PRIVACY NOTICE - DIRECT CARE
How Elm Tree Surgery uses your information to provide you with healthcare
This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
- We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
- For more information on how we share your information with organisations who are directly involved in your care can be found here: http://www.nhscarerecords.nhs.uk/carerecords. Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record or Emergency Care Summary / Individual Health Record. For more information see: https://digital.nhs.uk/summary-care-records or alternatively speak to your practice.
- You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.
Other important information about how your information is used to provide you with healthcare
Registering for NHS care
|
Identifying patients who might be at risk of certain diseases
https://www.gov.uk/government/organisations/public-health-england or speak to the practice.
|
Safeguarding
https://www.stockton.gov.uk/adult-services/safeguarding-adults
|
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details
|
Dr E Mansoor Elm Tree Surgery, 22B Westbury Street, Thornaby ,TS17 6PG |
Data Protection Officer contact details
|
Liane Cotterill Senior Governance Manager & Data Protection Officer
|
Purpose of the processing
|
|
Lawful basis for processing
|
These purposes are supported under the following sections of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence. |
Recipient or categories of recipients of the processed data
|
The data will be shared with:
DPO |
Rights to object
|
|
Right to access and correct |
http://www.elmtreepractice.nhs.uk
|
Retention period
|
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the practice.
|
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113
|
Data we get from other organisations |
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. |
Medical Research & Quality of Care
How your information is used for medical research and to measure the quality of care
Medical research Elm Tree Surgery shares information from medical records:
This is important because:
We share information with the following medical research organisations with your explicit consent or when the law allows: National Diabetes Audit You have the right to object to your identifiable information being used or shared for medical research purposes. Please speak to the practice if you wish to object
|
Checking the quality of care - national clinical audits Elm Tree Surgery contributes to national clinical audits so that healthcare can be checked and reviewed.
or phone 020 7997 7370.
|
We are required by law to provide you with the following information about how we share your information for medical research purposes.
Data Controller contact details
|
Dr E Mansoor Elm Tree surgery, 22B Westbury Street, Thornaby, TS17 6PG |
Data Protection Officer contact details
|
Liane Cotterill Senior Governance Manager & Data Protection Officer
|
Purpose of the processing
|
Medical research and to check the quality of care which is given to patients (this is called national clinical audit). |
Lawful basis for processing
|
The following sections of the GDPR mean that we can use medical records for research and to check the quality of care (national clinical audits)
Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.
For medical research: there are two possible Article 9 conditions.
Article 9(2)(a) – ‘the data subject has given explicit consent…’
To check the quality of care (clinical audit): Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’
|
Recipient or categories of recipients of the processed data
|
For medical research the data will be shared with The data will be shared with:
For national clinical audits which check the quality of care the data will be shared with NHS Digital.
|
Rights to object and the national data opt-out
|
You have a right to object under the GDPR and the right to ‘opt-out’ under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of:
information that identifies you being used or shared for medical research purposes and quality checking or audit purposes.
Please contact the practice if you wish to opt-out. To opt-out of your identifiable information being shared for medical research or to find out more about your opt-out choices please go to NHS Digital’s website: https://digital.nhs.uk
|
Right to access and correct |
website – http://www.elmtreepractice.nhs.uk
|
Retention period
|
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the practice.
|
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113 |
LEGAL REQUIREMENTS SHARE DATA
How your information is shared so that this practice can meet legal requirements The law requires Elm Tree Surgery to share information from your medical records in certain circumstances. Information is shared so that the NHS or Public Health England can, for example:
We will share information with NHS Digital, the Care Quality Commission and local health protection team (or Public Health England) when the law requires us to do so. Please see below for more information.
We must also share your information if a court of law orders us to do so. |
NHS Digital
|
Care Quality Commission (CQC)
|
Public Health
|
We are required by law to provide you with the following information about how we handle your information and our legal obligations to share data.
Data Controller contact details
|
Dr E Mansoor 22B Westbury Street, thornaby, TS17 6PG |
Data Protection Officer contact details
|
Liane Cotterill Senior Governance Manager & Data Protection Officer
|
Purpose of the processing
|
Compliance with legal obligations or court order. |
Lawful basis for processing
|
The following sections of the GDPR mean that we can share information when the law tells us to.
Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’ |
Recipient or categories of recipients of the processed data
|
|
Rights to object and the national data opt-out
|
There are very limited rights to object when the law requires information to be shared but government policy allows some rights of objection as set out below.
NHS Digital
The national data op-out model provides you with an easy way of opting-out of identifiable data being used for health service planning and research purposes, including when it is shared by NHS Digital for these reasons. To opt-out or to find out more about your opt-out choices please go to NHS Digital’s website: https://digital.nhs.uk
Public health
Care Quality Commission
Court order
|
Right to access and correct |
|
Retention period
|
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the practice.
|
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113 |
NATIONAL SCREENING PROGRAMMES
National screening programmes
|
We are required by law to provide you with the following information about how we handle your information in relation to our legal obligations to share data.
Data Controller contact details
|
Dr E Mansoor 22B Westbury Street, Thornaby, TS17 6PG |
Data Protection Officer contact details
|
Awaiting name & contact from CCG |
Purpose of the processing
|
|
Lawful basis for processing
|
The following sections of the GDPR allow us to contact patients for screening.
Article 6(1)(e) – ‘processing is necessary…in the exercise of official authority vested in the controller...’’
Article 9(2)(h) – ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and services...’ |
Recipient or categories of recipients of the processed data
|
The data will be shared with : NHS Digital Care Quality Commission Our local health Protection team Public health With the court if ordered |
Rights to object
|
For national screening programmes: you can opt so that you no longer receive an invitation to a screening programme. See: https://www.gov.uk/government/publications/opting-out-of-the-nhs-population-screening-programmes
Or speak to your practice nurse or GP
|
Right to access and correct |
|
Retention period
|
GP medical records will be kept in line with the law and national guidance. Information on how long records can be kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016 or speak to the practice.
|
Right to complain
|
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113
|
Data we get from other organisations |
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service. |
Subject Access Request
This right, commonly referred to as subject access, is created by section 7 of the Data Protection Act. It is most often used by individuals who want to see a copy of the information an organisation holds about them. However, the right of access goes further than this, and an individual who makes a written request and pays a fee is entitled to be:
- told whether any personal data is being processed;
- given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
- given a copy of the information comprising the data; and given details of the source of the data (where this is available).
An individual can also request information about the reasoning behind any automated decisions, such as a computer-generated decision to grant or deny credit, or an assessment of performance at work (except where this information is a trade secret). Other rights relating to these types of decisions are dealt with in more detail in automated decision taking.
In most cases you must respond to a subject access request promptly and in any event within 40 calendar days of receiving it. However, some types of personal data are exempt from the right of subject access and so cannot be obtained by making a subject access request. For more information, please see exemptions.
For further information please visit the Information Commissioners Office: https://ico.org.uk