Data Protection

In order to provide the right level of care, we are required to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.

Confidentiality and Personal Information

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.

You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.

GP practices are required to provide data extraction of their patients personal confidential information for various purposes to NHS England. The objective of this data collection is on an ongoing basis to identify patients registered at General Practices who fit within a certain criteria, in order to monitor and either provide direct care, or prevent serious harm to those patients. Below is a list of the purposes for the data extraction, by using the link you can find out the detail behind each data extraction and how your information will be used to inform this essential work:

1.At risk patients including severely clinically vulnerable

2.NHS England has directed NHS England to collect and analyse data in connection with Cardiovascular Disease Prevention Audit

3.GPES Physical Health Checks for people with Severe Mental Illness (PHSMI) data collection.

4.National Obesity Audit - NHS Digital

Legal Basis - All GP Practices in England are legally required to share data with NHS England for this purpose under section 259(1)(a) and (5) of the Health and Social Care Act 2012

Further detailed legal basis can be found in each link.

Any objections to this data collection should be made directly to NHS England. enquiries@nhsdigital.nhs.uk 

We use a facility called GP Connect to support your direct care. GP Connect makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes.

GP Connect is not used for any purpose other than direct care.

Authorised Clinicians such as GPs, NHS 111 Clinicians, Care Home Nurses (if you are in a Care Home), Secondary Care Trusts, Social Care Clinicians are able to access the GP records of the patients they are treating via a secure NHS England service called GP Connect.

The NHS 111 service (and other services determined locally, for example other GP practices in a Primary Care Network) will be able to book appointments for patients at GP practices and other local services. 

Legal basis for sharing this data

In order for your Personal Data to be shared or processed, an appropriate “legal basis” needs to be in place and recorded. The legal basis for direct care via GP Connect is the same as the legal basis for the care you would receive from your own GP, or another healthcare provider:

• for the processing of personal data: Article 6.1 (e) of the UK GDPR: “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.
• for the processing of “Special Category Data” (which includes your medical information): Article 9.2 (h) of the UK GDPR:  “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”.

Your rights

Because the legal basis used for your care using GP Connect are the same as used in other direct care situations, the legal rights you have over this data under UK GDPR will also be the same - Find out more about GP Connect.