As well as specific practice details such as opening hours and how to register, you’ll find a wealth of useful pages covering a wide range of health issues along with links to the NHS and other relevant organisations.
You can be assured that anything you discuss with any member of the surgery staff, whether doctor, nurse or receptionist, will remain confidential. Even if you are under 16, nothing will be said to anyone, including parents, other family members, care workers or teachers, without your permission. The only reason why we might want to consider passing on confidential information without your permission would be to protect either you or someone else from serious harm. In this situation, we would always try to discuss this with you first.
If you have any worries or queries about confidentiality, please ask a member of staff.
If you would like to discuss matters of a confidential nature, either with our receptionists or a member of the dispensary team, we have a side room available in reception for this purpose.
Data Protection
In order to provide the right level of care, we are required to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.
Confidentiality and Personal Information
Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time-to-time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.
All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.
In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.
To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.
You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.
The contact details for each organisation’s Data Protection Officer or Team are below.
Contact details for data protection officers
- West Essex CCG on behalf of My Care Record
Building 3, Spencer Close, St Margaret’s Hospital, The Plain, Epping, CM16 6TN
Tel: 01992 566140
Email: - Princess Alexandra Hospital
Medical Records Manager, The Princess Alexandra Hospital NHS Trust, Hamstel Road, Harlow, Essex, CM20 1QX
Tel: 01279 827341
Email: - Essex Partnership University NHS Trust (EPUT)
Access to Records team, Mental Health Unit, Basildon Hospital, Nethermayne, Basildon, Essex, SS15 6NL
Tel: 01268 246873/ 246889 - Essex Social Care
Transparency Team, Essex County Council, PO Box 11, County Hall, Chelmsford, CM1 1QH - Hertfordshire Community NHS Trust
Access to records, Hertfordshire community NHS Trust, Unit 1a, Howard Court, 14 Tewin Road, Welwyn Garden City, AL7 1BW - Hertfordshire Social Care
Data Protection Team, Hertfordshire County Council, CHO150, County Hall, Pegs Lane,
Hertford, SG13 8DF - Hertfordshire Partnership University NHS Foundation Trust
Records and Access to Information Team, Hertfordshire Partnership NHS Foundation Trust,
99 Waverley Road, St Albans, AL3 5TL
Tel: 01727 804707/ 804228
Please contact your own General Practice directly for a copy of your GP record.
For further information on My Care Record please visit
Disabled Access
Wheelchair access is through the main gate and through the small gate which avoids the step down. A disabled W.C. is available next to the waiting room.
General Data Protection Regulation 2018 (GDPR)
GP Earnings
GP Net Earnings 2022/23
All GP practices are required to declare the mean earnings (i.e. average pay) for GP’s working to deliver NHS Services to patients at each practice.
The average pay for GPs working in High Street Surgery Epping in the last financial year was £142,722 before tax and National Insurance. This is for 2 full time GP, 1 part time GPs who worked in the practice for more than six months.
However, it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.
IT Policy
This practice is committed to preserving, as far as is practical, the security of data used by our information systems. This means that we will take all reasonable actions to;
Maintain the Confidentiality of all data within the practice by:
- Ensuring that only authorised persons can gain access to our systems
- Not disclosing information to anyone who has no right to see it
Maintain the integrity of all data within the practice by:
- Taking care over input
- Ensuring that all changes are reported and monitored
- Checking that the correct record is on the screen before updating
- Reporting all apparent errors and ensuring that they are resolved
Maintain the availability of all data by:
- Ensuring that all equipment is protected from intruders
- Ensuring that backups are taken at regular, predetermined intervals
- Ensuring that contingency is provided for possible failure or equipment theft and that any such contingency plans are tested and kept up to date
Additionally, we will take all reasonable measures to comply with our legal responsibilities under:
The Health and Safety at Work Act (1992)
The Access to Health Records Act (1990)
Personal Data
The following IT systems are in use at the practice:
- Referral Management (using NHS numbers in referrals)
- Electronic Appointment Booking (the facility to book routine appointments online and, similarly, to cancel appointments
- Online booking of repeat prescriptions
- Summary Care Record (uploading details of your current medication and allergies to the national “spine” so that these are available for doctors involved in your care elsewhere)
- GP to GP transfers (the electronic transfer of records from practice to practice when you re-register
- Patient Access to records (the facility to view your medical records online).
If you are not already registered for online access and would like to be please complete our online form.
If you would like access to your medical records enabled or would like to opt out of the local or national summary care record, please contact reception.
Privacy Policy
Children Privacy Statement
Practice Details – High Street Surgery 301 High Street Epping CM16 4DA
Data Protection Officer – Jane Marley
What is a privacy notice?
A privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your healthcare record.
Why do we need one?
You doctor’s surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (Or GDPR for short).
What is GDPR?
GDPR is a document that helps your doctor’s surgery keep the information about you secure. It was introduced on the 25th May 2018, making sure that your doctor, nurse and any other staff at the practice follow the rules and keeps your information safe.
What information do we collect about you?
Don’t worry; we only collect the information we need to help us keep you healthy – such as your name, address, information about your parents or guardians, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.
How do we use your information?
Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to be seen by a special doctor or sent for an X-ray. Your doctor’s surgery may be asked to help with exciting medical research; but don’t worry, we will ask you, or your parents or adults with parental responsibility, if it’s okay to share your information.
How do we keep your information private?
Well, your doctor’s surgery knows that it is very important to protect the information we have about you. We make sure we follow rules that are written in the GDPR and other important rule books.
Don’t want to share?
All of our patients, no matter what their age, can say that they don’t want to share their information. If you are under 16 this is something which your parents or adults with parental responsibility will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.
