing

Personal data must be processed in a fair manner – the GDPR says that information should be treated as being obtained fairly if it is provided by a person who is legally authorised or required to provide it. Fair Processing means that the Practice has to be clear and open with people about how their information is used.

This privacy notice explains why we as a Practice collect information about our patients and how that information may be used.

The Ryeland Surgery manages patient information in accordance with existing laws and with guidance from organisations that govern the provision of healthcare in England such as the Department of Health and the General Medical Council.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

General Data Protection Regulations
Data Protection Act 1998
Human Rights Act 1998
Common Law Duty of Confidentiality
Health and Social Care Act 2012
NHS Codes of Confidentiality and Information Security

In practice, this means ensuring that your personal confidential data (PCD) is handled clearly and transparently, and in a reasonably expected way.

The Health and Social Care Act 2012 changed the way that personal confidential data is processed, therefore it is important that our patients are aware of and understand these changes, and that you have an opportunity to object and know how to do so.

The health care professionals who provide you with care maintain records about your health and any NHS treatment or care you have received (e.g. NHS Hospital Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.

NHS health records may be processed electronically, on paper or a mixture of both; and we use a combination of working practices and technology are used to ensure that your information is kept confidential and secure.

How we use the information about you

We use your personal and healthcare information in the following ways:

When we need to speak to, or contact other doctors, consultants, nurses or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or ongoing healthcare.
When we are required by Law to hand over your information to any other organisation, such as the police, by court order, solicitors or immigration enforcement.

We will never pass on your personal information to anyone else who does not need it, or has no right to it, unless you give us clear consent to do so.

Under the General Data Protection Regulations (GDPR), we will be lawfully using you information in accordance with:

Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical 4 diagnosis, the provision of health or social care or treatment or the management of health or social care systems

There are times that we may want to use your information to contact you or offer you services not directly about your healthcare. In these instances we will always gain your consent to contact you. We would however like to use your name, contact details and email address to inform you of other services that may benefit you; we will only do this with your consent. There may be occasions where authorised research facilities would like you to take part in innovations, research, improving services or identifying trends; you will be asked to opt in to such programmes.

At any stage where we would like to use your data for anything other than the specified purposes and where there is no lawful requirement for us to share or process your data, we will ensure that you have the ability to consent and opt out prior to any data processing taking place.

This information is not shared with third parties or used for any marketing and you can unsubscribe at any time via phone, email or by informing the practice DPO as below.

How long will we keep your personal information

We are required under UK law to keep your information and date for the full retention periods as specified gy the NHS Records Management Code of Practice for Health and Social Care and national archives requirements.

More information on records retention can be found here

Where do we store your information electronically?

All the personal data we process is processed by our staff in the UK. However for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No third parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have a Data Protection regime in place to oversee the effective and secure processing of your personal and/or special category (sensitive, confidential) data.

The Practice uses a clinical system provided by a Data Processor called EMIS. With effect from 10th June 2019, EMIS will start storing your practice’s EMIS Web data in a highly secure, third party cloud hosted environment, namely Amazon Web Services (“AWS”).

The data will remain in the UK at all times and will be fully encrypted both in transit and at rest. In doing this, there will be no change to the control of access to your data and the hosted service provider will not have any access to the decryption keys. AWS is one of the world’s largest cloud companies, already supporting numerous public sector clients (including the NHS), and it offers the very highest levels of security and support.

Information we collect from you

Records held by this GP practice may include the following information:
Your contact details (such as your name, address and email address including place of work and work contact details)
Details and contact numbers of your next of kin
Your age range, gender, ethnicity
Details in relation to your medical history
The reason for your visit to the surgery
Any contact the practice has had with you, including appointments (emergency or scheduled), clinic visits, etc.
Notes and reports about your health, details of diagnosis and consultations with our GPs and other Health Professionals within the surgery involved in your direct healthcare
Details about treatment and care received  Results of investigations, such as laboratory tests, x-rays, etc.
Relevant information from other health professionals, relatives or those who care for you

Recordings of telephone conversations between yourself and the practice

Information about you from others We also collect personal information about you when it is sent to us from the following:
A hospital, a consultant or any other medical or healthcare professional, or any other person involved with your general healthcare
DVLA requests
Firearms applications
Immigration matters
Court Orders
Safeguarding and Child Protection communications

The practice collects and holds data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. However, we can disclose personal information if:

It is required by law
You provide consent – either implicitly or for the sake of their own care, or explicitly for other purposes
It is justified to be in the public interest

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS.

