General Data Protection Regulation
What is GDPR?
The General Data Protection Regulation is new and it helps us to keep information about you safe. We have always looked after your information safely but GDPR helps us check we are doing the best job we can.
Who looks after my information?
A person is called a ‘Data Controller’ if they look after your information.
Who uses my information?
A person who uses your information for their work is called a ‘Data Processor’.
Consent – what’s that?
Consent is where you tell us that you are happy for us to use your data to care for you. If you are under 16, a parent must give your consent for you.
Can anyone see or use my information at the Doctors?
No, only someone who needs your data to care for you is allowed to see or use it. This can be the doctors, nurses or people who support the doctors and nurses in their work.
Do you share my information with anyone else?
We only share your information with other people who might need to care for you (like the hospital) without asking you first.
If someone who isn’t responsible for your care asks for your information, we will ask your parent if it is ok to give it. An example of this might be when someone is organising an activity you would like to do and needs to check if you are well enough to do it.
Can I see the information you have about me?
If you are 13 years old or over, you can ask to see your information. Please speak to a receptionist to arrange this.
GDPR - How we use your information
- We collect and hold data about you for the purpose of providing safe and effective healthcare
- Your information may be shared with our partner organisations to Audit services and help provide you with better care
- Information sharing is subject to strict agreements on how it is used
- We will only share your information outside of our partner organisations with your consent*
- If you are happy with how we use your information you do not need to do anything
- If you do not want your information to be used for any purpose beyond providing your care please let us know so we can code your record appropriately
- You can object to sharing information with other health care providers but if this limits your treatment options we will tell you
- Our guiding principle is that we are holding your information in the strictest confidence
- For more information about who are our partner organisations and how your data is used please see the privacy notice on our website or ask at reception.
Unless the Health & Safety of others is a risk, the law requires it or it is required to carry out a statutory function.
Privacy Information Leaflet for Children
What is a privacy notice?
A privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your healthcare record.
Why do you need one?
Your doctor’s surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (or GDPR for short).
What is the GDPR?
The GDPR is a new document that helps your doctor’s surgery keep the information about you secure. It’s new and will be introduced on the 25th May 2018, making sure that your doctor, nurse and any other staff at the practice follow the rules and keep your information safe.
How do you know about our privacy notice?
At your surgery, we have posters in our waiting room and leaflets to give to children and adults and we also have lots of information about privacy on our website, telling you how we use the information we have about you.
What informtion do we collect about you?
We only collect the information we need to help us keep you healthy – such as your name, address, information about your parents or guardians, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.
How do we use your information?
Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to been seen by a special doctor or sent for an X-ray. Your doctor’s surgery may be asked to help with exciting medical research; but don’t worry, we will always ask you, or your parents or adults with parental responsibility, if it’s okay to share your information.
How do we keep your information private?
Well, your doctor’s surgery knows that it is very important to protect the information we have about you. We make sure we follow the rules that are written in the GDPR and other important rule books.
What if I have a long term medical problem?
If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them help you, making sure you get the care you need when you need it!
Don't want to share?
All of our patients, no matter what their age, can say that they don’t want to share their information. If you’re under 16 this is something which your parents or adults with parental responsibility will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.
How do I access my records?
Remember we told you about the GDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if you’re under 16. But if you are over 12, you may be classed as being competent and you may be able to do this yourself.
What do I do if I have a question?
If you have any questions, ask a member of the surgery team or your parents or adults with parental responsibility. You can:
- Contact the practice’s data controller via email at firstname.lastname@example.org GP practices are data controllers for the data they hold about their patients
- Write to the data controller at Colchester Medical Practice
- Ask to speak to the Operations Manager Kerry Anderson
What to do if you are not happy how we manage your information
Confidentiality/Medical Records/Your Information your Rights
How We Use Your Information
- Details about you, such as address and next of kin
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you and know you well.
How do we maintain the confidentiality of your records?
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
- NHS Trusts
- Specialist Trusts
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- Local Authorities
- Education Services
- Fire and Rescue Services
- Other ‘data processors’
Access to your Information
You have a right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If you would like to make a ‘subject access request’, please contact the practice manager in writing.
If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Practice Manager.