Patient Confidentiality and Data Protection
Privacy Notice Confidentiality affects everyone. We collect, store and use large amounts of personal data every day, such as medical or personal records which may be paper-based or held on a computer. We take our duty to protect your personal information and confidentiality very seriously and work hard to ensure it is held securely and only accessed on a need to know basis.
Confidentiality affects everyone. We collect, store and use large amounts of personal data every day, such as medical or personal records which may be paper-based or held on a computer. We take our duty to protect your personal information and confidentiality very seriously and work hard to ensure it is held securely and only accessed on a need to know basis.
What information does Sunderland GP Alliance hold about you?
- Name, address, date of birth, next of kin
- Contacts we have had with you such as appointments or visits
- Details of diagnosis and treatment
- Results of x-rays, scans and laboratory tests.
- Allergies and health conditions
- Information from people who care for you and know you well such as health or social care professionals, relatives or carers.
Why we collect information about you
We need accurate and up to date information about you so that we can give you the best possible care and make sure we contact you at the right address and phone number. We will check your details with you when you visit and please let us know of any changes, for example, to your address or phone number.
How we keep your records confidential
Everyone working for the NHS must comply with the Common Law Duty of Confidence. Information you give to us in confidence will only be used for the purposes explained to you and to which you consented, unless there are other circumstances covered by the law. We comply with the NHS Confidentiality Code of Conduct.
All our staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
All manual and computerised records are stored in secure environments with access strictly controlled.
If someone other than you (e.g. relative or friend) contacts us to find out about your care or treatment we will not be able to talk to them unless we have your permission (apart from parents/guardians of children who are recorded as next of kin).
How we use your personal information
Your records are used to direct, manage and deliver your care so that:
- Clinical staff involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you.
- Clinical staff have the information they need to assess and improve the quality and type of care you receive.
- Administrative staff supporting your care can sort out your appointments, deal with queries, produce letters etc.
- Appropriate information is available if you see another doctor, or are referred to a specialist or another part of the NHS or social care.
We also use information we hold about you to:
- Review the care we provide to ensure it is of the highest standard and quality
- Ensure our services can meet patient needs in the future
- Investigate patient queries, complaints and legal claims
- Ensure the GP practice receives payment for the care you receive
- Prepare statistics on NHS performance
- Audit NHS accounts and services
- Undertake heath research and development (with your consent – you may choose whether or not to be involved)
- Help train and educate healthcare professionals
We may use your telephone number(s) to send your appointment details via a SMS text message a few days before your appointment. Most of our patients appreciate these reminders and we know that it reduces the number of missed appointments, but if you do not wish to receive them please let us know.
We may use your details to ask you to do patient satisfaction surveys about the services and care you have used in our practice. This is to improve the way we deliver healthcare to you and other patients. We will not contact you with marketing material.
When do we share information about you?
Direct care purposes:
Unless you object, we will normally share information about you with other health and social care professionals directly involved in your care so that you may receive the best quality care. For example, if we refer you to a hospital or for another service such as physiotherapy, we will give that service relevant information about you and your condition.
You may be receiving care from other people as well as the NHS, for example Social Care Services. We may need to share some information about you with them so we can all work together for your benefit. We will only do this when they have a genuine need for it or we have your permission. There are exceptional circumstances when we have to share information, for example, when either your or somebody else’s health and safety is at risk; or we have to by law e.g. for certain infectious diseases, child or adult safeguarding, formal court order, or where a serious crime has been committed.
Where patient information is shared with other organisations we will put in place an information sharing agreement to ensure we are sharing your information legally and securely.
Indirect Care Purposes:
We may also be asked by other statutory bodies to share basic information about you, such as your name and address, but not sensitive information from your health records. But this will only be done if this is required by law. Normally where we are not using your information for your direct care, we will anonymise the information i.e. strip out anything that can identify you
National Data Opt Out:
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
www.hra.nhs.uk/information-about-patients (which covers health and care research); and
understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.
We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections.
- Data Protection Officer contact details
James Carroll 0191 4041000 Ext 3436
- Purpose of the processing
Direct Care is care delivered to the individual alone, most of which is provided in the surgery or a clinical service. After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care.
- Lawful basis for processing
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”*
- Recipient or categories of recipients of the processed data
The data will be shared with Health and care professionals and support staff in this surgery or clinical service and at hospitals, diagnostic and treatment centres who contribute to your personal care.
- Rights to object
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or Sunderland GP Alliance. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance
Your right to object to recording or sharing information
If you feel that you are being asked for information you would prefer not to have recorded, or have concerns about how it is used or shared, please let your GP know and we will record this in your records so that all staff involved in your care are aware of your decision. Please be aware that if you make this choice, it may make it difficult to give you treatment so talk this through with your GP so that they can let you know of any potential impact. You can also change your mind at any time about a disclosure decision.
If you think any information we hold about you is inaccurate please let us know. If your GP is concerned that by changing your information it could cause you or our staff harm we may not change the information but we will document your objection in your records.
Your individual rights are;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
How you can access your records
The General Data Protection Regulation 2017 gives you a right to access the information we hold about you (unless an exemption applies). Requests can be made verbally or in writing and no fees will be chargeable. We will provide your information to you within 30 days. Requests which are manifestly unfounded or excessive could be refused or a reasonable fee charged. If a request is refused we will inform you as to reasons why within 1 month and you have the right to complain to the supervisory authority.
Sunderland GP Alliance – Business Innovation Centre, Sunderland, SR5 2TA
Telephone (0191) 5166076
How long do we retain your records?
Your data will be retained in line with the law and national guidance. GP records are kept for 10 years after a person has deceased.
Further information and useful contacts
If you have any queries or concerns about how we use your information please contact:
0191 4041000 Ext 3436
Sunderland GP Alliance – Business Innovation Centre, Sunderland, SR5 2TA
Telephone (0191) 5166076
Information Commissioners Office:
You have a right to complain to the Information Commissioner if ever you are unsatisfied with the way the practice has handled or shared your personal information. ico.org.uk/concerns/ Tel: 0303 123 1113.
There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)
The General Practice Data for Planning and Research (GPDPR) service
NHS Digital is replacing the General Practice Extraction Service with a new system called the General Practice Data for Planning and Research (GPDPR) service, a broader general-purpose collection which will enable faster access to pseudonymised patient data for planners and researchers.
Practices will have been sent a data provision notice (DPN) on around 12 May from their system supplier. This provides a 6 week notice of data collection which will begin on 1st July. Any opt-out from a patient must be applied by the practice prior to 30 June 2021.
For further information, please click here.
Information on Policies
Any information on our policies or DPIA’s can be requested by contacting us here