Access to Records
In accordance with GDPR, the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through Reception who will provide you with the necessary forms to complete. No information will be released without the patient consent unless we are legally obliged to do so.
Confidentiality and Medical Records
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To provide further medical treatment for you e.g. from district nurses and hospital services.
- To help you get other services e.g. from the social work department. This requires your consent.
- When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.
Reception and Administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Data Protection
Data Protection – Your Personal Data is Safe
We are aware that recent events highlighted in the media concerning sharing your personal data may have left you confused and worried.
This has led to a rise in the number of queries asking us who we actually share your personal data with, do we have the rights to and can we trust these external organisations to look after your personal data.
We would like to assure you that as a practice we take your personal data very seriously and we have certain processes in place to make sure your personal data is in safe hands at all times.
As a practice we must adhere to UK Data Protection laws, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, both pieces of legislation are around to make sure we look after your data. Where we do not follow any part of the Data Protection laws we are at risk of being investigated by the Information Commissioner’s Officer (ICO) on your behalf, and possibly being issued with a fine or warning. The ICO is an independent advisory body who report directly to Parliament and make sure your rights around your personal data are protected.
To help us keep on track and make sure we abide by these laws we complete something called the Data Security and Protection Toolkit (DSPT) that incorporates the laws. It helps us measure how we are doing and keeps us in line with the law and we are required to complete this annually.
There will be times when we have to share your personal data with external organisations / companies in order to provide you with the care you need. However, we only do this where we need to, where we have a legal reason to do so and when we are happy they will continue to safeguard your personal data. An example would be the Clinical IT system we use that holds your medical records, this is supplied by an IT company who will host your personal data to enable us to use the system.
In any event where we share your personal data we will conduct the necessary Data Protection checks with the external organisation. Like us, they are required by data protection law to provide us with relevant assurances that any personal data we share with them will remain secure. Under the UK GDPR they are required to provide us with documents to assure us and this will include contracts which must include UK GDPR clauses. If an organisation does not process your personal data in line with law they too will be investigated by the ICO.
We cannot share your personal data without a legal basis, which means we cannot give your personal data to anyone ‘just because’ they want it. The UK GDPR sets out 6 legal bases we can use, the most common one you would have heard of is ‘consent.’ Consent is not often used in healthcare and where we are using your personal data for direct care, it just would not work and the UK GDPR recognise this so we apply a legal basis called ‘public tasks.’ Public tasks covers the use of personal data where it relates to either being in the interest of the patients care or the public interest. This means that
we do not need to ask for your consent, although we are obliged to be open and transparent with your personal data which we do via our Privacy Notice (see section ‘How we use your information‘)
We certainly will not sell your personal data to anyone.
When we share your personal data we need to abide by the UK GDPR principles, one of which is called ‘data minimisation’ – this means we can legally only share what is relevant and necessary for the task.
Finally along with completing the DSPT (as mentioned above) where we have any data protection concerns or need advice we have a dedicated Information Governance team who are on hand to guide us through the do’s and don’ts.
We hope this information has provided you with assurance that we take the necessary steps to make sure your personal data is safe when in our care and that where we share your personal data we do so only if the law allows us to.
- How information about you helps us to provide better care
- Care Data – Frequently Asked Questions
- National Data Opt Out Policy
- Type 1 Data Opt Out Form – please complete and return to the practice
- You can find out more on the NHS England Your Data Matters
Freedom of Information
Information about the General Practitioners and the practice required for disclosure under this act can be made available to the public.
All requests for such information should be made to the Practice Manager by emailing [email protected].
How we use your information
Please read our Privacy notices below. They explain what information we collect about you, how we store this information, how long we retain it and with whom and for which purpose we may share it.
Social Media Policy
We have a policy in place for what is considered appropriate and acceptable use of the practices social media pages by patients accessing the content posted.
All patients are expected to adhere to the Patient Social Media and Acceptable Use Policy.
In cases where patients are in breach of the policy, action may be taken against the individual.
You can find the full details of our Patient Social Media and Acceptable Use Policy below:
Patient Social Media and Acceptable Use Policy **need to provide document**
Summary Care Record Policy
There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.
Why do I need a Summary Care Record?
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Who can see it?
Only healthcare staff involved in your care can see your Summary Care Record.
Do I have to have one?
No, it is not compulsory. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery. You can access the form by clicking here.
For further information visit the NHS Care records website.
Zero Tolerance
The Practice takes it very seriously if a member of staff or one of the doctors or nursing team is treated in an abusive or violent way.
The Practice supports the government’s ‘Zero Tolerance’ campaign for Health Service Staff. This states that GPs and their staff have a right to care for others without fear of being attacked or abused. To successfully provide these services a mutual respect between all the staff and patients has to be in place. All our staff aim to be polite, helpful, and sensitive to all patients’ individual needs and circumstances. They would respectfully remind patients that very often staff could be confronted with a multitude of varying and sometimes difficult tasks and situations, all at the same time. The staff understand that ill patients do not always act in a reasonable manner and will take this into consideration when trying to deal with a misunderstanding or complaint.
However, aggressive behaviour, be it violent or abusive, will not be tolerated and may result in you being removed from the Practice list and, in extreme cases, the Police being contacted. In order for the practice to maintain good relations with their patients the practice would like to ask all its patients to read and take note of the occasional types of behaviour that would be found unacceptable:
- Using bad language or swearing at practice staff
- Any physical violence towards any member of the Primary Health Care Team or other patients, such as pushing or shoving
- Verbal abuse towards the staff in any form including verbally insulting the staff
- Racial abuse and sexual harassment will not be tolerated within this practice
- Persistent or unrealistic demands that cause stress to staff will not be accepted. Requests will be met wherever possible and
- explanations given when they cannot
- Causing damage/stealing from the Practice’s premises, staff or patients
- Obtaining drugs and/or medical services fraudulently
We ask you to treat your GPs and their staff courteously at all times.
Removal from the practice list
A good patient-doctor relationship, based on mutual respect and trust, is the cornerstone of good patient care. The removal of patients from our list is an exceptional and rare event and is a last resort in an impaired patient-practice relationship. When trust has irretrievably broken down, it is in the patient’s interest, just as much as that of the practice, that they should find a new practice. An exception to this is on immediate removal on the grounds of violence e.g. when the Police are involved.
Removing other members of the household
In rare cases, however, because of the possible need to visit patients at home it may be necessary to terminate responsibility for other members of the family or the entire household. The prospect of visiting patients where a relative who is no longer a patient of the practice by virtue of their unacceptable behaviour resides, or being regularly confronted by the removed patient, may make it too difficult for the practice to continue to look after the whole family. This is particularly likely where the patient has been removed because of violence or threatening behaviour and keeping the other family members could put doctors or their staff at risk.