Practice Policies & Patient Information

Practice Policies & Patient Information

Privacy Notice

The details of transfers of the personal data to any third countries or international organisations.

As a GP surgery, the only occasions when this would occur would be if you specifically requested this to occur- the practice will never routinely send patient data outside of the UK where the laws do not protect your privacy to the same extent as the law in the UK.

Retention periods for your personal data.

As long as you are registered as a patient with the surgery, your paper records are held at the practice along with your GP electronic record. If you register with a new practice, they will initiate the process to transfer your records. The electronic record is transferred to the new practice across a secure NHS data-sharing network and all practices aim to process such transfers within a maximum of 8 working days. The paper records are then transferred which can take longer. Primary Care Services England also look after the records of any patient not currently registered with a practice and the records of anyone who has died.

Once your records have been forwarded to your new practice (or after your death forwarded to Primary Care Services England), a cached version of your electronic record is retained in the practice and classified as “inactive”. If anyone has a reason to access an inactive record, they are required to formally record that reason and this action is audited regularly to ensure that all access to inactive records is valid and appropriate. We may access this for clinical audit (measuring performance), serious incident reviews, or statutory report completion (e.g., for HM Coroner).

A summary of retention periods for medical records can be found on the BMA website.

The rights available to you in respect of data processing.

Under the GDPR all patients have certain rights in relation to the information which the practice holds about them. Not all of these rights apply equally, as certain rights are not available depending on the situation and the lawful basis used for the processing- for reference, these rights may not apply are where the lawful basis we use (as shown in the above table in the section on “lawful bases”) is:

Processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller – in these cases, the rights of erasure and portability will not apply.

Legal Obligation – in these cases the rights of erasure, portability, objection, automated decision making and profiling will not apply.

Right to be Informed

You have the right to be informed of how your data is being used. The propose of this document is to advise you of this right and how your data is being used by the practice.

The Right of Access

You have the right of access.You have the right to ask us for copies of your personal information- this right always applies. There are some exemptions, which means you may not always receive all the information we process.

The Right to Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

The Right to Erasure

You have the right to ask us to erase your personal information in certain circumstances- This will not generally apply in the matter of health care data.

The Right to Restrict Processing

You have the right to ask us to restrict the processing of your information in certain circumstances– You have to right to limit the way in which your data is processed if you are not happy with the way the data has been managed.

The Right to Object

You have the right to object to processing if you disagree with the way in which part of your data is processed you can object to this- please bear in mind that this may affect the medical services we are able to offer you.

Rights in Relation to Automated Decision Making and Profiling.

Your rights in relation to automated processing– Sometimes your information may be used to run automated calculations. These can be as simple as calculating your Body Mass Index or ideal weight but they can be more complex and used to calculate your probability of developing certain clinical conditions, and we will discuss these with you if they are a matter of concern.

Typically, the ones used in the practice may include:

Qrisk– a cardiovascular risk assessment tool that uses data from your record such as your age, blood pressure, cholesterol levels etc to calculate the probability of you experiencing a cardiovascular event over the next ten years.

Qdiabetes– a diabetes risk assessment tool that uses your age, blood pressure, ethnicity data etc to calculate the probability of you developing diabetes.

CHADS – an assessment tool that calculates the risk of a stroke occurring for patients with atrial Fibrillation

This is not an exhaustive list- other tools may be used depending on your personal circumstances and health needs, however whenever we use these profiling tools, we assess the outcome on a case-by-case basis. No decisions about individual care are made solely on the outcomes of these tools, they are only used to help us assess your possible future health and care needs with you and we will discuss these with you.

The Right to Data Portability

Your right to data portability This only applies to information you have given us- you have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract, and the processing is automated, so will only apply in very limited circumstances.

The Right to Withdraw Consent

Because under the provisions of Data Protection Law most of the data processing activities carried out by the practice are not done under the “lawful basis” of consent you cannot withdraw consent as such, however, if you are not happy with the way your data is being processed you do have the right to object and the right to ask us to restrict processing.

There is a new national opt-out that allows people to opt-out of their confidential patient information being used for reasons other than their individual care and treatment. The system offers patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. Details of the national patient opt-out can be found online.

In the past, you may have already chosen to prevent your identifiable data from leaving NHS Digital, known as a Type 2 opt-out. All existing Type 2 opt-outs will be converted to the new national data opt-out and this will be confirmed by a letter to all individuals aged 13 or over with an existing Type 2 objection in place. Once the national data opt-out is launched, it will no longer be possible to change preferences via local GP practices.

The Right to Lodge a Complaint With a Supervisory Authority.

If you are happy for your information to be used, and where necessary shared, for the purposes described in this notice then you do not need to do anything.

Should you have any concerns about how your information is managed at the practice, please contact us.

If you are still unhappy following a review by the GP practice, you can then complain to the Information Commissioners Office (ICO) via:

Their website: ico.org.uk.

Email: casework@ico.org.uk.

Telephone: 0303 123 1113 (local rate) or 01625 545 745.

Or by mail: The Information Commissioner.

Wycliffe House, Water lane

Wilmslow, Cheshire, SK9 5AF

Summary Care Record (SCR)

What is a Summary Care Record?

