This practice keeps data on you relating to who you are, where you live, what you do, your family, possibly your friends, your employers, your habits, your problems and diagnoses, the reasons you seek help, your appointments, where you are seen and when you are seen, who by, referrals to specialists and other healthcare providers, tests carried out here and in other places, investigations and scans, treatments and outcomes of treatments, your treatment history, the observations and opinions of other healthcare workers, within and without the NHS as well as comments and aide memoires reasonably made by healthcare professionals in this practice who are appropriately involved in your health care.
When registering for NHS care, all patients who receive NHS care are registered on a national database, the database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.
GPs have always delegated tasks and responsibilities to others that work with them in their surgeries, on average an NHS GP has between 1,500 to 2,500 patients for whom he or she is accountable. It is not possible for the GP to provide hands on personal care for each and every one of those patients in those circumstances, for this reason GPs share your care with others, predominantly within the surgery but occasionally with outside organisations.
If your health needs require care from others elsewhere outside this practice, we will exchange with them whatever information about you that is necessary for them to provide that care. When you make contact with healthcare providers outside the practice but within the NHS it is usual for them to send us information relating to that encounter. We will retain part or all of those reports. Normally we will receive equivalent reports of contacts you have with non-NHS services, but this is not always the case.
Your consent to this sharing of data, within the practice and with those others outside the practice is allowed by the Law.
People who have access to your information will only normally have access to that which they need to fulfil their roles, for instance admin staff will normally only see your name, address, contact details, appointment history and registration details in order to book appointments, the practice nurses will normally have access to your immunisation, treatment, significant active and important past histories, your allergies and relevant recent contacts whilst the GP you see or speak to will normally have access to everything in your record.
Should you require any further information on GDPR this can be found on the Information Commissioner’s Office (ICO) website Data Protection Officer is: Mr James Carroll Email address: stsft.dposunderlandpractices@nhs.net
Please note that if you are looking for a subject access request, please contact the practice directly and do not use the DPO email address.
You have the right to object to our sharing your data in these circumstances, but we have an overriding responsibility to do what is in your best interests. Please see below.
|
|
What information does Rickleton Medical Centre hold about you? |
• Name, address, date of birth, next of kin
• Contacts we have had with you such as appointments or visit
• Details of diagnosis and treatment
• Results of x-rays, scans and laboratory tests.
• Allergies and health conditions
• Information from people who care for you and know you well such as health or social care professionals, relatives or carers.
|
Why we collect information about you |
We need accurate and up to date information about you so that we can give you the best possible care and make sure we contact you at the right address and phone number. We will check your details with you when you visit and please let us know of any changes, for example, to your address or phone number.
|
How we keep your record confidential |
Everyone working for the NHS must comply with the Common Law Duty of Confidence. Information you give to us in confidence will only be used for the purposes explained to you and to which you consented, unless there are other circumstances covered by the law. We comply with the NHS Confidentiality Code of Conduct. All our staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
All manual and computerised records are stored in secure environments with access strictly controlled.
If someone other than you (e.g. relative or friend) contacts us to find out about your care or treatment, we will not be able to talk to them unless we have your permission (apart from parents/guardians of children who are recorded as next of kin).
|
How we use your personal information
|
Your records are used to direct, manage and deliver your care so that:
|
We also use information we hold about you to: |
We may use your telephone number(s) to send your appointment details via a SMS text message a few days before your appointment. Most of our patients appreciate these reminders and we know that it reduces the number of missed appointments, but if you do not wish to receive them, please let us know.
We may use your details to ask you to do patient satisfaction surveys about the services and care you have used in our practice. This is to improve the way we deliver healthcare to you and other patients. We will not contact you with marketing material.
|
When do we share information about you? |
Direct care purposes:
Unless you object, we will normally share information about you with other health and social care professionals directly involved in your care so that you may receive the best quality care. For example, if we refer you to a hospital or for another service such as physiotherapy, we will give that service relevant information about you and your condition.
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it, or we have your permission. There are exceptional circumstances when we have to share information, for example, when either your or somebody else’s health and safety is at risk; or we have to by law e.g. for certain infectious diseases, child or adult safeguarding, formal court order, or where a serious crime has been committed.
Where patient information is shared with other organisations, we will put in place an information sharing agreement to ensure we are sharing your information legally and securely.
