Access to medical information and medical records is subject to the Data Protection Act 1988 and the Code of Practice Sept 2000. The practice operates a strict code of confidentiality and is committed to the security of patient records. If you have any questions please ask.

Record Sharing / Electronic Patient Record

Sharing Your GP Record

Caring by sharing – supporting your healthcare at all times

Many people think their GP Record is available to all healthcare professionals involved in their care; but this is not always the case.  It is very common that each healthcare professional you see keeps a separate record.  This can mean important information may not be communicated between health services as well as it could be.

Delivery of your care would be supported by information about you being shared with other health organisations.  Across Nottinghamshire we are introducing a local GP Record sharing model which will allow us to make relevant medical information from your GP Record available to other healthcare professionals at the point of need when they are providing care for you.

You will always be asked for your explicit consent before a healthcare professional accesses your GP Record.  If you say “No” they will not be able to see your medical information.  If however you are unconscious for example in an emergency situation a healthcare professional may access your GP Record without permission if it is deemed in your best interest to provide emergency direct care.

Examples of organisations that may access your GP health information include Out of Hours Teams, Walk in Centres, Hospitals /A&E Departments and Community Healthcare Teams.

Sharing your GP record in this way is designed to ensure that the healthcare professionals looking after you have the most relevant up to date information to enable them to provide you with the most appropriate care.  It may also mean that you won’t have unnecessary tests, have to repeat information or be given drugs that you may be allergic to.

If you wish to only make certain parts of your GP record available and not all of it then you can ask for sections of your GP Record to be marked as ‘Private’.  Private information will never be shared unless it is required by law or you give permission.

We would encourage everyone to make their GP Record available in case they need to be seen in an emergency or Out of Hours.

If you have certain health conditions or go to hospital a lot then you should definitely make your record available.

https://vimeo.com/124915322
GP Extraction System – Care.Data

The way that data is used in the NHS to plan healthcare is changing. From autumn 2013, data will be taken securely from practice IT systems so that the NHS can plan and improve services for all patients. You’re free to opt out, just give us a call and let us know.

To find out more about this change you can get more information from:

• Visiting the NHS Choices website at: www.nhs.uk/caredata
• Asking a member of staff at your GP practice for a leaflet
• Call a dedicated patient information line on: 0300 456 3531 This line also offers translation and text phone services.

More details about how the NHS look after confidential information and how it may be used can be found on the website at: www.hscic.gov.uk/patientconf

General Practice Privacy Notice – summary version

How we use your information

This privacy notice explains why the GP Practice collects information about you, and how that information may be used.

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 1998.  This means ensuring that your personal data are handled in ways that are transparent and that you would reasonably expect.  The Health and Social Care Act 2012 changes the way that confidential data are processed it is important that you are made aware of these changes, understand that you can object to certain uses, and how to do so.

The health care professionals who provide you with care maintain records about your health and treatment.  These records may be electronic, paper, or both and various measures are employed to ensure the security of your records.  The information contained in the records is used for your direct care and kept confidential.  However, we may be required to disclose your personal information if it is required by law, is justified in the public interest, or you consent for the use for other purposes.

Other reasons why your data may be disclosed are for use for statistical purposes where the information will not be able to identify you, or for research purposes for which your consent will be requested.  Under the Health and Social Care Act 2012 the Health and Social Care Information Centre can request personal confidential information from your GP practice without asking for your consent first.

Your data may also be shared with other healthcare professionals who provide you with care through local integrated care services.  Your permission to share your data between the services will be requested, although refusing permission may impact your care.  If this is the case your doctor will be able to explain how this could affect your care.

Your GP is encouraged to use a process called Risk Stratification to identify patients who may require additional care due to long term conditions.  The information is used to help support patient care and prevent unnecessary hospital admissions.

If you do not want your data used for these purposes you may object by contacting the practice who will explain how you can prevent your data being used in this way.

We are committed to protecting your privacy and will only use data collected lawfully in accordance with the Data Protection Act 1998, Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.  The only staff who have access to your data are those with a legitimate reason to do so, and is controlled by multiple levels of security.

The Data Protection Act 1998 gives you the right to view or access information that the GP Practice holds about you.  This is known as ‘the right of subject access’.  Under this right you are entitled to have a description of the information, explanation of why it is held, who it could be disclosed to, and you are entitled to a copy of the information.  If you would like to make a ‘subject access request’, please contact the practice manager in writing.

