POOLE ROAD MEDICAL CENTRE
Fair Processing Notice
Privacy Notice – How we use your information
This fair processing notice explains why Poole Road Medical Centre collects information about you and how that information may be used.
How do we maintain the confidentiality of your records?
Poole Road Medical Centre manages patient information in accordance with existing laws and with guidance from organisations that govern the provision of healthcare in England such as the Department of Health and the General Medical Council.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 1998
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012
- NHS Codes of Confidentiality and Information Security Information: To Share or Not to Share Review (click here to read further information about this).
We collect and hold data for the sole purpose of providing healthcare services to our patients and we will ensure that the data is kept confidential. Confidentiality is an important duty, but it is not absolute.
We can disclose personal information if:
(a) it is required by law
(b) the patient consents – either implicitly for the sake of their own care or expressly for other purposes
(c) it is justified in the public interest.
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it.
We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the new information sharing principle following Dame Fiona’s Caldicott information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies. To view the Caldicott principles, please click here
Details we collect about you
The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.
NHS Health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which Park Green Surgery may hold about you may include the following information:-
Records which this GP Practice hold about you may include the following information;
- Details about you, such as your address, legal representative, emergency contact details
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations such as laboratory tests, x-rays, etc
- Relevant information from other health professionals, relatives or those who care for you
- Details about you such as your address and next of kin.
- Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments etc.
- Notes and reports about your health.
- Details about your treatment and care.
- Results of investigations, such as laboratory tests, x-rays etc.
- Relevant information from other health professionals, relatives or those who care about you.
How we use your Information
Under the powers of the Health and Social Care Act 2012 (HSCA) the Health and Social Care Information Centre (HSCIC) can require Personal Confidential Data (PCD) from GP Practices without seeking patient consent. Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care.
To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS.
Clinical audit – information may be used for Audit to monitor the quality of the service provided. Some of this information may be held centrally and used for statistical purposes. Where we do this we make sure that individual patient records cannot be identified, eg the National Diabetes Audit.
Clinical Research - Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.
Summary Care Record & Dorset Care Record
There is a Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.
Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.
This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.
Only healthcare staff involved in your care can see your Summary Care Record.
it is not compulsory to have a summary care record. If you choose to opt out of the scheme, then you will need to complete a form and bring it along to the surgery. You can use the form at the foot of this page.
For further information visit the NHS Care records website or the HSCIC Website
Mobile Telephone Number - If you provide us with your mobile phone number we may use this to send you reminders about your appointments or other health screening information.
Risk Stratification - risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a particular condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information using software managed by NHS approved third parties and is only provided back to your GP as data controller in an identifiable form.
Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary your GP may be able to offer you additional services.
Please note that you have the right to opt out.
Individual Funding Request – An ‘Individual Funding Request’ is a request made on behalf of a patient, by a clinician, for funding of specialised healthcare which falls outside the range of services and treatments that NHS Dorset Clinical Commissioning Group (CCG) has agreed to commission for the local population.
An Individual Funding Request is taken under consideration when a case can be set out by a patient’s Clinician that there are exceptional clinical circumstances which make the patient’s case different from other patients with the same condition who are at the same stage of their disease, or when the request is for a treatment that is regarded as new or experimental and where there are no other similar patients who would benefit from this treatment.
A detailed response, including the criteria considered in arriving at the decision, will be provided to the patient’s clinician.
Invoice validation – Invoice validation is an important process. It involves using your NHS number to check that the CCG that is responsible for paying for your treatment. We can also use your NHS number to check whether your care has been funded through specialist commissioning, which NHS England will pay for. The process makes sure that the organisations providing your care are paid correctly.
Care.data – The Health and Social Care Act 2012 allows the Health & Social Care Information Centre (HSCIC) to collate personal confidential data from GP practices without seeking your specific consent. Care.data is an example of a service that NHS England (not individual GP practices) has set up to use HSCIC to collect data from GP practices about patients.
This is in order to make increased use of information from medical records with the intention of improving healthcare and the quality of care delivered to patients. Information will be extracted from GP systems and includes personal confidential data such as referrals, NHS prescriptions and other clinical data. It also includes identifiers like your date of birth (DOB), postcode, NHS number and gender. This is so that your information can be linked with data from other healthcare settings for example, the hospital.
If you want to know more please click on the link below to view the leaflet “How information about you helps us to provide better care”.
For further information, click on the link below.
You have a choice. If you are happy for your information to be used in this way you do not have to do anything. If you have any concerns or wish to prevent this from happening, please speak to practice staff or download the opt-out form below, complete it and return it to the practice.
We need to make sure that you know this is happening and the choices you have.
How information about you helps us to provide better care
Care Data - Frequently Asked Questions
Opt Out Form - Download, complete and return to the practice
You can find out more on the NHS England Care Date website
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;
- NHS Trusts / Foundation Trusts
- NHS Commissioning Support Units
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Voluntary Sector Providers
- Ambulance Trusts
- Clinical Commissioning Groups
- Social Care Services
- Health and Social Care Information Centre (HSCIC)
- Local Authorities
- Education Services
- Fire and Rescue Services
- Police & Judicial Services
- Voluntary Sector Providers
- Private Sector Providers
- Other ‘data processors’ which you will be informed of.
Access to personal information
You have a right under the Data Protection Act 1998 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. This is known as ‘the right of subject access’. In order to request this, you need to do the following:
- Your request must be made in writing to the GP - for information from the hospital you should write directly to them
- There may be a charge to have a printed copy of the information held about you
- We are required to respond to you within 40 days
- You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located
Objections / Complaints
Should you have any concerns about how your information is managed at the GP, please contact the GP Practice Manager. If you are still unhappy following a review by the GP practice, you can then complain to the Information Commissioners Office (ICO) via their website Click here.
If you are happy for your data to be extracted and used for the purposes described in this fair processing notice then you do not need to do anything.
If you do not want your personal data being extracted and leaving the GP practice for any of the purposes described, you need to let us know as soon as possible.
We will then enter clinical codes into your records that will prevent data leaving the practice and / or leaving the central information system at the Health and Social Care
Information Centre (HSCIC) for use by secondary providers.
Any patient can choose to withdraw their consent to their data being used in this way. When Park Green Surgery is about to participate in any new data-sharing scheme we will make patients aware by displaying prominent notices in the surgery and on our website at least four weeks before the scheme is due to start. We will also explain clearly what you have to do to ‘opt-out’ of each new scheme.
A patient can object to his personal information being shared with other health care providers but if this limits the treatment that that patient can receive then the doctor will explain this to them at the time.
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
The Data Protection Act 1998 requires organisations to register a notification with the
Information Commissioner to describe the purposes for which they process personal and sensitive information.
This information is publicly available on the Information Commissioners Office website www.ico.org.uk.
The practice is registered with the Information Commissioners Office (ICO).
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is: Dr Jon Echebarrieta
Any changes to this notice will be published on our website and on the notice board.
The Partnership is registered as a data controller under the Data Protection Act 1998. Our registration number is Z5102075. Our registration can be viewed on-line in the public register at ICO.gov.uk.
Further information about the way in which the NHS uses personal information and your rights in that respect can be found in:
To read the Information Governance Review, click here
To read the NHS Commissioning Board – NHS England – Better Data, Informed Commissioning, Driving Improved Outcomes Click here
Please visit the Health and Social Care Information Centre’s website for further information about their work. Information about their responsibility for collecting data from across the health and social care system
The Information Commissioner’s Office is the Regulator for the Data Protection Act 1998 and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information. For further information please visit the Information Commissioner’s Office webs