Information may be used for clinical audit purposes to monitor the quality of service provided, and may be held centrally and used for statistical purposes. Where we do this we ensure that patient records cannot be identified.

Sometimes your information may be requested to be used for clinical research purposes – the practice will always endeavour to gain your consent before releasing the information.

Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care.

Patients can choose to withdraw their consent to their data being used in this way. When the practice is about to participate in any new data-sharing scheme we will make patients aware by displaying prominent notices in the surgery and on our website at least four weeks before the scheme is due to start. We will also explain clearly what you have to do to ‘opt-out’ of each new scheme.

A patient can object to their personal information being shared with other health care providers but if this limits the treatment that you can receive then the doctor will explain this to you at the time.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the General Data Protection Regulations (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security. Every staff member who works for an NHS organisation has a legal obligation to maintain the confidentiality of patient information.

All of our staff, contractors and locums receive appropriate and regular training to ensure they are aware of their personal responsibilities and have legal and contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis. If a sub-contractor acts as a data processor for the Practice, an appropriate contract (Article 24-28) will be established for the processing of your information.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the information sharing principle following Dame Fiona Caldicott’s information sharing review (Information: to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles.

Our practice policy is to respect the privacy of our patients, their families and our staff and to maintain compliance with the General Data Protection Regulations (GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our patients will be protected.

In certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the Data Protection Officer in writing if you wish to withdraw your consent. If some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose in an identifiable format. In some circumstances you can Opt-out of the surgery sharing any of your information for research purposes.

Who we may provide your personal information to and why?

Whenever you use a health or care service, such as attending Accident and Emergency or using Community Care Services, important information about you is collected to help ensure you get the best possible care and treatment. This information may be passed to other approved organisations where there is a legal basis, to help with planning services, improving care, research into developing new treatments and preventing illness. All of this helps in providing better care to you and your family and future generations. However, as explained in this Privacy Notice, confidential information about your health and care is only used in this way where allowed by law and would never be used for any other purpose without your clear and explicit consent.

We may pass your personal information on to the following people or organisations, because these organisations may require your information to assist them in the provision of your direct healthcare needs. It, therefore, may be important for them to be able to access your information in order to ensure they may properly deliver their services to you:

Hospital professionals (such as doctors, consultants, nurses, etc)
Other GPs / Doctors
Specialist Trusts
Primary Care Network
NHS Commissioning Support Units
Independent Contractors such as dentists, opticians, pharmacists
Any other person that is involved in providing services related to your general healthcare, including mental health professionals
Private Sector Providers including pharmaceutical companies to allow for the provision of dressings, hosiery etc
Voluntary Sector Providers
Ambulance Trusts
Clinical Commissioning Groups
Social Care Services
NHS England (NHSE) and NHS Digital (NHSD)
Multi Agency Safeguarding Hub (MASH)
Other ‘data processors’ e.g. Diabetes UK
MJOG and AccuRx messaging services

You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when this is required.

Other people to whom we provide your information

Commissioners
Clinical Commissioning Groups
Local Authorities
Education Services
Community Health Services
Fire & Rescue Services
For the purposes of complying with the law, eg. Police, Solicitors, Insurance Companies, DVLA
Anyone you have given your consent to, to view or receive your record, or part of your record – please note, if you give another person or organisation consent to access your record we will need to contact you to verify your consent before we release that record. It is important that you are clear and understand how much and what aspects of your record you give consent to be disclosed.
Extended Access (Taurus) – we provide extended access services to our patients which means you can access medical services outside of our normal working hours. In order to provide you with this service, we have formal arrangements in place with the Clinical Commissioning Group and with Taurus whereby certain key ‘hub’ practices offer this service on our behalf for you as a patient to access outside of our opening hours. This means those key ‘hub’ practices will have to have access to your medical record to be able to offer you the service. Please note to ensure that those practices comply with the law and to protect the use of your information, we have very robust data sharing agreements and other clear arrangements in place to ensure your data is always protected and used for those purposes only. The key ‘hub’ practices are South Wye Medical Centre, Ryeland Surgery and Pendeen Surgery.
Data Extraction by the Clinical Commissioning Group – the Clinical Commissioning Group at times extracts medical information about you, but the information we pass to them via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify (it is pseudoanonymised). This therefore protects you from anyone who may have access to this information at the Clinical Commissioning Group from ever identifying you as a result of seeing the medical information and we will never give them the information that would enable them to do this.
Herefordshire One Record – Patients in Herefordshire are able to benefit from the sharing of information to better manage their care via the Herefordshire One Record system. This includes sharing: contact details, diagnosis, medications, allergies, test results, referrals and letters and care plans between health professionals in Herefordshire. Health information is shared with:
- Wye Valley NHS Trust (including Community Services)
- St Michael’s Hospice
- 2Gether NHS Foundation Trust
- Taurus Healthcare Ltd (as above)

