What is a privacy notice?
A privacy notice is a statement that discloses some or all of the ways in which the organisation gathers, uses, discloses and manages a patient’s data. It fulfils a legal requirement to protect a patient’s privacy.
We hold your patient records in the strictest confidence, regardless of whether they are electronic or on paper. We take all reasonable precautions to prevent unauthorised access to your records, however they are stored. Any information that may identify you is only shared with the practice team, or, if you are referred to hospital, to the clinician who will be treating you. We will only share information about you with anyone else if you give your permission in writing.
Why do we need one?
To ensure compliance with the General Data Protection Regulation (GDPR), we must ensure that information is provided to patients about how their personal data is processed in a manner which is:
- Concise, transparent, intelligible and easily accessible;
- Written in clear and plain language, particularly if addressed to a child; and
- Free of charge
What is the GDPR?
The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy. The GPDR came into effect on 25 May 2018.
How do we communicate our privacy notice?
Our organisation’s privacy notice is displayed on our website, through signage in the waiting room, and in writing (by means of this leaflet and full privacy notice document). We will:
- Inform patients how their data will be used and for what purpose
- Allow patients to opt out of sharing their data, should they so wish
What information do we collect about you?
Our service may need to access the medical records held by other health organisations that help us to make informed decisions about your continued health care and management. We will also need to share information we record about you with other health providers so that they can also provide the best care. This is achieved through a data sharing agreement allowing both organisations to view each other’s record in a secure way.
The registration process will create a sharing agreement between ourselves and other health care providers you may have contact with. Patient consent will allow us to view your health records held by other health organisations and vice versa. This will only be done in order to provide care that is appropriate to your needs.
How do we use your information?
Your data is collected for the purpose of providing direct patient care; through the data sharing agreement between practices and other health providers. Information relating to referrals (urgent and routine), complaints, significant events and DNAs are also monitored.
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO).
Accessing your records
You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.
What to do if you have any questions
1. Contact our Practice Manager via our Practice email address on email@example.com.
2. Contact the data protection officer, on firstname.lastname@example.org or via telephone on 0161 230 3035 (extension 211).
3. Ask to speak with one of our Practice Managers.
In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org and select ‘Raising a concern’.