Privacy Notice

 

BACK TO MAIN INDEX

 

How we use your personal information

This Privacy Notice explains why this GP practice collects information about you and how that information may be used.

Health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.).  These records are used to help to provide you with the best possible healthcare.

image depicting privacy notice

NHS health care records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records  this GP Practice hold about you may include the following information:

  • Details about you, such as your name, address, carers, legal representatives and emergency contact details
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you

We record all incoming and outgoing telephone calls to the Practice. This helps us with training staff and to improve the quality of our call handling. We may also use the recording to help resolve a complaint or claim.

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.

Some of this information will be held centrally and used for statistical purposes.

Where we do this, we take strict measures to ensure that individual patients cannot be identified.

Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.

 

Risk Stratification

Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information using software and is only provided back to your GP as data controller in an identifiable form. Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services.

Please note that you have the right to opt out of your data being used in this way.

 

Medicine Management

The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments. This service is provided to practices within Westminster and the local Clinical Commissioning Group.

 

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • General Data Protection Regulation 2016 (Previously: Data Protection Act 1998)
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health and Social Care Act 2012
  • NHS Codes of Confidentiality, Information Security and Records Management
  • Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and/or in accordance with the new information sharing principle following the Caldicott information sharing review.

This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles.

 

How long do we retain your information?

Whenever we collect or process your data, we will only keep it for as long as is necessary for the purpose it was collected. We comply with the Records Management NHS Code of Practice which states that we keep medical records for 10 years after date of death. Following this time, the records are securely destroyed if stored on paper, deleted on the electronic health record system or archived for research purposes where this applies.

Incoming and outgoing calls to the practice number are kept for 28 days after which they are deleted, similarly emails sent to our Grand Union email inbox are kept for 28 days after which they are deleted. Some telephone calls or emails may be kept for longer than 28 days if they are in relation to an ongoing matter.

 

Data Retention

We manage patient records in line with the Records Management NHS Code of Practice for Health and Social Care which sets the required standards of practice in the management of records for those who work within or under contract to NHS organisations in England, based on current legal requirements and professional best practice. 

 

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:

  • NHS Trusts / Foundation Trusts
  • GPs
  • NHS Commissioning Support Units
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Providers
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • Health and Social Care Information Centre (HSCIC)
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police and Judicial Services
  • Voluntary Sector Providers
  • Private Sector Providers
  • Other ‘data processors’ which you will be informed of.

Specific details of the organisations with whom we share your data can be seen by following this link

You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required.

 

What if I don't want my information to be shared in this way?

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit NHS - Your Data Matters. On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone 
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: NHS - Health Research Authority (which covers health and care research); and Understanding Patient Data (which covers how and why patient information is used, the safeguards and how decisions are made).

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

 

Access to personal information

You have a right under the General Data Protection Regulation 2016, to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:

  • Your request must be made in writing to the GP – for information from the hospital you should write direct to them
  • There will not be a charge to have a printed copy of the information held about you
  • We are required to respond to you within 30 days 
  • You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located.
 

Objections/Complaints

Should you have any concerns about how your information is managed at our practice, please contact the Practice Manager. If you are still unhappy following a review by our clinic, you can complain to the Information Commissioners Office (ICO).

If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything.  If you have any concerns about how your data is shared then please contact the practice.

 

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

 

Notification

The Data Protection Act 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.

We are registered as a data controller and our registration can be viewed online in the public register via the Information Commissioner's Office website

Any changes to this notice will be published on our website and in a prominent area at the Practice.

 

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is:

The Grand Union Health Centre
Harrow Road
London
W2 5EH

 

Who is the Data Protection Officer?

The Data Protection Officer for NW London can be contacted at nwl.infogovernance@nhs.net

 

Complaints

Should you have any concerns about how your information is managed by the Practice please contact the Practice Manager at the following address:

The Grand Union Health Centre
209 Harrow Road
London
W2 5EH

For independent advice about data protection, privacy and data-sharing issues, you can contact:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow Cheshire SK9 5AF
Phone: 0303 123 1113
or, click here to visit the website

 

Addendum

COVID-19 contingency sharing

Primary care staff across each borough will be able to access your full medical record without consent during the COVID-19 pandemic but will only do so when this is necessary to provide you with care. They will be required to use a smartcard which confirms their identity, and which limits their access and actions to those appropriate for their role. They will all have been trained to understand their professional and legal responsibilities in providing you with care.