General Data Protection Regulation (GDPR)

The GDPR is a regulation that is applicable from 25th May 2018. It strengthens the protection of personal data.

The UK is enacting a Data Protection Bill which enshrines the provisions of the GDPR into UK law and establishes continuity of the GDPR in the UK post Brexit. The Data Protection Act will be repealed at this time.

What GDPR means for patients

General Data Protection Regulation (GDPR)

 

Privacy Notices

What are Privacy Notices?

A privacy notice is a statement or a legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. It fulfills a legal requirement to protect a customer or client's privacy.

 

How we use your information

  • We collect and hold data about you for the purpose of providing safe and effective healthcare
  • Your information may be shared with other NHS organisations to audit services and help provide you with better care
  • Information sharing is subject to strict agreements on how it is used.
  • We will only share your information outside of NHS organisations with your consent*
  • If you are happy with how we use your information you do not need to do anything.
  • If you do not want your information to be used for any purpose beyond providing your care please let us know so we can code your record appropriately.
  • You can object to sharing information with other health care providers but if this limits your treatment options we will tell you.
  • Our guiding principle is that we are holding your information in the strictest confidence.
  • For more information about who are our partner organisations and how your data is used please see more detailed information below or ask at reception.

* Unless the health & safety of others is at risk, the law requires it or it is required to carry out a statutory function.

Please see the links below for Privacy Notices that detail how your information may be used:

 

Access To Medical Records

As a patient you have the right to request access to your medical records. Under the new GDPR we as a surgery can no longer charge you for this unless the request is deemed to be excessive (e.g. a repeat request).

The time period for us to comply with such a request is now one calendar month, reduced from 40 days.

If you would like to request access to your medical records, please download and complete the form opposite and hand this to reception.

 

National Data Opt-Out Programme

The National Data Opt-Out Programme is a new service that allows people to opt out of their confidential patient information being used for research and planning.

FIND OUT MORE

Should you wish to opt out of us sharing your information with programmes such as Care.data and Summary Care Record, please download and complete the opt-out form below and hand to a receptionist.

 

NHS Digital will not collect patients’ names or addresses

Any other data that could directly identify patients (such as NHS Number, date of birth, full postcode) is replaced with unique codes which are produced by de-identification software before the data is shared with NHS Digital.

This process is called pseudonymisation and means that patients will not be identified directly in the data. NHS Digital will be able to use the software to convert the unique codes back to data that could directly identify patients in certain circumstances, and where there is a valid legal reason.

We will collect structured and coded data from patient medical records.

NHS Digital will collect:
  • data about diagnoses, symptoms, observations, test results, medications, allergies, immunisations, referrals, recalls and appointments, including information about physical, mental and sexual health.
  • data on sex, ethnicity, and sexual orientation.
  • data about staff who have treated patients.
NHS Digital does not collect:
  • name and address (except for postcode, protected in a unique coded form).
  • written notes (free text), such as the details of conversations with doctors and nurses.
  • images, letters, and documents. 
  • coded data that is not needed due to its age - for example medication, referral and appointment data that is over 10 years old.
  • coded data that GPs are not permitted to share by law - for example certain codes about IVF treatment, and certain information about gender re-assignment.
NHS Digital also have a very short YouTube video for patients to watch called “How the NHS uses your patient data from GP Practices