How we use your data
This privacy notice explains why and what information we collect about you, and how that information may be used.
- Details about you, such as address and next of kin
- Any contact this or your previous practices have had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you and know you well
Your records are primarily used to facilitate the care you receive. However there are a number of crucial other uses for clinical data these include the ability to properly
- Check the quality of care we provide to everyone (ie clinical audit, responding to complaints)
- Protect the health of the general public
- Monitor how we spend public money
- Train healthcare workers
- Carry out research
- Help the NHS plan for the future.
- Risk stratification
For full details including all third parties we share data with, data retention periods, lawful basis for processing as well as information about your rights: please see our Fair Processing Notice linked below.
Fair Processing Notice
How we share your data
We are mindful of both the Data sharing laws and Caldicott principles that underpin Information Governance. We only share your data within these frameworks and Laws.
There is currently only one key national data sharing initiative– The Summary Care Record. There is one other local data sharing initiative – The Camden Integrated Digital Record.
Summary Care Record
The NHS in England uses an electronic record called the Summary Care Record (SCR) to support patient care.
It’s a copy of key information i.e. allergies and medication from your GP record and provides authorised healthcare staff faster, secure access to your essential information when it’s needed, for example when you attend accident & emergency.
For further information visit www.nhscarerecords.nhs.uk, email email@example.com or call the information line on 0300 303 5678 option 2.
What if I don’t want a summary care record?
You can opt out at any time by asking Reception.
The Camden Integrated Digital Record
Camden is linking together your health and social care information. This is so that your care providers in Camden can view the information needed in one place, to provide you with better more informed care.
This is a local initiative for Camden residents registered at a Camden GP practice. It has no relation to the Summary Care Record. No data will be shared with these or other third parties.
You can find more information about CIDR here.
What if I don’t want an integrated record?
You can opt out at any time by asking Reception.
The Practice is registered with the Data Protection Agency and is bound by the rules governing the collection and storage of personal data. Your personal data will only be seen by professionals at the practice involved in providing your care. Occasionally anonymised health information is sent to the Primary Care Trust to support quality monitoring, public health analysis and post-payment verification.
Under the Data Protection Act 1998, you have the right of access to your health records. If you wish to be given a copy of your records, a small fee will be charged for this service to cover the cost to the practice. If you would like to apply for access to your records, please speak to your Doctor or to the Assistant to Practice Manager.
Freedom of Information Act 2000
The Freedom of Information Act, gives the general right of access to all types of recorded information held by the practice. The intention of the Act is to encourage a spirit of openness and transparency in the NHS and the whole public sector. Our practice aims to fully support this.
GDPR – General Data Protection Regulation
Ask at reception and we will provide you with a subject access request form.
What is GDPR?
The GDPR is Europe’s new framework for data protection laws which apply as from 25th May 2018 – it replaces the previous 1995 data protection directive, which current UK law is based upon.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
- Practices must comply with subject access requests
- Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous
- There are new, special protections for patient data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Higher fines for data breaches – up to 20 million euros
What is ‘patient data’?
Patient data is information that relates to a single person, such as his/her diagnosis, name, age, earlier medical history etc.
What is consent?
Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Subject Access Requests (SARs)
Under the Data Protection Act 1998, all living individuals or ‘Data Subjects’ have a right to be informed of the following:
- If the practice holds, stores or processes personal data about them.
- A description of the Personal Data held, the purposes for which it is processed and to whom the personal data may be disclosed.
- A copy of any information held.
- To be informed as to the source of the data held.
Primrose Hill Surgery shares information from medical records:
- To support medical research when the law allows us to do so, for example to learn
more about why people get ill and what treatments might work best;
- We will also use your medical records to carry out research within the practice.
This is important because:
- The use of information from GP medical records is very useful in developing new
treatments and medicines;
- Medical researchers use information from medical records to help answer
important questions about illnesses and disease so that improvements can be
made to the care and treatment patients receive.
- We share information with the following medical research organisations with your explicit
consent or when the law allows: Clinical Research Network, University College Hospital
- You have the right to object to your identifiable information being used or shared for
medical research purposes. Please speak to the practice if you wish to object
Checking the quality of care - national clinical audits
Primrose Hill Surgery contributes to national clinical audits so that healthcare can be checked
- Information from medical records can help doctors and other healthcare workers
measure and check the quality of care which is provided to you.
- The results of the checks or audits can show where hospitals are doing well and where
they need to improve.
- The results of the checks or audits are used to recommend improvements to patient care.
- Data are sent to NHS Digital - a national body with legal responsibilities to collect data. The data will include information about you, such as your NHS Number and date of birth and information about your health which is recorded in coded form - for example the code for diabetes or high blood pressure.
- We will only share your information for national clinical audits or checking purposes when the law allows.
- For more information about national clinical audits see the Healthcare Quality Improvements Partnership website: https://www.hqip.org.uk/ or phone 020 7997 7370.
- You have the right to object to your identifiable information being shared for national clinical audits. Please contact the practice if you wish to object.
NHS Digital is a national body which has legal responsibilities to collect information about health and social care services.
- It collects information from across the NHS in England and provides reports on how the NHS is performing. These reports help to plan and improve services to patients.
- This practice must comply with the law to send data to NHS Digital, for example, when it is told to do so by the Secretary of State for Health or NHS England under the Health and Social Care Act 2012.
- More information about NHS Digital and how it uses information can be found at: https://digital.nhs.uk/home
- NHS Digital sometimes shares names and addresses of patients suspected of committing immigration offences with the Home Office. More information on this can be found here: https://www.gov.uk/government/publications/information-requestsfrom-the-home-office-to-nhs-digital
National Screening Programmes
The NHS provides national screening programmes so that certain diseases can be detected at an early stage.
- These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service.
- The law requires us to share your contact information with Public Health England so that you can be invited to the relevant screening programme.
- More information can be found at: https://www.gov.uk/topic/populationscreening-programmes or speak to the practice.