Confidentiality

Everyone who works for the NHS has a legal duty to keep information about you confidential. We will only provide information to those who are authorised to receive it and who will keep it confidential. Whenever possible any information passed on will be anonymised.

In line with the new GDPR (General Data Protection Regulation Act) which came into force on 25th May 2018 you will be asked by a member of staff/clinician for your consent before sending any referral/information to other medical professionals in looking after your clinical needs.

We hold your patient records in the strictest confidence, regardless of whether they are electronic or on paper. We take all reasonable precautions to prevent unauthorised access to your records, however they are stored. Any information that may identify you is only shared with the practice team, or, if you are referred to hospital, to the clinician who will be treating you. We will only share information about you with anyone else if you give your permission in writing.

Use of your contact details

We may try to contact you using the mailing address, land line telephone number, mobile telephone number (including text messaging) or email address that you provide. This may be for, amongst other things, appointment reminders, information about special clinics or to request information from you. If you prefer not to be contacted by one or more of these means then please let us know so that we can record your preferences.

It is your responsibility to ensure that the practice has your current contact details to ensure that there is no possible delay to your treatment.

Data Protection notice

We ask you for information about yourself so that you can receive proper care and treatment. All personal information (updated as appropriate), together with details of your care, is stored in your medical record which is held on paper and computer. All members of the practice are contractually and ethically obliged to maintain the confidentiality of your medical record at all times, even after leaving the practice. Just because we hold the data does not give every member of staff the right to look at it. Anyone viewing your medical record must have a valid reason to do so in the course of performing their job. All computer held records have an audit trail of activity by all users.

Officially, your medical record is the property of the Secretary of State for Health. However, we are considered to be the Data Controller and therefore responsible for the confidentiality of your medical record whilst you are registered as a patient with us.

We are required to share certain identifiable data about you with other parts of the NHS in relation to financial claims. This will ordinarily just be your NHS number. We also share demographic and relevant clinical details within the NHS for the purpose of operating recall systems, eg childhood immunisations, cancer screening and diabetic retinopathy programmes.

If you require care from another healthcare provider, eg a referral to see a specialist, then we will need to share relevant information about you and your care. We will obtain consent to this sharing if you are in agreement with the need for the referral.

The information we hold about you may be used for secondary purposes. This includes planning health services, clinical audit, monitoring the spread of disease (epidemiology) etc. Your personal details are never disclosed for secondary purposes, only relevant clinical data is provided, for example the total number of people registered with us who have diabetes.

We will never disclose any information about you to a third party without your consent, unless required to do so by law.

Access to records

Under the Data Protection Act 2018 you have the right to see any files about you, including your health records.

You can see the computer health records that we hold for you by using the free, secure NHS App. For more information on safely accessing your medical records, please visit GP health record.

If you want a printed copy of your records you need to apply for this and verify your identity. Please complete this form Medical Report Request with as much detail as possible. This process can take up to a month.

The Data Protection Act only applies to living persons. If you believe you have a good reason to apply to see the records of a deceased person this may be possible under the Access to Health Records Act 1990. To enquire about this please contact reception.

www.ico.org