How do I access my records?
Remember we told you about the GDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if you are under 16. But if are over 12, you may be classed as being competent and you may be able to do this yourself. Please write in to the Practice Manager to request this and you will be given further information on how this process works, (or ask your parents or adults with parental responsibility to do so).
What do I do if I have a question?
If you have any questions, ask a member of the surgery team or your parents or adults with parental responsibility. You can:
- Contact the practice’s data controller via email:
- GP Practices are data controllers for the data they hold about you.
What to do if you are not happy about how we manage your information
We really want to make sure you are happy, but we understand that sometimes things can go wrong. If you or your parents or adults with parental responsibility are unhappy with any part of our data processing methods, you can speak to the Practice Manager.
January 2021
Surgery Privacy Policy
How The High Street Surgery uses your information to provide you with healthcare
This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
• We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
• Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: or alternatively speak to the practice.
• You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.
Other important information about how your information is used to provide you with healthcare
Registering for NHS care
• All patients who receive NHS care are registered on a national database.
• This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
• The database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.
• More information can be found at: or the phone number for general enquires at NHS Digital is 0300 303 5678.
Identifying patients who might be at risk of certain diseases
• Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
• This means we can offer patients additional care or support as early as possible.
• This process will involve linking information from your GP record with information from other health or social care services you have used.
• Information which identifies you will only be seen by this practice.
• Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
• These circumstances are rare.
• We do not need your consent or agreement to do this.
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details
The High Street Surgery, 301 High Street, Epping, Essex CM16 4DA
Data Protection Officer contact details
Renier van Zyl, Stellar Healthcare, Building 1, Spencer Close, St Margaret’s Hospital, The Plain, Epping, Essex, CM16 6TN, telephone: 01992 660272
Purpose of the processing
• To give direct health or social care to individual patients.
• For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
• To check and review the quality of care (this is called audit and clinical governance).
Lawful basis for processing
These purposes are supported under the following sections of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Recipient or categories of recipients of the processed data
The data will be shared with:
• healthcare professionals and staff in this surgery;
• local hospitals;
• out of hours services;
• diagnostic and treatment centres;
• or other organisations involved in the provision of direct care to individual patients.
Rights to object
• You have the right to object to information being shared between those who are providing you with direct care.
• This may affect the care you receive – please speak to the practice.
• You are not able to object to your name, address and other demographic information being sent to NHS Digital.
• This is necessary if you wish to be registered to receive NHS care.
• You are not able to object when information is legitimately shared for safeguarding reasons.
• In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
• The information will be shared with the local safeguarding service: West Essex Clinical Commissioning Group, Building 4, Spencer Close, The Plain, Epping CM16 6TN.
Right to access and correct
• You have the right to access your medical record and have any errors or mistakes corrected.
• We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at:
or speak to the practice.
Right to complain
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link or call the helpline 0303 123 1113
Data we get from other organisations
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.
Safeguarding Adults
Suggestions & Complaints
Want to make a suggestion to the practice?
Your comments and suggestions are important to us, please click on the ‘Suggestions Form’ link, complete the form to send them to us.
Please note : only use this form for comments about the practice and suggestions as to how we can improve our service to you.
Medical matters and official complaints cannot be dealt with via this form. If you have a query regarding a medical matter, please telephone reception to make an appointment to see the appropriate person.
Suggestions form
Want to make a complaint?
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint please complete this form and the practice manager will deal with your concerns appropriately.
Complaints form
Summary Care Record
Your patient record is held securely and confidentially on the electronic system at your GP practice. If you require treatment in another NHS healthcare setting such as an Emergency Department or Minor Injury Unit, those treating you would be better able to give you appropriate care if some of the information from the GP practice were available to them.
This information can now be shared electronically via: The Summary Care Record, used nationally across England
The information will be used only by authorised health care professionals directly involved in your care. Your permission will be asked before the information is accessed, unless the clinician is unable to ask you and there is a clinical reason for access.
If you would like to opt out, please ask reception for our opt out form.
A parent or guardian can request to opt out children under 16 but ultimately it is the GP’s decision whether to create the records or not, because of their duty of care to the child. If you are the parent or guardian of a child under 16 and feel that they are able to understand, then you should make this information available to them.
Who Has Access?
Across all health care settings, including urgent care, community care and outpatient departments in England.
Information Source
GP record
- Your current medications
- Any allergies you have
- Any bad reactions you have had to medicines
- Additional information (upon request to your GP)
For more information visit:
GPs in Training
Our practice is approved to train fully qualified doctors who wish to specialise in general practice. Our GP registrar will have had 2-4 years of experience as a qualified hospital doctor working in various specialities. They consult patients on their own, under the mentorship of our trainer, Dr xxxxx. Occasionally we ask permission to video a consultation. You will always be asked in advance and are given the option not to take part, and this will not affect your care in any way. No recording will be taken without your consent and the camera will be switched off on request. These videos are used only for educational purposes with the doctor doing the consultation and are destroyed after use.
Dr xxxxx is currently the GP registrar at the practice.
Medical Students
Medical students are sometimes attached to the practice for 2 – 3 weeks as part of their training. If you do not wish a student to be present during your consultation, please inform the receptionist.
Violence Policy
The Practice staff shall always show due respect and courtesy when dealing with patients and their representatives. We respectfully request that patients and their representatives do the same when dealing with members of the practice team.
The NHS operate a zero-tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons.
No form of aggression (whether verbal or physical in nature) will be tolerated – any instances of such behaviour on the practice premises may result in the perpetrator being reported to the Police and removed from the practice’s List of Registered Patients.
Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.