Undercliffe Surgery

01924 403406

General Data Protection Regulation

Due to the coronavirus pandemic training processes have been amended to reflect implemented safety measures.

Previously trainee GP’s would video record their face to face consultations which would be reviewed with their trainers. As we are now offering telephone consultations the trainee GP’s will now be assessed on recordings of these calls.

We have been recording telephone calls for several years following an upgrade to our telephone system. All recordings are kept securely on our server and do not leave the building. The recordings used for this assessment will be shared with our on-site trainers and those at the local and national training programme.

Patients can decline this recording and will be booked in with an alternative clinician.

We want to make patients aware that from the 25th May 2018 the ‘General Data Protection Regulations’ (GDPR) will come in to force in the UK  – the information on this page is currently been updated to ensure that our patients have the information they need about how their Personal Health Data is processed, stored and shared. The Practice is currently working through the new legislation requirements, reviewing and updating our policies and procedures, training our Practice Team members and preparing update information ready for publication for our patients. You can download the GDPR patient information leaflet here: GDPR patient leaflet:  A4 GDPR patient leaflet

UNDERCLIFFE SURGERY PRIVACY NOTICE SUMMARY

How Undercliffe Surgery uses your information to provide you with healthcare

This practice keeps medical records confidential and complies with the General Data Protection Regulation.

We hold your medical record so that we can provide you with safe care and treatment.

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.

  • We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
  • For more information on who we share your information with please see the General Fair Processing Privacy Notice, link below.
  • Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: https://digital.nhs.uk/summary-care-records
  • You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object.

We have inserted here a link to the practices full Privacy Notice should you wish to understand this further: General Fair Processing Privacy Notice

Covid-19 and your information – Updated on 8th April 2020

This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available on our Practice Website on the General Data Protection Regulation page.

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arms Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk and some FAQs on this law are available on NHS Digital website.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs we may share your confidential patient information including health and care records with clinical and non clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.

During this period of emergency we may offer you a consultation via telephone or videoconferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is available on gov.uk.

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated

SUBJECT ACCESS REQUESTS – Access to your GP record

This right, commonly referred to as subject access, is created by section 7 of the Data Protection Act. It is most often used by individuals who want to see a copy of the information an organisation holds about them.

Who can make an Access Request?

An application for access to personal data may be made to the Practice by any of the following:-

  • an individual
  • a person authorised by the individual in writing to make the application on an individual’s behalf e.g. solicitor, family member, carer
  • a person having parental responsibility for the individual where he/she is a child.
  • a person appointed by a court to manage the affairs of an individual who is deemed incompetent
  • individuals who hold a health and welfare Lasting Power of Attorney
  • where the individual has died, the personal representative and any person who may have a claim arising out of the individual’s death (the executor of the deceased’s will; someone who has been appointed as an Administrator of the Estate by the Courts; someone who has the written consent of either of the above to be given access, someone who is in the process of challenging the deceased’s will)

Application

Individuals wishing to exercise their right of access should:

  • Make a written application to the Practice holding the records, including via electronic means
  • Provide such further information as the Practice may require to sufficiently identify the individual

The Practice requires completion of this form: Subject Access Request form  for all Subject Access Requests.  As evidence of identity is required with submission of this form please see the following for a list of acceptable identity: Acceptable identity evidence

The practice have also developed a document containing additional information that is relevant to all Subject Access Requests and has added a link: Additional SAR Info

The Practice as “data controller” is responsible for ascertaining the purpose of the request and the manner in which the information is supplied.  The Practices preferred method of supplying patients with access to their records will be via SystmOnline.