1.1 The law determines how organisations can use the personal information they collect. This is underpinned by the Common Law Duty of Confidentiality together with legislation we must comply with including:
- Data Protection Act 1998
- Human Rights Act 1998
- Health and Social Care Act 2012
1.2 Cranleigh Gardens Medical Centre holds and uses the personal and confidential information of its patients for a number of purposes. This notice sets out in general terms a summary of the type of information we hold about you, what we use if for and also who we may share your information with.
2 INFORMATION HELD
2.1 Cranleigh Gardens Medical Centre collects personal confidential information about you This information may include (but is not limited to):
- Your name, address telephone number, date of birth and next of kin
- Appointment details, associated admissions
- Correspondence, notes and reports
- Investigations and test results
2.2 The practice uses this information for the following reasons:
- to help inform the decisions that we make about your care
- to ensure that your treatment is safe and effective, including any advice that may be provided as part of your care
- to help us work effectively with other organisations who may also be involved in your care
3 INFORMATION SHARING
3.1 Cranleigh Gardens Medical Centre may share information held about you with other organisations to support:
For patient care (identifiable information):
- to promote continuity of care by sharing your information with other professionals involved in your care
- to promote safe care by sharing your information with other health care professionals who might be involved in your care such as emergency departments and out of hours doctor services
For planning and assurance (information in anonymised format which does not include information from the patient written notes):
- to help protect the general health of the public
- to manage and plan services for the future
- to review the quality of care provided by the practice to ensure it remains effective
- to help our staff review the care that is provided to ensure it is of the highest standard and to enable the continual improvement of care
- to comply with a legal obligation
3.2 Organisations with which information is routinely shared with for the reasons set out above include but are not limited to:
For patient care:
- Local hospitals
- Emergency and out of hours services
For planning and assurance:
- NHS England
- Somerset Clinical Commissioning Group
- Somerset County Council – Public Health service
4 OPTING OUT
4.1 All patients have the right to opt out of allowing their personal information to be shared with other healthcare organisations. If you wish to do this, please speak to a member of the practice staff.
4.2 For more detailed information about your rights and our responsibilities in respect of data protection, we have a number of information leaflets that are available in our waiting areas and reception, as well as further resources on our website. Easy read format as well as information in other languages is available upon request.
5 SECURITY OF YOUR INFORMATION
5.1 Cranleigh Gardens Medical Centre has a range of security measures in place to ensure that your information is held, and where appropriate, shared in a secure way. Your patient record will only be accessed by those members of practice staff who are authorised to do so.
5.2 If you have any concerns about the way we handle your information, please speak to a member of the practice staff.
Practice Information Leaflet
Practice Opt-out form
There is also information available from NHS England
How your information is shared so that this practice can meet legal requirements
The law requires Cranleigh Gardens Medical Centre to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:
· plan and manage services;
· check that the care being provided is safe;
· prevent infectious diseases from spreading.
We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.
We must also share your information if a court of law orders us to do so.
· NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
· It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
· This practice must comply with the law and will send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
· More information about NHS Digital and how it uses information can be found at:
Care Quality Commission (CQC)
· The CQC regulates health and social care services to ensure that safe care is provided.
· The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.
· For more information about the CQC see: https://www.cqc.org.uk/
· The law requires us to share data for public health reasons, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
· We will report the relevant information to local health protection team or Public Health England.
· For more information about Public Health England and disease reporting see: https://www.gov.uk/guidance/notifiable-diseases-and-causative-organisms-how-to-report
We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data.
Data Controller contact details
Cranleigh Gardens Medical Centre
Bridgwater TA6 5JS
Data Protection Officer contact details
Debbie Hale (Somerset Primary Healthcare) email firstname.lastname@example.org
Purpose of the processing
Compliance with legal obligations or court order.
Lawful basis for processing
The following sections of the GDPR mean that we can share information when the law tells us to.
Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’
Recipient or categories of recipients of the processed data
· The data will be shared with NHS Digital.
· The data will be shared with the Care Quality Commission
· The data will be shared with our local health protection team or Public Health England.
· The data will be shared with the court if ordered.
Rights to object and the national data opt-out
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.
· You have the right to object to information being shared with NHS Digital for reasons other than your own direct care.
· This is called a ‘Type 1’ objection – you can ask your practice to apply this code to your record.
· Please note: The ‘Type 1’ objection, however, will no longer be available after 2020.
· This means you will not be able to object to your data being shared with NHS Digital when it is legally required under the Health and Social Care Act 2012.
The national data op-out model provides you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons.
To opt-out or to find out more about your opt-out choices please go to NHS Digital’s website: This is due to become available late 2018
· Legally information must be shared under public health legislation. This means that you are unable to object.
Care Quality Commission
· Legally information must be shared when the Care Quality Commission needs it for their regulatory functions. This means that you are unable to object.
· Your information must be shared if it ordered by a court. This means that you are unable to object.
Right to access and correct
· You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website – http://cranleighgardensmc.co.uk/info_form.aspx?p=12
- We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016
or speak to the practice.
Right to complain
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113