Indirect care purposes:
We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. But this will only be done if this is required by law. Normally where we are not using your information for your direct care, we will anonymise the information i.e. strip out anything that can identify you.
|
National Data Opt Out |
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time. Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2022 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.
|
Your records and research
|
Rickleton Medical Centre are research active and there is the possibility that your records may be looked at by a member of staff at some point, who is not involved in your direct care. This is so that we can see if you are eligible to be invited to participate in approved research projects being run by the National Institute for Health and Care Research (NIHR) that may be relevant to you.
The National Institute for Health and Care Research fund, enable and deliver world-leading health and social care research that improves people’s health and wellbeing, and promotes economic growth.
Rickleton Medical Centre do benefit financially for participation in research.
If you are eligible to take part in research, we may use your contact details to invite you to receive further information about such research opportunities.
|
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following subsections.
|
|
1) Data Controller
|
Rickleton Medical Centre Office Row Rickleton Tyne & Wear NE38 9EH Telephone (0191) 415 0576
|
2) Data Protection Officer
|
James Carroll Telephone (0191) 404 1000 Ext 3436 stsft.dposunderlandpractices@nhs.net
|
3) Purpose of the processing |
Direct Care is care delivered to the individual alone, most of which is provided in the surgery. After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care.
|
4) Lawful basis for processing |
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR: Article 6(1) (e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’ Article 9(2) (h) ‘…necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…’
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” * |
5) Recipient or categories of recipients of the processed data |
The data will be shared with Health and care professionals and support staff in this surgery and at hospitals, diagnostic and treatment centres who contribute to your personal care. For example:
Sunderland Royal Hospital Queen Elizabeth Hospital Royal Victoria Infirmary Freeman Hospital James Cook Hospital
All other Clinics used for the purpose of a referral to Secondary Care
|
6) Rights to object |
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection; that is not the same as having an absolute right to have your wishes granted in every circumstance.
|
7) Right to access and correct |
You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.
|
8) Your right to object to recording or sharing information |
If you feel that you are being asked for information you would prefer not to have recorded or have concerns about how it is used or shared, please let your GP know and we will record this in your records so that all staff involved in your care are aware of your decision. Please be aware that if you make this choice, it may make it difficult to give you treatment so talk this through with your GP so that they can let you know of any potential impact. You can also change your mind at any time about a disclosure decision.
If you think any information, we hold about you is inaccurate please let us know. If your GP is concerned that by changing your information, it could cause you or our staff harm we may not change the information, but we will document your objection in your records.
Your individual rights are;
• the right to be informed; • the right of access; • the right to rectification; • the right to erasure; • the right to restrict processing; • the right to data portability; • the right to object; and • the right not to be subject to automated decision-making including profiling.
|
9) How you can access your records |
The General Data Protection Regulation 2018 gives you a right to access the information we hold about you (unless an exemption applies). Requests can be made verbally or in writing and no fees will be chargeable. We will provide your information to you within 30 days. Requests which are manifestly unfounded or excessive could be refused or a reasonable fee charged. If a request is refused, we will inform you as to reasons why within 1 month and you have the right to complain to the supervisory authority.
Rickleton Medical Centre Office Row Rickleton Tyne & Wear NE38 9EH Telephone (0191) 415 0576
|
10) How long do we retain your ecords? |
Your data will be retained in line with the law and national guidance. GP records are kept for 10 years after a person has deceased.
|
11) Right to Complain | You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/
or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate) There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website) |
12) Common Law Duty of Confidentiality
|
Common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent. The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent.
In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies. Three circumstances making disclosure of confidential information lawful are:
|
14) Shared PCN Clinical Services |
As a partner practice in Washington Primary Care Network (PCN) we will share your information with other shared services within the PCN who are part of your care provision and ongoing support. Where you engage with these services, your healthcare information will be held within a common system that can be accessed by all practices within the PCN.
All individuals who will have access to your records via PCN shared services are bound be the same requirements to maintain the confidentiality of your information as the staff within your practice.
The information held about you is used to provide health and social care, for the management of the services that the PCN provide, the management of the NHS, and also for public health reasons. It may also be used to contact you regarding the provision of these services.
Where you are receiving care from PCN shared services, information relating to the care provided will be added to your practice clinical record.
Information about you held within the PCN Clinical system will be accessed by authorised individuals who are involved in providing direct care to you or who support the provision of direct care or the management of these services. This will include:
The Washington PCN consists of the following practices;
Rickleton Medical Centre IJ Healthcare Concord Medical Practice The Stephenson Medical Practice Galleries Health Centre New Washington Medical Group Monument Surgery
To access any of your healthcare information held within the PCN Shared services, please contact the practice manager. |