Further information about Herefordshire One Record can be found here

National Opt-Out Facility

You can choose whether your confidential patient information is used for research and planning.

Who can use your confidential patient information for research and planning?

It is used by the NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments.

Making your data opt-out choice.

You can choose to opt out of sharing your confidential patient information for research and planning. There may still be times when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or to other people’s health. You can also still consent to take part in a specific research project.

Will choosing this opt-out affect your care and treatment?

No, your confidential patient information will still be used for your individual care. Choosing to opt out will not affect your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.

What should you do next?

You do not need to do anything if you are happy about how your confidential patient information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your choice at any time.

Click here find out more or to make your choice or call 0300 303 5678

Third party processors

In order to deliver the best possible service, the practice will share data (where required) with other NHS bodies such as other GP practices and hospitals. In addition, the practice will use carefully selected third party service providers. When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by third parties include:

Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.
Delivery services (for example if we were to arrange for delivery of any medicines to you).
Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

Further details regarding specific third-party processors can be supplied by the Data Protection Officer on request.

Shared Care

To support your care and improve the sharing of relevant information to our partner organisations (as above) when they are involved in looking after you, we will share information to other systems. The general principle is that information is passed to these systems unless you request that this does not happen, but that system users should ask for your consent before viewing your record.

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure. All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. If a sub-contractor acts as a data processor for Ryeland Surgery an appropriate contract (art 24-28) will be established for the processing of your information.

Anonymised Information

Sometimes we may provide information about you in an anonymised form. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.

Third Parties mentioned on your medical record

Sometimes we record information about third parties mentioned by you to us during any consultation. We are under an obligation to make sure we also protect that third party’s rights as an individual and to ensure that references to them which may breach their rights to confidentiality, are removed before we send any information to any other party including yourself. Third parties can include: spouses, partners and other family members.

Your rights as a patient

The Law gives you certain rights to your personal and healthcare information that we hold, as set out below:

Access and Subject Access Requests

you have the right to see what information we hold about you and to request a copy of this information. If you would like a copy of the information we hold about you, please contact the Practice Manager in the first instance. We will provide this information free of charge. However, we may in some limited and exceptional circumstances have to make an administrative change for any extra copies if the information requested is excessive, complex or repetitive. We have one month to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require.

Online Access

You may ask us if you wish to have online access to your medical record. However, there will be certain protocols that we have to follow in order to give you online access, including written consent and production of documents that prove your identity. Please note that when we give you online access, the responsibility is yours to make sure that you keep information safe and secure if you do not wish any third party to gain access.

Correction

We want to make sure that your personal information is accurate and up to date. You may ask us to correct any information you think is inaccurate. It is very important that you make sure you tell us if your contact details including your mobile phone number has changed.

Removal

You have the right to ask for your information to be removed. However, if we require this information to assist us in providing you with appropriate medical services and diagnosis for your healthcare, then removal may not be possible.

Objection

We cannot share your information with anyone else for a purpose that it not directly related to your health, eg. medical research, educational purposes etc. We would ask you for your consent in order to do this however, you have the right to request that your personal and healthcare information is not shared by the 11 Surgery in this way. Please note the Anonymised Information section in this Privacy Notice.

Transfer

You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form) to another organisation, but we will require your clear consent to be able to do this.

