Practice Privacy Information
What is a privacy notice?
A privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your healthcare record.
Why do we need one?
Your doctor’s surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (or GDPR for short)
What is the GDPR?
What a great question! The GDPR is a new document that helps your doctor’s surgery keep the information about you secure. It’s new and will be introduced on the 25th May 2018, making sure that your doctor, nurse and any other staff at the practice follow the rules and keep your information safe.
How do you know about our privacy notice?
At your surgery, we have posters in our waiting room and leaflets to give to children and adults and we also have lots of information about privacy on our website, telling you how we use the information we have about you.
What information do we collect about you?
Don’t worry; we only collect the information we need to help us keep you healthy – such as your name, address, information about your parents, guardians or carers, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.
How do we use your information?
Another great question! Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to been seen by a special doctor or sent for an X-ray. Your doctor’s surgery may be asked to help with exciting medical research; but don’t worry, we will always ask you, or your parents or an adult with parental responsibility, if it’s okay to share your information.
How do we keep your information private?
Well, your doctor’s surgery knows that it is very important to protect the information we have about you. We make sure we follow the rules that are written in the GDPR and other important rule books.
What if I’ve got a long-term medical problem?
If you have a long -term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them help you, making sure you get the care you need when you need it!
Don’t want to share?
All of our patients, no matter what their age, can say that they don’t want to share their information. If you’re under 16 this is something which your parents or carers will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.
How do I access my records?
Remember we told you about the GDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if you’re under 16. But if you are over 12, you may be classed as being competent and you may be able to do this yourself.
What do I do if I have a question?
If you have any questions, ask a member of the surgery team or your parents or adults or carer. You can:
- Contact the practice’s data controller via email using our secure online form GP practices are data controllers for the data they hold about their patients1
- Write to the data controller at Maywood Surgery
- Ask to speak to the Practice Manager
The Date Controller for Maywood Surgery is Dr Alison Esslemont.
The Data Protection Officer (DPO) for Maywood Surgery is Richard Newell – Email: firstname.lastname@example.org .
What to do if you’re not happy about how we manage your information
We really want to make sure you’re happy, but we understand that sometimes things can go wrong. If you or your parents or adults with parental responsibility are unhappy with any part of our data-processing methods, you can complain. For more information, visit the Information Commissioner's Office website and select ‘Raising a concern’.
We always make sure the information we give you is up to date. Any updates will be published on our website, in our newsletter and leaflets, and on our posters. This policy will be reviewed in March 2019
COVID-19 and your information
Updated on 9th April 2020
Supplementary privacy notice on Covid-19 for Patients
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice.
The health and social care system is facing significant pressures due to the COvid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law, the Secretary of State has required NHS Digital; NHS England and bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-Outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access Requests (SARs), Freedom of Information requests (FOIs) and new opt out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we may share your confidential patient information included health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text message or email.
During this period of emergency we may offer you a consultation via telephone or video conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and the NHSX have developed a single, secure store to gather data from across the health and care system to information the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patient themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.