Our Privacy Notice and GDPR

Privacy Notice

PRIVACY NOTICE

This Practice aims to provide you with the highest quality of Healthcare. To do this we must keep records about you, your health and the care we have provided or plan to provide.

These records may include:

  • Basic details about you, such as address, date of birth, next of kin;
  • Notes and reports about your health;
  • Contact we have had with you such as clinical visits;
  • Details and records about your treatment and care;
  • Results of x-rays, laboratory tests etc.
  • Relevant information from people who care for you and know you well, such as health professionals and relatives.

The people who care for you use your records to:

  • Provide a good basis for all health decisions made by you and care professionals;
  • Make sure your care is safe and effective;
  • Work effectively with others providing you with care.

We may also need to use records about you to:

  • Check the quality of care;
  • Protect the health of the general public;
  • Help investigate any concerns or complaints you or your family have about your health care

We will not share information that identifies you for any reason, unless:

  • You ask us to do so;
  • We ask and you give your consent;
  • It is clinical emergency;
  • We have to do this by law

Everyone working for the NHS has a legal duty to keep information about you confidential. We have a duty to:

  • Maintain full and accurate records of the care we provide to you;
  • Keep records about you confidential, secure and accurate;
  • Provide information in a format that is accessible to you (eg in large type if you are partially sighted).

Third party processors

In order to deliver the best possible service, the practice will share data (where required) with other NHS bodies such as other GP practices and hospitals. In addition the practice will use carefully selected third party service providers. When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance

with our instructions and that they are operating appropriately. Examples of functions that may be carried out by third parties includes:

  • Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.
  • Delivery services (for example if we were to arrange for delivery of any medicines to you).
  • Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

You have the right

  • You have the right to confidentiality under the Data Protection Act 1998 (DPA), The General Data Protection Regulations 2018, the Human Rights Act 1998 and the common law duty of confidentiality.
  • You also have the right to ask for a copy of your records to enable you to verify the lawfulness of the processing of data held about you – Please write to the Practice FAO Data Controller at the normal surgery address detailing the information you require.

The Data Controller for this Practice is: THE UNIVERSITY HEALTH CENTRE –DRS MOUNSEY,RASAKUMARAN & THOMAS

The Data Protection Officer for this Practice can be contacted on helen.mcnae@this.nhs.uk/this.dpo@nhs.net

 

SUPPLEMENTARY PRIVACY NOTICES REGARDING

COVID-19

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak.

 It supplements our main Privacy Notice which is available at the University Health Centre.

 The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak.

Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk. 

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111.

We may also use the details we have to send public health messages to you, either by phone, text or email. 

During this period of emergency we may offer you a consultation via telephone or videoconferencing.

By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak.

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

OUR DATABASE PROVIDER STATEMENT

EMIS GDPR Compliance Statement.pdf