If you would like further information about how your information is used by the GP Practice, please contact the practice manager, or view the Fair Processing Notice on the practice notice board or the practice website.

The practice is registered as a data controller under the Data Protection Act 1998 – the registration number is and can be viewed online in the public register at www.ICO.gov.uk

Patients may ask for a chaperone in their consultation with a GP or nurse at any time. The chaperone may be a friend or relative, or it may be provided by the practice. Occasionally, the GP or Nurse may wish a chaperone to be present themselves, they reserve the right to ask the patient to come back if there is not one available.

Please Click Here to View Our Policy.

We always try to give our patients the best service possible, but there may be times when you feel that this has not happened. If you have a complaint or a comment about the services we provide please let us know by writing to us or by asking to speak to the Practice Manager or Assistant Practice Manager, or talking to a member of staff or asking for a complaints / comments form to complete.

If you use this procedure, it will not affect your rights to complain to other NHS complaint services (details of which are set out below) and any patient, carer or relative will not be treated adversely as a result of using the practice complaints procedure.  Please note that we have to respect our duty of confidentiality to patients and a signed patient’s consent form will be necessary if a complaint is not made by the patient in person.

We think it is important to deal with complaints as quickly as possible so an initial acknowledgement will be sent within 5 working days along with a request for any supplementary forms as necessary.

Your complaint will then receive a full investigation where we will try to address your concerns fully, provide you with an explanation and if necessary discuss any action that may be needed (depending on the complexity we would aim to complete an investigation within 3 months). We hope that, at the end of the process you will feel satisfied that we have dealt with the matter thoroughly.

However, if this is not the case this does not affect your right to approach other local NHS service who will be able to advice you, and whose contact details are set out below:

Patients are expected to take reasonable responsibility for their own health and we would like you to co-operate with the professional help and advice that the practice offers

Patients behaving in a violent or abusive manner to staff or patients, may, where appropriate, be removed from the practice list

Appointments with any member of the health care team are in great demand, if you unable to keep your appointment please cancel it, so that it can be offered to someone in need.

Sharing your Electronic Medical Record

We would encourage everyone to make their GP Record available in case they need to be seen in an emergency or Out of Hours.  If you have certain health conditions or go to hospital a lot then you should definitely make your record available.

How we use your information

This privacy notice explains why the GP Practice collects information about you, and how that information may be used.

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 1998.  This means ensuring that your personal data are handled in ways that are transparent and that you would reasonably expect.  The Health and Social Care Act 2012 changes the way that confidential data are processed it is important that you are made aware of these changes, understand that you can object to certain uses, and how to do so.

The health care professionals who provide you with care maintain records about your health and treatment.  These records may be electronic, paper, or both and various measures are employed to ensure the security of your records.  The information contained in the records is used for your direct care and kept confidential.  However, we may be required to disclose your personal information if it is required by law, is justified in the public interest, or you consent for the use for other purposes.

Other reasons why your data may be disclosed are for use for statistical purposes where the information will not be able to identify you, or for research purposes for which your consent will be requested.  Under the Health and Social Care Act 2012 the Health and Social Care Information Centre can request personal confidential information from your GP practice without asking for your consent first.

Your data may also be shared with other healthcare professionals who provide you with care through local integrated care services.  Your permission to share your data between the services will be requested, although refusing permission may impact your care.  If this is the case your doctor will be able to explain how this could affect your care.

Your GP is encouraged to use a process called Risk Stratification to identify patients who may require additional care due to long term conditions.  The information is used to help support patient care and prevent unnecessary hospital admissions.

If you do not want your data used for these purposes you may object by contacting the practice who will explain how you can prevent your data being used in this way.

We are committed to protecting your privacy and will only use data collected lawfully in accordance with the Data Protection Act 1998, Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.  The only staff who have access to your data are those with a legitimate reason to do so, and is controlled by multiple levels of security.

The Data Protection Act 1998 gives you the right to view or access information that the GP Practice holds about you.  This is known as ‘the right of subject access’.  Under this right you are entitled to have a description of the information, explanation of why it is held, who it could be disclosed to, and you are entitled to a copy of the information.  If you would like to make a ‘subject access request’, please contact the practice manager in writing.

If you would like further information about how your information is used by the GP Practice, please contact the practice manager, or view the Fair Processing Notice on the practice notice board or the practice website.

