COVID Privacy Updated Notice November 2020 (see Privacy Notice Link)
In light of current challenges and risks posed to health and care services and to the public, as a result of the COVID pandemic, we (OHSEL Integrated Care System Digital Team on behalf of the SEL ICS Partners) are establishing COVID specific data sharing from GP Practices across South East London. This will enable GP Practices, managing on the front line, as well as Integrated Care System Partners, CCG, Borough leaders and other key Health and care professionals working at a London level, to better support the COVID situation and response.
This process has been discussed extensively with key Data Protection Officers representing SEL Primary Care and Practices, the SEL LMC and SEL CCG as well as the OHSEL ICS Digital and IG Team and is being progressed under the COPI notice issued by the Secretary of State for Health and Social Care under regulation 3 of The Health Service (Control of Patient Information) Regulations 2002. This provides a clear legal basis for undertaking this data sharing and supporting services and the pandemic.
How we use your medical records:
This practice handles medical records in-line with laws on data protection and confidentiality.
We share medical records with those who are involved in providing you with care and treatment.
In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill.
We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
You have the right to be given a copy of your medical record.
You have the right to object to your medical records being shared with those who provide you with care.
You have the right to object to your information being used for medical research and to plan health services.
You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. Please speak to a member of staff for more information about your rights.
See below for our full privacy notice
NHS Summary Care Record
NHS Summary Care Record with additional information
If you are registered with a GP practice in England you will have a Summary Care Record (SCR), unless you have previously chosen not to have one. It includes important information about your health:
Medicines you are taking
Allergies you suffer from
Any bad reactions to medicine
You may need to be treated by health and care professionals that do not know your medical history. Essential details about your healthcare can be difficult to remember, particularly when you are unwell or have complex care needs. Having an SCR means that when you need healthcare you can be helped to recall vital information.
SCRs can help the staff involved in your care make better and safer decisions about how best to treat you.
You can choose to have additional information included in your SCR, which can enhance the care you receive. This information includes:
Your illnesses and health problems
Operations and vaccinations you have had in the past
How you would like to be treated – such as where you would prefer to receive care
What support you might need
Who should be contacted for more information about you
What to do next
If you would like this information adding to your SCR, then please complete this form, for return to the relevant GP surgery.
Health Records Sharing for Research Opt-Out
Choose if data from your health records is shared for research and planning, find out more and how to opt-out on the NHS website.
Transferring Your Electronic Health Record
Your GP practice holds copies of your patient health record electronically and in paper format. Both contain the healthcare information about you that your GP needs including your medical history, medications, allergies, immunisations and vaccinations.
If you have previously registered with a different GP in England, upon registering at this practice your electronic health record will, where possible, be transferred automatically from your previous practice through the use of an NHS system called GP2GP.
How we use your personal information
This Privacy Notice explains why the GP practice collects information about you and how that information may be used.
Health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.).
These records are used to help to provide you with the best possible healthcare.
NHS health care records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records this GP Practice hold about you may include the following information;
- Details about you, such as your name, address, carers, legal representatives and emergency contact details
• Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations such as laboratory tests, x-rays, etc.
• Relevant information from other health professionals, relatives or those who care for you.
To ensure you receive the best possible care we share your medical records with other health professionals who are involved in providing you with care and treatment. This is only ever on a need-to-know basis and event by event.
Some of your data is automatically copied to the Shared Care Summary Record*
We share some of your data with local out-of-hours provider
Data about you is used to manage national screening campaigns such as flu, cervical cytology and diabetes prevention.
Your data about you is used to manage the NHS and make payments.
We share information when the law requires us to, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people.
Your data is used to check the quality of care provided by the NHS.
Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose.
Who are our partner organisations?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organizations;
- NHS Trusts / Foundation Trusts
• NHS Commissioning Support Units
• Independent Contractors such as dentists, opticians, pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups
• Social Care Services
• Health and Social Care Information Centre (HSCIC)
• Local Authorities
• Education Services
• Fire and Rescue Services
• Police & Judicial Services
• Voluntary Sector Providers
• Private Sector Providers
• Other ‘data processors’ which you will be informed of
You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required.
We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.
Don’t want to share?
All our patients can choose not to share their information. Should you wish to opt out of data collection, please contact a member of staff, alternatively, patients can set their opt-out preferences at https://www.nhs.uk/your-nhs-data-matters/ You will need their NHS number and a valid email address or telephone number which is on the GP record or on the Personal Demographics Service database to register their decision to opt out. Patients who are unable to use the online facility can use a phone helpline to manage their choice –0300 303 5678. A paper print-and-post form is also available at https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/other-ways-to-manage-your-choice/
Alternatively, please contact a member of staff for support.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
- Data Protection Act 1998 and General Data Protection Regulation 2016
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and Records Management
• Information: To Share or Not to Share Review
Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the new information sharing principle.
