Privacy Notice - Plumbridge Medical Centre

This privacy notice explains why the GP practice collects information about you and how that information may be used.

This practice also keeps medical records confidential and complies with the General Data Protection Regulation.

Health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records are used to help to provide you with the best possible healthcare.

NHS health care records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records this GP Practice hold about you may include the following information:

Details about you, such as your name, address, carers, legal representatives and next of kin contact details
Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
Notes and reports about your health
Details about your treatment and care
Results of investigations such as laboratory tests, x-rays, etc.
Relevant information from other health professionals, relatives or those who care for you

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical Audit to monitor the quality of the service provided.

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.

Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.

Risk Stratification

Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP practice. A risk score is then arrived at through an analysis of your de-identified information using managed software and is only provided back to your GP as data controller in an identifiable form. Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services by discussing your treatment or care plan with other members of the multi-disciplinary team.

Please note that you have the right to opt out of your data being used in this way.

Medicines Management

The practice may conduct medicines management reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost effective treatments.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

Data Protection Act 2018 and General Data Protection Regulation 2016
Human Rights Act 1998
Common Law Duty of Confidentiality
Health and Social Care Act 2012
NHS Codes of Confidentiality, Information Security and Records Management

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and/or in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

If you need to update your details, you can do so online by completing the Change Personal Details Page.

Notification

The Data Protection Act 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.

This information is publicly available on the Information Commissioners Office website www.ico.org.uk

The practice is registered with the Information Commissioners Office (ICO).

Other important information about how your information is used to provide you with healthcare.

Registering for NHS care

All patients who receive NHS care are registered on a national database. This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.

The database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.

More information can be found at: www.digital.nhs.uk or by calling: 0300 303 5678

Identifying patients who might be at risk of certain diseases

Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.

This means we can offer patients additional care or support as early as possible. This process will involve linking information from your GP record with information from other health or social care services you have used.

Information which identifies you will only be seen by this practice. More information can be found at: www.sollis.co.uk.

Safeguarding

Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.

These circumstances are rare. We do not need your consent or agreement to do this. Please ask at reception for further information.

How we Handle Your Information

We are required by law to provide you with the following information about how we handle your information:

Data Controller contact details

Dr P Krishnarajah

Plumbridge Medical Centre
32-33 Plumbridge Street
London
SE10 8PA

Tel: 020 869 27591

Data Protection Officer contact details

Tahmina Sharmeen (Practice Manager)

Plumbridge Medical Centre
32-33 Plumbridge Street
London
SE10 8PA

Tel: 0208 6927591

Purpose of the processing

To give direct health or social care to individual patients.

For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.

To check and review the quality of care. (This is called audit and clinical governance).

Lawful basis for processing

These purposes are supported under the following sections of the GDPR:

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.

Who are our partner organisations?

Recipient or categories of recipients of the processed data

We may also have to share relevant information from your medical record, subject to strict agreements on how it will be used, with the following organisations;

NHS Trusts / Foundation Trusts/ specialist Trusts
GP’s
NHS Commissioning Support Units
Independent Contractors such as dentists, opticians, pharmacists
Private Sector Providers
Voluntary Sector Providers
Ambulance Trusts
Clinical Commissioning Groups
Social Care Services
Local Authorities
Education Services
Fire and Rescue Services
Police & Judicial Services
Other ‘data processors’ which you will be informed of
Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: https://digital.nhs.uk/summary-care-records or alternatively speak to your practice.

You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.

You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required. We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.

Rights to object

You have the right to object to information being shared between those who are providing you with direct care.

This may affect the care you receive – please speak to the practice.
You are not able to object to your name, address and other demographic information being sent to NHS Digital.
This is necessary if you wish to be registered to receive NHS care.
You are not able to object when information is legitimately shared for safeguarding reasons.
In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.

Right to access and correct

You have a right under the Data Protection Act 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. In order to request this, you need to do the following:

Your request must be made in writing to the GP – for information from the hospital you should write direct to them
There may be a charge to have a printed copy of the information held about you
We are required to respond to you within 40 days
If you would like to make a ‘subject access request’ ,You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located

You also have the right to have any errors or mistakes corrected. Please speak to a member of staff or contact us via our website

We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

Retention period

GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found in the Records Management Code of Practice for Health and Social Care 2016.

Alternatively, you can ask the practice for more information.

Right to complain

If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO). If you wish to complain, please visit: www.ico.org.uk/global/contact-us or call the helpline on 0303 123 1113.

Data we get from other organisations

We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.

Objections/Complaints

Should you have any concerns about how your information is managed at the GP, please complete the Feedback and Complaints Form or contact the GP practice manager Tahmina Sharmeen. If you are still unhappy following a review by the GP practice, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.gov.uk).

If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything.