Privacy and Confidentiality
This privacy notice explains why BURGESS
ROAD SURGERY collects information about you, how we keep it safe and
confidential and how that information may be used.
COLLECT INFORMATION ABOUT YOU
Health care professionals who provide
you with care are required by law to maintain records about your health and any
treatment or care you have received within any NHS organisation. These records
help to provide you with the best possible healthcare.
We collect and hold data for the sole
purpose of providing healthcare services to our patients. In carrying out this
role we may collect information about you which helps us respond to your queries
or secure specialist services. We may keep your information in written form
and/or in digital form. The records may include basic details about you, such as
your name and address. They may also contain more sensitive information about
your health and information such as outcomes of needs assessments.
DETAILS WE COLLECT ABOUT YOU
The health care professionals who
provide you with care maintain records about your health and any treatment or
care you have received previously or elsewhere (e.g. NHS Hospital Trust, other
GP Surgery, Out of Hours GP Centre, A&E, Walk-in clinic, etc.). These records
help to provide you with the best possible healthcare.
Records which we may hold about you may
include the following:
Details about you, such as your
address and next of kin, emergency
Your home telephone number,
mobile phone number, email address
Any contact the surgery has had
with you, such as appointments, clinic visits, immunisations, emergency
Notes and reports about your
health, treatment and care
Results of investigations, such
as laboratory tests, x-rays, etc.
Relevant information from other
health professionals, relatives or those who care for
Recording of telephone calls made
between Burgess road surgery and you
KEEP YOUR INFORMATION CONFIDENTIAL AND SAFE
All your GP NHS health records are
kept electronically. Our GP records database is hosted by CLINICAL SYSTEM, who
are acting as data processors, and all information is stored on their secure
servers in Leeds TPP SystmOne, is protected by appropriate security, and access
is restricted to authorised personnel.
We also make sure that data
processors that support us are legally and contractually bound to operate and
prove security arrangements are in place where data that could or does identify
a person are processed.
We only email you, or use your
mobile number to text you, regarding matters of medical care, such as
appointment reminders and (if appropriate) test results.
Unless you have separately
given us your explicit consent,
we will not email you for non-medical matters (such as surgery newsletters,
patient participation group and other information).
We maintain our duty of
confidentiality to you always. We will only ever use or pass on information
about you if others involved in your care have a genuine need for it. We will
not disclose your information to any third party without your permission unless
there are exceptional circumstances (i.e. life or death situations), or where
the law requires information to be passed on.
HOW WE USE INFORMATION ABOUT YOU
Confidential patient data will be
shared within the healthcare team at the practice, including nursing staff,
admin staff, secretaries and receptionists, and with other healthcare
professionals to whom a patient is referred. Those individuals have a
professional and contractual duty of confidentiality.
Details of who is authorised to access
your GP record can be found on our website, or please ask at reception.
BURGESS ROAD SURGERY uses data
processors to perform certain administrative tasks for us, particularly where
these involve large numbers of patients. Details of these data processors can be
found on our website or please ask at reception.
REFERRALS FOR SPECIFIC
We sometimes provide your information to other organisations for them to provide
you with medical services. We will always inform you of such a referral and you
always have the right not to be referred in this way.
Risk stratification is a process for
identifying and managing patients who are at a higher risk of emergency hospital
admission. Typically this is because patients have a long term condition such
as Diabetes, COPD or cancer. NHS England encourages GPs to use risk
stratification tools as part of their local strategies for supporting patients
with long-term conditions and to help prevent avoidable admissions into
hospital. Information about you is collected from a number of sources including
NHS Trusts and from this GP Practice. A risk score is then arrived at through an
analysis of your anonymous information using computer programmes. Your
information is only provided back to your GP or member of your care team in an
identifiable form. Risk stratification enables your GP to focus on the
prevention of ill health and not just the treatment of sickness. If necessary
your GP may be able to offer you additional services.
Please note that you have the right
to opt out of Risk Stratification.
Should you have any concerns about
how your information is managed, or wish to opt out of any data collection at
the Practice, please contact the reception team or your healthcare professional
to discuss how the disclosure of your personal information can be restricted.
