GDPR

Dr M Fateh Privacy Policy GDPR

 How we use your personal information

Privacy notice explains why we collect information about you, how that information may be used, how we keep it safe and confidential and what your rights are in relation to this

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. Hospital, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.

We collect and hold data for providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form.

The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and also information such as outcomes of needs assessments

Details we collect about you

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. from Hospitals, GP Surgeries, A&E, etc.). These records help to provide you with the best possible healthcare.

Records which this GP Practice may hold about you include the following:



    • Details about you, such as your address and next of kin

    • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.

    • Notes and reports about your health

    • Details about your treatment and care

    • Results of investigations, such as laboratory tests, x-rays, etc.

    • Relevant information from other health professionals, relatives or your carersYour records will be retained in accordance with the NHS Code of Practice for Records ManagementEveryone working for our organisation is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law. The NHS Digital Code of Practice on Confidential Information applies to all NHS staff and they are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. All our staff are expected to make sure information is kept confidential and receive regular training on how to do this.We also make sure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.

    • We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

    • The health records we use may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your records are backed up securely in line with NHS standard procedures. We ensure that the information we hold is kept in secure locations, is protected by appropriate security and access is restricted to authorised personnel.

    • How we keep your information confidential and safe 




    • Data Protection Act 2018

    • Human Rights Act

    • Common Law Duty of Confidentiality

    • NHS Codes of Confidentiality and Information Security

    • Health and Social Care Act 2015

    • And all applicable legislation

    • We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if we reasonably believe that others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (such as a risk of serious harm to yourself or others) or where the law requires information to be passed on



 

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used/received from the following organisations:-



    • NHS Trusts / Foundation Trusts

    • GP’s

    • NHS Commissioning Support Units

    • Independent Contractors such as dentists, opticians, pharmacists

    • Private Sector Providers

    • Voluntary Sector Providers

    • Ambulance Trusts

    • Clinical Commissioning Groups

    • Social Care Services

    • NHS Digital

    • Local Authorities

    • Education Services

    • Fire and Rescue Services

    • Police & Judicial Services

    • Other ‘data processors’ which you will be informed of



You will be informed who your data will be shared with and in some cases asked for explicit consent for this happen when this is required.

We do not use external companies to process personal information or for archiving purposes.

In all cases, your information is only accessed and used by authorised staff who are involved in providing or supporting your direct care. Your permission will be asked before information is accessed, other than in exceptional circumstances (e.g. emergencies) if the healthcare professional is unable to ask you and this is deemed to be in your interests (which will then be logged).

 

Access to personal information

You have a right under the Data Protection Act 2018 to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate.  In order to request this, you need to do the following:



    • Your request must be made in writing to the GP - for information from the hospital you should write direct to them

    • There is no charge to have a printed copy of the information held about you but we are within our rights to request that you register for online access to enable you to access this information.

    • Under the Data Protection Act 2018 we may impose a charge for printed copies of the same information if these can be deemed as excessive requests.

    • We are required to respond to you within 28 days.

    • You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located 



Objections / Complaints 

Should you have any concerns about how your information is managed by your GP Practice, please contact the Practice Manager.  If you are still unhappy following a review by the GP practice, you can then complain to the Information Commissioners Office (ICO) via their website (www.ico.org.uk). 

Change of Details 

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended.  You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Notification

The Data Protection Act 2018 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.  

This information is publicly available on the Information Commissioners Office website www.ico.org.uk

The practice is registered with the Information Commissioners Office (ICO).

 

Who is the data Processor?

This is the person/people or organisation that is responsible for using and recording your information. All staff at Dr Fateh’s Surgery are individual Data Processors

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is Dr Fateh’s Practice

Data Protection Officer (DPO)

The Data Protection Officer has overall responsibility for GDPR within this area.  Our designated DPO is: Dr M Fateh Carole Bonner and Saquib Gillett-Waller

Patient Confidentiality

The practice complies with the Data Protection Act.  All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the surgery or being registered at the Practice. All patients can expect that their personal information will not be disclosed without their permission except in the most exceptional of circumstances, when somebody is at grave risk of serious harm.

All members of the primary health care team (from reception to doctors) in the course of their duties will have access to your medical records. They all adhere to the highest standards of maintaining confidentiality.

As our reception area is a little public, if you wish to discuss something of a confidential nature please mention it to one of the receptionists who will make arrangements for you to have the necessary privacy.

Under 16s

The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person. Young people aged under 16 years can choose to see health professionals, without informing their parents or carers. If a GP considers that the young person is competent to make decisions about their health, then the GP can give advice, prescribe and treat the young person without seeking further consent.

However, in terms of good practice, health professionals will encourage young people to discuss issues with a parent or carer. As with older people, sometimes the law requires us to report information to appropriate authorities in order to protect young people or members of the public.

 

Useful Websites



    •  



Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website