Access to personal information
You have a right under the Data Protection Act 1998 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. This is known as the “right of subject access.” If you would like access to your GP record either in electronic or physical format please do the following:
- Sign up to online services (Patient Access) where you can also access your medical records
- If you require hard copies of your records your request must be made in writing to the GP.
- You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located
Change of Details
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
If you’re not happy about how we manage your information
We really want to make sure you’re happy, but we understand that sometimes things can go wrong. If you are unhappy with any part of our data-processing methods, you can complain. For more information, visit ico.org.uk and select ‘Raising a concern’.
We always make sure the information we give you is up-to-date. Any updates will be published on our website, in our newsletter and leaflets, and on our posters. This policy will be reviewed in May 2020.
LOCAL CARE RECORDS
We are one of pilot practices taking part in this exiting project. Local Care Records enables real time sharing and viewing of patient information with local acute (Kings College Hospital and Guys and St.Thomas’ Hospital) and mental health trust (Maudsley Hospital). This should deliver huge benefits to healthcare professionals and patients.
NHS Digital has a statutory role to collect and process health and social care information which is set out in the Health and Social Care Act 2012.
NHS Digital’s fair processing materials, available at http://content.digital.nhs.uk/patientconf explain and provide further information on:
what NHS Digital collects – the types of information the NHS Digital collects and what it’s used for
personal information choices – people’s rights regarding care information
information requests from organisations – how organisations can ask NHS Digital to collect or provide access to care information
assurance bodies and processes – how the information requests NHS Digital receive are carefully looked at
examples of benefits that have been realised through the provision of such information including case studies involving breast cancer and diabetes that are available at: http://content.digital.nhs.uk/benefitscasestudies/extracts
The NHS Digital is absolutely committed to keeping all of the data it handles safe and secure and applies the same principle to any data that is released outside of the organisation.
Information is only ever shared with organisations that have gone through a strict application process, who can demonstrate they have a legitimate reason to access the data to use it for the benefit of health and care purposes, as per the new protections introduced as part of the Care Act 2014, and who have signed a legally binding agreement. So for example commercial companies cannot receive information for insurance or marketing purposes.
As part of the application process the Data Access Advisory Group, an independent group, hosted by the NHS Digital, considers all applications for data that are identifiable or de-identified for limited access.
The NHS Digital also regularly publishes a register of data releases at: http://content.digital.nhs.uk/dataregister showing where data has been released, to which organisation and for which purposes.
If your patients do require any further information that is not already covered within our web pages we can be contacted by email at email@example.com or by phone on 0300 303 5678.
This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
For more information on how we share your information with organisations who are directly involved in your care can be found here.
Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record.
You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object. You also have the right to have any mistakes or errors corrected.
Other important information about how your information is used to provide you with healthcare
Registering for NHS care
All patients who receive NHS care are registered on a national database.
This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
The database is held by NHS Digital a national organisation which has legal responsibilities to collect NHS data.
More information can be found at: https://digital.nhs.uk or the phone number for general enquires at NHS Digital is 0300 303 5678
Identifying patients who might be at risk of certain diseases
Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
This means we can offer patients additional care or support as early as possible.
This process will involve linking information from your GP record with information from other health or social care services you have used.
Information which identifies you will only be seen by this practice.
Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
These circumstances are rare.
We do not need your consent or agreement to do this.
Please see our local policies for more information:
We are required by law to provide you with the following information about how we handle your information.
Data Controller contact details, see privacy link.
Purpose of the processing:
To give direct health or social care to individual patients.
For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
To check and review the quality of care. (This is called audit and clinical governance).
Lawful basis for processing
These purposes are supported under the following sections of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’;
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Recipient or categories of recipients of the processed data
The data will be shared with:
healthcare professionals and staff in this surgery;
out of hours services;
diagnostic and treatment centres;
or other organisations involved in the provision of direct care to individual patients.
Rights to object
You have the right to object to information being shared between those who are providing you with direct care.
This may affect the care you receive – please speak to the practice.
You are not able to object to your name, address and other demographic information being sent to NHS Digital.
This is necessary if you wish to be registered to receive NHS care.
You are not able to object when information is legitimately shared for safeguarding reasons.
In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
The information will be shared with the local safeguarding service , Lambeth Council
Right to access and correct
You have the right to access your medical record and have any errors or mistakes corrected. Please speak to a member of staff
We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: digital.nhs.uk
or speak to the practice.
Right to complain
You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link
https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113
Data we get from other organisations We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happens. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.