General Data Protection Regulations 2018
Data Protection Privacy Notice
The GDPR (General Data Protection Regulation) came into force on 25th May 2018, replacing the current Data Protection Act. GDPR applies to all personal data held by an organisation in both automated and manual filing systems.
Keppoch Medical Practice’s Privacy Notice explains what personal data is held about patients, how it is collected and how it is processed. Keppoch Medical Practice (“the practice”) is also regulated by the NHS Greater Glasgow & Clyde and NSS Practitioner Services’ Privacy Notices (links below). Regulations on other rights, such as the Right to Erasure and the Right to Restrict Processing of personal information, are detailed in these documents.
NHSGGC Data Protection Information
Practitioner Services Data Protection Information
Personal Information
When a patient registers with the practice, their personal information is recorded on the practice’s clinical system. Such information may include, but is not restricted to, name, address, date of birth, contact telephone numbers, e-mail address, next of kin, ethnicity, country of origin.
Medical history held by the patient’s current medical practice is sent to their new practice, either electronically or in paper format, to complete the registration process.
Each patient’s medical record will also include consultation records, correspondence, hospital letters and referrals, test results, treatment and medication, records of appointments, telephone calls, text messages, and any other information that is considered relevant to their medical care.
Accessing Personal Information
All members of the practice team, and all associated healthcare professionals, who have access to the information held in patients’ medical records are bound by strict rules of professional and contractual confidentiality.
The clinical team access and use patient information to provide care and medical treatment. In addition to this, patient information is accessed and used for administrative purposes, e.g. to book appointments, to generate prescriptions, to electronically file hospital and clinic records. Such access is strictly on a “need to know” basis and only as required to provide appropriate services and maintain the patient record.
Patients may be contacted by letter, telephone or e-mail. Those who consent to the practice using their mobile phone number will be sent text reminders of appointments and other messages relating to the provision of health care. Patients’ contact details may be shared with other healthcare professionals involved in their care.
Patient data is collected for the purpose of providing direct patient care. The practice can, however, disclose information if the patient provides their consent, or if it is required by law, or if it is in the public interest to do so.
Sometimes NHS Scotland also uses relevant information about patient health to help to improve NHS services and/or public health in Scotland, e.g., to find out how many people have a particular illness or disease. Information that identifies individual patients is removed whenever possible. If NHS Scotland uses information that does identify individual patients, e.g. to include in a disease register, they must explain how and why your information will be used. [See the NHSGGC and NSS Practitioner Services’ Privacy Notices above.]
Practice Participation in Research
Keppoch Medical Practice participates in research studies that the GP partners consider to be appropriate for, and to the benefit of, our patient population. For this purpose, associated healthcare professionals may be given access to patient records to search for people who might be suitable for specific research projects. Patients selected will be contacted directly to be asked if they are interested in participating and, if they are, to obtain their written consent. No personal identifiable data is removed from NHS systems or provided to any researchers without patient consent specific to this purpose.
Patients have the right to opt out of being contacted about research studies and should inform the practice in writing if this is the case. A note will then be made in their medical records to this effect.
Call Recording
The practice has the ability to record four of the telephone lines coming in to the practice. Calls are recorded for the purpose of training, to protect our staff, or identify any issues in practice processes with a view to improving them. Necessary data will be shared with Health and care professionals and support staff in this surgery. Call recordings will not be shared outside of the practice, unless we have a legal requirement to do so.
Text Messaging
Your mobile phone number will be used to send you text reminders of your appointments, to send texts regarding clinics and review appointment, to send out test results (in line with our text messaging results policy) and to send texts regarding administrative matters, eg surgery closures.
Online Consulting Tools
The practice utilises third party online consultation and review services such as econsult and medlink, both of which are fully GDPR compliant. Further information on their privacy policies can be found here:
eConsult Privacy Policy
Medlink Privacy Policy
Concerns Regarding Data Sharing
NHS Greater Glasgow & Clyde employs a Data Protection Officer to ensure that practices handle personal information in a way that meets data protection law. If you are unhappy with the way in which Keppoch Medical Practice uses your personal information, please contact:
Data Protection Officer e-mail: Data.Protection@ggc.scot.nhs.uk
NHS Greater Glasgow & Clyde
1 Smithhills Street Telephone: 0141 278 4774
Paisley
PA1 1EB
You also have the right to complain about how we use your personal information to the Information Commissioner’s Office (ICO). Details are on their website: http://www.ico.org.uk