All patients have the right to change their minds and reverse a previous
decision. Please contact the practice if you change your mind regarding any
NHS HEALTH CHECKS
All of our patients aged 40-74 not
previously diagnosed with cardiovascular disease are eligible to be invited for
an NHS Health Check. Nobody outside the healthcare team in the practice will
see confidential information about you during the invitation process and only
contact details would be securely transferred to a data processor (if that
method was employed). You may be ‘given the chance to attend your health check
either within the practice or at a community venue. If your health check is at a
community venue all data collected will be securely transferred back into the
practice system and nobody outside the healthcare team in the practice will see
confidential information about you during this process.
WHO ARE OUR PARTNER
We may also have to share your information, subject
to strict agreements on how it will be used. The following are examples of the
types of organisations that we are likely to share information with:
NHS and specialist hospitals, Trusts
Independent Contractors such as dentists, opticians, pharmacists
Private and Voluntary Sector Providers
Clinical Commissioning Groups and NHS England
Social Care Services and Local Authorities
Police, Fire and Rescue Services
Other ‘data processors’ during specific project work e.g. Diabetes UK
MANDATORY DISCLOSURE OF
We are sometimes legally obliged
to disclose information about patients to relevant authorities. In these
circumstances the minimum identifiable information that is essential to serve
that legal purpose will be disclosed.
That organisation will also have a
professional and contractual duty of confidentiality. Data will be anonymised if
at all possible before disclosure if this would serve the purpose for which the
data is required.
Organisations that we are sometimes
obliged to release information to include:
NHS Digital (e.g. the National
Local Authorities (Social
The Health Service
PERMISSIVE DISCLOSURE OF
Only with your explicit consent,
BURGESS ROAD SURGERY can release information about you, from your GP record, to
relevant organisations. These may include:
INFORMATION ON OTHER DATABASES
BURGESS ROAD SURGERY can access certain
medical information about you, when relevant or necessary, that is held on other
databases (i.e. under the control of another data controller). These include
Southampton General Hospital databases and NHS Digital’s Open Exeter database.
Accessing such information would only be for your direct medical care.
BURGESS ROAD SURGERY sometimes
undertakes accredited research projects. Where this involves accessing
identifiable patient information, we will only do so with the explicit consent
of the individual and Research Ethics Committee approval.
BURGESS ROAD SURGERY is not currently
involved with other research projects such as the Clinical Practice Research
Database (CPRD) or QResearch, and we do not permit secondary processing (e.g.
for research, “analytics”, commissioning, commercial or political purposes) of
our patients’ information uploaded to the Hampshire Health Record.
RIGHT TO OPT-OUT OF SHARING YOUR INFORMATION
You have the right to opt-out (or
object) to ways in which your information is shared, both for direct medical
care purposes (such as the national NHS data sharing schemes), i.e. primary
uses of your information, or for purposes other than your direct medical
care – so-called secondary uses. Details of these purposes and how you
can opt out, can be found on our website or ask at reception.
ACCESS TO YOUR
You have a right under the General Data Protection
Regulations 2018 and the Data protection Act 1998 to access/view information the
Practice holds about you, and to have it amended or removed should it be
inaccurate. This is known as ‘the right of subject access’. If we do hold
information about you we will:
Give you a description of it;
Tell you why we are holding it;
Tell you who it could be disclosed to; and let you have a copy of the
information in an intelligible form.
The Data Protection Act 1998 requires
organisations to register a notification with the Information Commissioner to
describe the purposes for which they process personal and sensitive information.
We are registered as a data controller
and our registration can be viewed online in the public register at:
If you have concerns or are unhappy
about any of our services, please contact the Practice Manager. Details of how
to complain are on our website, or available in practice.
For independent advice about data
protection, privacy, and data sharing issues, you can contact:
The Information Commissioner
Cheshire SK9 5AF
Phone: 08456 30 60 60
If you would like
any further information about primary or secondary uses of
your GP record, opting out, the NHS Databases,
access to your medical record,
confidentiality, or about any other aspect of NHS data sharing or your medical
records, then please do contact the surgery’s Caldicott Guardian
What GDPR means for patients
Privacy Notice – Children
Application to access medical records - Subject Access Request
Data Sharing Opt-Out Form
23 May 2018
for top of the page