Sharing your information without consent

We will normally ask you for your consent, but there are times when we may be required by law to share your information without your consent, for example:

where there is a serious risk of harm or abuse to you or other people;
safeguarding matters and investigations;
where a serious crime, such as assault, is being investigated or where it could be prevented;
notification of new births;
where we encounter infectious diseases that may endanger the safety of others, such as meningitis or measles (but not HIV/AIDS);
where a formal court order has been issued;
where there is a legal requirement, for example if you had committed a Road Traffic Offence

Text messaging and contacting you

Because we are obliged to protect any confidential information we hold about you and we take this very seriously, it is imperative that you let us know immediately if you change any of your contact details.

In the event that we need to notify you about appointments and other services that we provide to you involving your direct care, we may contact you via your mobile phone using the MJOG or AccuRx SMS texting systems. Therefore, you must ensure that we have up to date details. This is to ensure we are sure we are actually contacting you and not another person.

Practice Website

Our Website does use cookies to optimise your experience. Using this feature means you have agreed to the use of cookies as required by the EU Data Protection Directive 95/46/EC. You have the option to decline the use of cookies on your first visit to the website. The only website this Privacy Notice applies to is the Surgery’s website. If you use a link to any other website from the Surgery’s website then you will need to read their respective Privacy Notice. We take no responsibility (legal or otherwise) for the content of other websites.

Risk Stratification

Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or re-admission and identifying a need for preventative intervention. Typically this is because patients have a long term condition such as COPD, cancer or other medical condition at risk of sudden worsening.

Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your anonymous information using computer programmes. Your information is only provided back to your GP or member of your care team in an identifiable form. Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services. Please note that you have the right to opt out of Risk Stratification.

Should you have any concerns about how your information is managed, or wish to opt out of any data collection at the practice, please contact the practice, or your healthcare professional to discuss how the disclosure of your personal information can be limited.

Patients have the right to change their minds and reverse a previous decision. Please contact the practice, if you change your mind regarding any previous choice.

GP Connect

Service The GP Connect service allows authorised clinical staff at NHS 111 to seamlessly access our practice’s clinical system and book directly on behalf of a patient. This means that should you call NHS 111 and the clinician believes you need an appointment with your GP Practice, the clinician will access available appointment slots only (through GP Connect) and book you in. This will save you time as you will not need to contact the practice direct for an appointment.

The practice will not be sharing any of your data and the practice will only allow NHS 111 to see available appointment slots. They will not even have access to your record. However, NHS 111 will share any relevant data with us, but you will be made aware of this. This will help your GP in knowing what treatment / service / help you may require.

Please note if you no longer require the appointment or need to change the date and time for any reason you will need to speak to one of our reception staff and not NHS 111. Medicines Management The Practice may conduct

Medicine Management

Reviews of medications prescribed to its patients. This service performs a review of prescribed medication to ensure patients recent the most appropriate, up to date and cost effective treatments. This service is provided to practices within Herefordshire through Herefordshire Clinical Commissioning Group.

Patient Communication

The Practice would like to use your name, contact details and email address to inform you of NHS services or provide information about your health, information to manage your healthcare or information about the management of the NHS service. There may be occasions were authorised research facilities would like you to take part in research in regard to your particular health issues to try improve your health; your contact details may be used to invite you to receive further information about such research opportunities.

Safeguarding

The Practice is dedicated to ensuring that the principles and duties of safeguarding adults and children are holistically, consistently and conscientiously applied with the wellbeing of all, at the heart of what we do.

Our legal basis for processing for the General Data Protection Regulation (GDPR) purposes is:

3 Article 6(1)(e) ‘…exercise of official authority…’.

For the processing of special categories data, the basis is:

Article 9(2)(b) – ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law…’

The data collected by Practice staff in the event of a safeguarding situation will be as much personal information as is necessary or possible to obtain in order to handle the situation. In addition to some basic demographic and contact details, we will also process details of what the safeguarding concern is. This is likely to be special category information (such as health information).

The Practice will either receive or collect information when someone contacts the organisation with safeguarding concerns, or we believe there may be safeguarding concerns and make enquiries to relevant providers.

The information is used by the Practice when handling a safeguarding incident or concern. We may share information accordingly to ensure duty of care and investigation as required with other partners such as local authorities, the police or healthcare professionals (i.e. their GP or mental health team).