The practice is registered as a data controller under the Data Protection Act 1998 – the registration number is and can be viewed online in the public register at www.ICO.gov.uk

How we use your information

Our Privacy Notice explains why we collect your information and how that information may be used.

Under the Data Protection Act 1998 we must ensure that your personal confidential data (PCD) is handled in ways that are transparent and that you would reasonably expect. The Health and Social Care Act 2012 has altered the way that personal confidential data are processed. Consequently, you must be aware and understand these changes and that you have the opportunity to object and understand how to exercise that right.

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare.

NHS health records may be processed electronically, on paper or a mixture of both and through established working procedures and best practice coupled with technology we ensure your personal data is kept confidential and secure. Records held by us may include the following:

• Your personal data, such as address and next of kin;
• Your history with us, such as appointments, vaccinations, clinic visits, emergency appointments, etc;
• Notes and reports about your health;
• Details about your treatment and care;
• Results of investigations and referrals such as blood tests, x-rays, etc;
• Relevant information from other health professionals, relatives or those who care for you.

The Practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.

For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.berkshiredes.nhs.uk

We obtain and hold data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. We can disclose your personal information if:

(a) It is required by law;

(b) You consent – either implicitly or for the sake of your own care or explicitly for

other purposes; and

(c) It is justified in the public interest

Some of this information is held centrally and used for statistical purposes. Where we hold data centrally, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the Practice will always endeavour to gain your consent before releasing the information.

The Health and Social Care Information Centre (HSCIC), under the powers of the Health and Social Care Act 2012 (HSCA), can request Personal Confidential Data (PCD) from GP

Practices without seeking patient consent. The Care.Data Programme allows PCD to be collected by the HSCIC to ensure that the quality and safety of services is consistent across the country. Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care.

You may choose to withdraw your consent to personal data being used in this way. When we are about to participate in a new data-sharing project we will make patients aware by displaying prominent notices in the Practice and on our website at least four weeks before the scheme is due to start. Instructions will be provided to explain what you have to do to ‘opt out’ of each new scheme.

A patient can object to their personal information being shared with other health care providers but if this limits the treatment that you can receive then the doctor will explain this to you at the time.

Risk Stratification

Risk Stratification is a process that helps your family doctor (GP) to help you manage your health. By using selected information from your health records, a secure NHS computer system will look at any recent treatments you have had in hospital or in the surgery and any existing health conditions that you have. This will alert your doctor to the likelihood of a possible deterioration in your health. The clinical team at the surgery will use the information to help you get early care and treatment where it is needed. NHS Central Southern CSU DSCRO (the regional processing centre) supports GP Practices with this work. NHS security systems will protect your health information and patient confidentiality at all times.

Please note that you have the right to opt out of Risk Stratification.

Should you have any concerns about how your information is managed, or wish to opt out of any data collection at the Practice, please contact the practice, or your healthcare professional to discuss how the disclosure of your personal information can be limited.

Patients have the right to change their minds and reverse a previous decision. Please contact the practice, if you change your mind regarding any previous choice.

Invoice validation

We will use limited information about individual patients when validating invoices received for your healthcare, to ensure that the invoice is accurate and genuine.  This will be performed in a secure environment and will be carried out by a limited number of authorised CSU staff. These activities and all identifiable information will remain with the Controlled Environment for Finance (CEfF) approved by NHS England. Where possible we will strive to use the NHS number as a quasi-identifier to preserve your confidentiality.

Our partner organisations

We may need to share your information, subject to agreement on how it will be used, with the following organisations:

• NHS Trusts
• Health & Social Care Information Centre (HSCIC)
• Specialist Trusts
• Independent Contractors such as dentists, opticians, pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups
• Commissioning Support Units
• Social Care Services
• Local Authorities
• Education Services
• Fire and Rescue Services
• Police
• Other ‘data processors’

Access to personal information held about you

Under the Data Protection Act 1998, you have a right to access/view information we hold about you, and to have it amended or removed should it be inaccurate. If we do hold information about you we will:

• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.

If you would like to make a ‘subject access request’, please contact the Practice Manager in writing. There may be a charge for this service.

Any changes to this notice will be published on our website and in a prominent area at the Practice.

We are registered as a data controller under the Data Protection Act 1998. The registration can be viewed online in the public register at:

http://ico.org.uk/what_we_cover/register_of_data_controllers

How we keep your personal information confidential

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information

Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security.