General Data Protection Regulation (GDPR)

Introduction

Westcourt Medical Centre is continually working to comply with the General Data Protection Regulation which came into effect on 25th May 2018. We will reviewing how GDPR affects the way the surgery processes your personal data, including confidential health records. There is no deadline currently for GP practices to be fully compliant but there is an expectancy for surgeries to be actively working towards full compliance from 25th May 2018.

To ensure all patients at Westcourt are made aware of their rights under the new legislation, and so that the surgery meets its responsibilities under the GDPR, we will be adding information to this page as it becomes available to us and when centrally-approved by NHS England.

We text those patients who have agreed to receiving appointment reminders, and other healthcare-related messages such as the Friends and Family Test feedback, on their mobile phones.

If you no longer want to receive any text reminders, you have the right to opt out. Please note that by opting out, it means you will not receive any texts from the practice, but you can opt in again at any time. Please let the practice know if you wish to opt out.

For details on opting out of sharing your data, please click on the link further down this page for the FULL PRIVACY NOTICE including details of the routes on opting out.

Type 1  Opt Out Form

An informational video on how the NHS uses your data, created by NHS England, is below.  Please also visit the NHS Digital website for further information.

 

PRIVACY NOTICE - Introduction

Your Personal Information - What You Need To Know

This privacy notice explains why we collect information about you, how that information will be used, how we keep it safe and confidential and what your rights are in relation to this.

Why We Collect Information About You

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received.  These records help to provide you with the best possible healthcare and help us to protect your safety.

We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services. We will keep your information in written form and/or in digital form.

Our Commitment to Data Privacy and Confidentiality Issues

As a GP practice, all of our GPs, staff and associated practitioners are committed to protecting your privacy and will only process data in accordance with the Data Protection Legislation.  This includes the General Data Protection Regulation (EU) 2016/679  (GDPR), the Data Protection Act (DPA) 2018, the Law Enforcement Directive (Directive (EU) 2016/680) (LED) and any applicable national Laws implementing them as amended from time to time.  The legislation requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.

In addition, consideration will also be given to all applicable Law concerning privacy, confidentiality, the processing and sharing of personal data including the Human Rights Act 1998, the Health and Social Care Act 2012 as amended by the Health and Social Care (Safety and Quality) Act 2015, the common law duty of confidentiality and the Privacy and Electronic Communications (EC Directive) Regulations.

Data We Collect About You

Records which this GP practice will hold or share about you will include the following:

  • Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Special Categories of Personal Data – this term describes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. 
  • Confidential Patient Information – this term describes information or data relating to their health and other matters disclosed to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence.  Including both information ‘given in confidence’ and ‘that which is owed a duty of confidence’. As described in the Confidentiality: NHS code of Practice: Department of Health guidance on confidentiality 2003.
  • Pseudonymised - The process of distinguishing individuals in a dataset by using a unique identifier which does not reveal their ‘real world’ identity.
  • Anonymised – Data in a form that does not identify individuals and where identification through its combination with other data is not likely to take place.
  • Aggregated - Statistical data about several individuals that has been combined to show general trends or values without identifying individuals within the data.

How We Use Your Information

Improvements in information technology are also making it possible for us to share data with other healthcare organisations for the purpose of providing you, your family and your community with better care.  For example it is possible for healthcare professionals in other services to access your record with your permission when the practice is closed.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

The information above is an introduction to the surgery's complete 'Privacy Notice'. The full Privacy Notice is available below - please click on the link to open and read/download.


 

Downloadable Version

FULL PRIVACY NOTICE

 

GDPR Video