Research

Clinical Practice Research Datalink (CPRD) collects de-identified patient data from a network of GP practices across the UK. Primary care data are linked to a range of other health related data to provide a longitudinal, representative UK population health dataset. You can opt out of your information being used for research purposes at any time (see below).

Click here for full details on their wesbite

The legal basis for processing this information

CPRD do not hold or process personal data on patients; however, NHS Digital (formally the Health and Social Care Centre) may process ‘personal data’ for us as an accredited ‘safe haven’ or ‘trusted third-party’ within the NHS when linking GP data with data from other sources. The legal bases for processing this data are:

Medicines and medical device monitoring: Article 6(e) and Article 9(2)(i) - public interest in the area of public health

Medical research and statistics: Article 6(e) and Article 9(2)(j) - public interest and scientific research purposes

Any data CPRD hold or pass on to bona fide researchers, except for clinical research studies, will have been anonymised in accordance with the Information Commissioner’s Office Anonymisation Code of Practice. We will hold data indefinitely for the benefit of future research, but studies will normally only hold the data we release to them for twelve months.

Primary Care Network

The objective of primary care networks is for group practices together to create more collaborative workforces which ease the pressure of GP’s, leaving them better able to focus on patient care. The aim is that, by July 2019, all areas within England will be covered by a PCN.

Primary care networks form a key building block of the NHS long-term plan. Bringing general practices together to work at scale has been a policy priority for some years for a range of reasons, including improving the ability of practices to recruit and retain staff; to manage financial and estates pressures; to provide a wider range of services to patients and to more easily integrate with the wider health and care system.

All GP practices are expected to come together in geographical networks covering populations of approximately 30–50,000 patients by June 2019 if they are to take advantage of additional funding attached to the GP contract. This size is consistent with the size of the primary care homes, which exist in many places in the country, but is much smaller than most GP Federations.

This means the practice may share your information with other practices within the PCN to provide you with your care and treatment.

Invoice Validation

If you have received treatment within the NHS your personal information may be shared within a strictly monitored, secure and confidential environment in order to determine which CCG should pay for the treatment or procedure you have received.

Information such as your name, address and date of treatment may be passed on to enable the billing process - these details are held in a secure environment and kept confidential. This information will only be used to validate invoices, and will not be shared for any further commissioning purposes.

NHS Health Checks

Cohorts of our patients aged 40-74 not previously diagnosed with cardiovascular disease are eligible to be invited for an NHS Health Check. Nobody outside the healthcare team in the practice will see confidential information about you during the invitation process.

Access to your personal information

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

Your request should be made to the Practice or for information from the hospital you should write direct to them
There is no charge to have a copy of the information held about you
We are required to respond to you within one month
You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.

What should you do if your personal information changes?

You should tell us so that we can update our records. Please contact a member of the Reception Team as soon as any of your details change. This is especially important for changes of address or contact details (such as your mobile phone number). The Practice will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.

Objections and/or Complaints

Should you have any concerns about how your information is managed at the Practice, please contact the Practice Manager. If you are still unhappy following a review by the GP Practice, you can then complain to the Information Commissioner’s Office (ICO) via their website or Telephone: 0303 123 1113.

The Information Commissioner’s Office is the Regulator for the General Data Processing Regulations and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information.

If you are happy for your data to be used for the purposes described in this Privacy Notice, then you do not need to do anything. If you have any concerns about how your data is shared or any , then please contact the practice’s Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer whose details can be found below.

Data Protection Officer

The Practice Data Protection Officer

Paul Couldrey
PCIG Consulting Limited
7 Westacre Drive
Quarry Bank
West Midlands
DY5 2EE

Further Information

Further information about the way in which the NHS uses personal information and your rights in that respect can be found:

Where to find our Privacy Notice

You may find a copy of this Privacy Notice at our Reception Desk, on our website or a copy may be provided on request.

If English is not your first language

If English is not your first language, you can request a translation of this Privacy Notice.

Changes to our Privacy Notice

It is important to point out that we may amend our Privacy Notice from time to time. This Privacy Notice was last updated on 4th September 2019. If you are dissatisfied with any aspect of our Privacy Notice, please contact the Practice Data Protection Officer.

Version 6.0 March 2020

Functional Cookies

3rd Party Cookies