Your Summary Care Record is a short summary of your GP medical records. It tells other health and care staff who care for you about the medicines you take and your allergies.

Some patients, including many with long term health conditions, have previously agreed to have additional information shared as part of their Summary Care Record. This additional information includes information about significant medical history (past and present), reasons for medications, care plan information and immunisations.

During the coronavirus pandemic period, your Summary Care Record will automatically have additional information included from your GP record unless you have previously told the NHS that you did not want this information to be shared.

Who Can View Your Record?

Staff will ask your permission to view your SCR (except in an emergency where you are unconscious, for example) and only staff with the right levels of security clearance can access the system, so your information is secure.

Do you Have to Have a Summary Care Record?

The purpose of SCR is to improve the care that you receive, however, if you don’t want to have an SCR you have the option to opt-out. If this is your preference please inform your GP or fill in an SCR opt-out form and return it to your GP practice.

For more detailed information click the link here

https://digital.nhs.uk/services/summary-care-records-scr/summary-care-records-scr-information-for-patients.

GP Earnings

All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice. The average pay for GPs working in Shaftesbury Medical Centre in the last financial year was £50,568 before tax and national insurance. This is for 5 full-time GP’s and 6 part-time GP’s and 2 locums who worked in the practice for more than six months.

GDPR

How we Use Your Information to Provide you With Healthcare

This practice keeps medical records confidential and complies with the General Data Protection Regulation.

We hold your medical record so that we can provide you with safe care and treatment.

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.

We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, when they refer you to a specialist in a hospital. Or your prescription to your chosen pharmacy.

Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record or locally Leeds Care record. For more information see our privacy notice on our practice website.

You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any factual mistakes or errors corrected.

Other Important Information About How Your Information is Used to Provide you With Healthcare

Registering for NHS Care

All patients who receive NHS care are registered on a national database.

This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.

The database is held by NHS Digital a national organisation that has legal responsibilities to collect NHS data.

Identifying Patients Who Might be at Risk of Certain Diseases

Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to the hospital.

This means we can offer patients additional care or support as early as possible.

This process will involve linking information from your GP record with information from other health or social care services you have used.

The information that identifies you will only be seen by this practice.

Safeguarding

Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from the risk of harm.

These circumstances are rare.

We do not need your consent or agreement to do this.

Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to the hospital.

This means we can offer patients additional care or support as early as possible.

This process will involve linking information from your GP record with information from other health or social care services you have used.

The information which identifies you will only be seen by this practice.

How Your Information is Used for Medical Research and to Measure the Quality of Care

Medical Research

We share information from medical records:

To support medical research when the law allows us to do so, for example, to learn more about why people get ill and what treatments might work best;

We will also at times use your medical records to carry out research within the practice.

If we share information with medical research organisations we would do this with your explicit consent or when the law allows. You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to the practice if you wish to object.

Checking the Quality of Care – National Clinical Audits

We contribute to national clinical audits so that healthcare can be checked and reviewed.

Information from medical records can help doctors and other healthcare workers measure and check the quality of care which is provided to you.

The results of the checks or audits can show where hospitals are doing well and where they need to improve.

The results of the checks or audits are used to recommend improvements to patient care.

Data is sent to NHS Digital a national body with legal responsibilities to collect data.

The data will include information about you, such as your NHS Number and date of birth and information about your health which is recorded in coded form – for example, the code for diabetes or high blood pressure.

We will only share your information for national clinical audits or checking purposes when the law allows.

You have the right to object to your identifiable information being shared for national clinical audits. Please contact the practice if you wish to object.

How Your Information is Shared so That This Practice Can Meet Legal Requirements

The law requires practices to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:

Plan and manage services;

Check that the care being provided is safe;

Prevent infectious diseases from spreading.

We will share information with NHS Digital, the Care Quality Commission and the local health protection team (or Public Health England) when the law requires us to do so.

National Screening Programmes

The NHS provides national screening programmes so that certain diseases can be detected at an early stage.

These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service.

The law allows us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.

Confidentiality Policy

Access to Health Records

You have a legal right to apply for access to health information held about you.

A health record contains information about your mental and physical health recorded by a healthcare professional as part of your care.

If you want to see your health record please submit a written request to a member of our reception team,  a verbal request is acceptable if a written request is not possible. You will need to specify what information you require and why. You will need proof of ID.

Your GP will decide whether your request can be approved. We can refuse your request if, for example, we believe that releasing the information may cause serious harm to your physical or mental health or that of another person.

Confidentiality

The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

To provide further medical treatment for you e.g. from district nurses and hospital services.

To help you get other services e.g. from the social work department. This requires your consent.

When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at the local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Chaperone

Chaperones are available to both male and female patients. Please discuss this with your doctor. Our chaperones are all fully trained to perform their duties.

Allocated GP

All patients have a named GP who is responsible for their care. There is no need for you to see your named GP you should continue to see the GP of your choice. We allocate all patients to a GP based on the letter of their surname.

Abusive Behaviour Policy

The NHS operate a zero-tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety.

All staff in this Practice have the right to do their work in an environment free from violent, threatening or abusive behaviour and everything will be done to protect this right. If you do not respect the rights of our staff we may choose to inform the police and make arrangements for you to be removed from our medical list.