General Data Protection Regulation

What is GDPR?

The General Data Protection Regulation is new and it helps us to keep information about you safe.  We have always looked after your information safely but GDPR  helps us check we are doing the best job we can.

Who looks after my information?

A person is called a ‘Data Controller’ if they look after your information.

Who uses my information?

A person who uses your information for their work is called a ‘Data Processor’.

Consent – what’s that?

Consent is where you tell us that you are happy for us to use your data to care for you. If you are under 16, a parent must give your consent for you.

Can anyone see or use my information at the Doctors?

No, only someone who needs your data to care for you is allowed to see or use it. This can be the doctors, nurses or people who support the doctors and nurses in their work.

Do you share my information with anyone else?

We only share your information with other people who might need to care for you (like the hospital) without asking you first.

If someone who isn’t responsible for your care asks for your information, we will ask your parent if it is ok to give it. An example of this might be when someone is organising an activity you would like to do and needs to check if you are well enough to do it.

Can I see the information you have about me?

If you are 13 years old or over, you can ask to see your information. Please speak to a receptionist to arrange this.

 GDPR - How we use your information

  • We collect and hold data about you for the purpose of providing safe and effective healthcare
  • Your information may be shared with our partner organisations to Audit services and help provide you with better care
  • Information sharing is subject to strict agreements on how it is used
  • We will only share your information outside of our partner organisations with your consent*
  • If you are happy with how we use your information you do not need to do anything
  • If you do not want your information to be used for any purpose beyond providing your care please let us know so we can code your record appropriately
  • You can object to sharing information with other health care providers but if this limits your treatment options we will tell you
  • Our guiding principle is that we are holding your information in the strictest confidence
  • For more information about who are our partner organisations and how your data is used please see the privacy notice on our website or ask at reception.

Unless the Health & Safety of others is a risk, the law requires it or it is required to carry out a statutory function.

Privacy Information Leaflet for Children

What is a privacy notice?

A privacy notice helps your doctor’s surgery tell you how it uses information it has about you, like your name, address, date of birth and all of the notes the doctor or nurse makes about you in your healthcare record.

Why do you need one?

Your doctor’s surgery needs a privacy notice to make sure it meets the legal requirements which are written in a new document called the General Data Protection Regulation (or GDPR for short).

What is the GDPR?

The GDPR is a new document that helps your doctor’s surgery keep the information about you secure. It’s new and will be introduced on the 25th May 2018, making sure that your doctor, nurse and any other staff at the practice follow the rules and keep your information safe.

How do you know about our privacy notice?

At your surgery, we have posters in our waiting room and leaflets to give to children and adults and we also have lots of information about privacy on our website, telling you how we use the information we have about you.

What informtion do we collect about you?

We only collect the information we need to help us keep you healthy – such as your name, address, information about your parents or guardians, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.

How do we use your information?

Your information is taken to help us provide your care. But we might need to share this information with other medical teams, such as hospitals, if you need to been seen by a special doctor or sent for an X-ray. Your doctor’s surgery may be asked to help with exciting medical research; but don’t worry, we will always ask you, or your parents or adults with parental responsibility, if it’s okay to share your information.

How do we keep your information private?

Well, your doctor’s surgery knows that it is very important to protect the information we have about you. We make sure we follow the rules that are written in the GDPR and other important rule books.

What if I have a long term medical problem?

If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them help you, making sure you get the care you need when you need it!

Don't want to share?

All of our patients, no matter what their age, can say that they don’t want to share their information. If you’re under 16 this is something which your parents or adults with parental responsibility will have to decide. They can get more information from a member of staff at the surgery, who can also explain what this means to you.

How do I access my records?

Remember we told you about the GDPR? Well, if you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). Your parents or adults with parental responsibility will do this on your behalf if you’re under 16. But if you are over 12, you may be classed as being competent and you may be able to do this yourself.

What do I do if I have a question?

If you have any questions, ask a member of the surgery team or your parents or adults with parental responsibility. You can:

  1. Contact the practice’s data controller via email at castlegardens@nhs.net GP practices are data controllers for the data they hold about their patients[1]
  2. Write to the data controller at Colchester Medical Practice
  3. Ask to speak to the Operations Manager Kerry Anderson

What to do if you are not happy how we manage your information  

We really want to make sure you’re happy, but we understand that sometimes things can go wrong. If you or your parents or adults with parental responsibility are unhappy with any part of our data-processing methods, you can complain. For more information, visit ico.org.uk and select ‘Raising a concern’.
We always make sure the information we give you is up to date. Any updates will be published on our website, in our newsletter and leaflets, and on our posters. This policy will be reviewed in March 2019
The General Data Protection Regulation 2018 allows access to information that is held about you. This includes recorded telephone calls. Recordings are stored in such a way that will enable easy access to the information relating to one or more individuals.
Requests for copies of telephone conversations can be made under the General Data Protection Regulation as a “Data Subject Access Request”. This must be done in writing and after assessing whether the information can be released, you will be invited to the practice premises to hear the recording.
If there is a request from an external body relating to the detection or prevention of a crime (e.g. police), then requests for information should be directed to the Practice Manager to carry out the request for the recording.

Confidentiality/Medical Records/Your Information your Rights

Your doctor (hospital doctor and GP) and the team of health professionals caring for you keep records about your health and any treatment or care you receive from the NHS.
This information will either be written down (manual records) or held on a computer (electronic records). These records are then used to guide and manage the care you receive. You may also be receiving care from organisations outside the NHS (like social services). If so we may need to share some information about you so that everyone involved in your care can work together for your benefit. We may also share information for the purposes of managing the NHS, education, training and medical research.
Your records will only be used when it is both appropriate and necessary, and wherever possible anonymised information will be used. Anyone receiving information about you is under a legal duty to keep it confidential. A patient information booklet is available that gives you more details about who may see your personal information, what steps you can take to limit the sharing of your information and how to apply to see your medical record.

Fair Processing

How We Use Your Information 

This leaflet briefly explains why the doctor’s surgery collects information about you, and how that information may be used.
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
Records may be held in electronic or manual (written down) format, and may include the following information;
  • Details about you, such as address and next of kin
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you and know you well.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used for clinical Audit to monitor the quality of the service provided. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – the surgery will always endeavour to gain your consent before releasing the information.
Should you have any concerns about how your information is managed at the surgery please contact the Practice Manager to discuss how the disclosure of your personal information can be limited.

How do we maintain the confidentiality of your records? 

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

Who are our partner organisations? 

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;

  • NHS Trusts
  • Specialist Trusts
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Providers
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police
  • Other ‘data processors’

Access to your Information 

You have a right under the Data Protection Act 1998 to access/view what information the surgery holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If you would like to make a ‘subject access request’, please contact the practice manager in writing.

Subject Access Request (SARs)

If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Practice Manager.

 

 

 

 

 

My Health Online

My Health Online is a service provided by National Wales Health Informatics Service that allows you to access your practice online. My Health Online includes a number of optional features, including:

  • Checking, booking and cancelling appointments.
  • Checking your medication and ordering repeat medication.
  • Updating your contact information, including mobile phone number and email address.
  • Sending messages to your practice, so avoiding the need for a phone call for routine enquiries.

Your practice may not offer all these features. Ask your practice which ones are available.