We want to make patients aware that from the 25th May 2018 the ‘General Data Protection Regulations’ (GDPR) will come in to force in the UK – the information on this page is currently been updated to ensure that our patients have the information they need about how their Personal Health Data is processed, stored and shared. The Practice is currently working through the new legislation requirements, reviewing and updating our policies and procedures, training our Practice Team members and preparing update information ready for publication for our patients. You can download the GDPR patient information leaflet here: GDPR patient leaflet: A4 GDPR patient leaflet
UNDERCLIFFE SURGERY PRIVACY NOTICE SUMMARY
How Undercliffe Surgery uses your information to provide you with healthcare
This practice keeps medical records confidential and complies with the General Data Protection Regulation.
We hold your medical record so that we can provide you with safe care and treatment.
We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.
- We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital. Or your GP will send details about your prescription to your chosen pharmacy.
- For more information on who we share your information with please see the General Fair Processing Privacy Notice, link below.
- Healthcare staff working in A&E and out of hours care will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions. This will involve the use of your Summary Care Record. For more information see: https://digital.nhs.uk/summary-care-records
- You have the right to object to information being shared for your own care. Please speak to the practice if you wish to object.
We have inserted here a link to the practices full Privacy Notice should you wish to understand this further: General Fair Processing Privacy Notice
SUBJECT ACCESS REQUESTS – Access to your GP record
This right, commonly referred to as subject access, is created by section 7 of the Data Protection Act. It is most often used by individuals who want to see a copy of the information an organisation holds about them.
Who can make an Access Request?
An application for access to personal data may be made to the Practice by any of the following:-
- an individual
- a person authorised by the individual in writing to make the application on an individual’s behalf e.g. solicitor, family member, carer
- a person having parental responsibility for the individual where he/she is a child.
- a person appointed by a court to manage the affairs of an individual who is deemed incompetent
- individuals who hold a health and welfare Lasting Power of Attorney
- where the individual has died, the personal representative and any person who may have a claim arising out of the individual’s death (the executor of the deceased’s will; someone who has been appointed as an Administrator of the Estate by the Courts; someone who has the written consent of either of the above to be given access, someone who is in the process of challenging the deceased’s will)
Individuals wishing to exercise their right of access should:
- Make a written application to the Practice holding the records, including via electronic means
- Provide such further information as the Practice may require to sufficiently identify the individual
The Practice requires completion of this form: Subject Access Request form for all Subject Access Requests. As evidence of identity is required with submission of this form please see the following for a list of acceptable identity: Acceptable identity evidence
The practice have also developed a document containing additional information that is relevant to all Subject Access Requests and has added a link: Additional SAR Info
The Practice as “data controller” is responsible for ascertaining the purpose of the request and the manner in which the information is supplied. The Practices preferred method of supplying patients with access to their records will be via SystmOnline.