GDPR

Data Privacy Law changed on 25 May 2018 and is now called General Data Protection Regulation (known as GDPR). This means you will have more control over how your data is used and ensures that organisations protect your personal data better. NHS organisations including GP practices already have strict confidentiality and data sharing processes in place but the following information outlines the processes and we have also attached a link to our Privacy Notices.

Privacy Notice for Patients

COVID Privacy Notice - updated 25.2.22

National Opt-Out Facility

You can choose whether your confidential patient information is used for research and planning.

Who can use your confidential patient information for research and planning?

It is used by the NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments.

Making your data opt-out choice

The current NHS Digital (NHSD) extract of GP data for Research purposes (known at the GPDPR) has been delayed due to NHSD wishing to review the way in which this data will be collected, to conduct more public involvement and information about the plans and change the way in which patients can opt out of the extract of their GP data.

Currently the only way to opt out is to complete a Type 1 opt out form and return this to the practice by the 1st September. However, this extract will not be taken until the NHSD have changed the way it will take the data and respect the patient’s choice for using their data. NHSD are introducing the following changes to the opt out process which will mean that patients will be able to change their opt-out status at any time:

  • Patients DO NOT need to register a Type 1 opt out by 1st September to ensure their GP data will not be uploaded.
  • NHS Digital will create the technical means to allow GP data that has previously been uploaded to the system via the GPDPR collection to be deleted when someone registers a Type 1 opt out
  • The plan to retire Type 1 opt outs will be defered for at least 12 months while they get the new arrangements up and running and will not be implemented without consultation with the RCGP, the BMA and the National Data Guardian.

This means that you can opt out at any time in the future and NHSD will delete data that they already have taken for research purposes, the deadline of 1.9.2020 has been delayed until a new system of opt out is developed. Hopefully, this will be a simple centralised approach via the NHS app or NHS website to avoid paper form and administration work for your GP.

We will update you when we know more about the NHSD plans to change how you can control who has access to your data.


How we keep your records confidential:

Everyone working for the NHS has a legal duty to keep information about you confidential. We have a duty to;

Maintain full and accurate records of the care we provide to you

  • Keep records about you confidential and secure
  • Provide information in a format that is accessible to you (e.g. large type if you are partially sighted)

 We will not share information that identifies you for any reason unless:

  • You ask us to do so
  • We ask and you give us specific permission
  • We have to do this by law
  • We have special permission for health or research purposes, or
  • We have special permission because the interests of the public are thought to be of greater importance than your confidentiality—for example, if you had a serious medical condition that may put others you had come into contact with at risk

We hold your records in STRICT CONFIDENCE

Who are our partner organisations?

We may share information with the following main partner organisations:

  • Strategic Health Authorities (SHA’s)
  • NHS Trusts (Hospitals)
  • Special Health Authorities
  • Ambulance Service

We may also share your information, with your consent and subject to strict sharing protocols on how it will be used, with:

  • Social Services
  • Education Services
  • Local Authorities
  • Voluntary Sector Providers
  • Private Sector

Anyone who receives information from us also has a legal duty to keep it confidential.

Why we collect information about you:

In the National Health Service we aim to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.

These records may include:

  • Basic details about you such as address, date of birth, next of kin
  • Contact we have had with you such as clinical visits
  • Notes and reports about your health
  • Details and records about your treatment and care
  • Results of x-rays, laboratory tests, etc.
  • Relevant information from people who care for you and know you well such as health professionals and relatives

It is good practice for people in the NHS who provide care to:

  • Discuss and agree with you what they are going to record about you
  • Give you a copy of letters they are writing about you, and
  • Show you what they have recorded about you, if you ask

How your records are used

The people who care for you use your records to:

  • Provide a good basis for all health decisions made in consultation with you and other health care professionals
  • Deliver appropriate health care
  • Make sure your health care is safe and effective, and
  • Work effectively with others providing you with health care

 Others may also need to use records about you to:

  • Check the quality of health care (such as clinical audit)
  • Protect the health of the general public
  • Keep track of NHS spending
  • Manage the health service
  • Help investigate any concerns or complaints you or your family have about your health care

Some information will be held centrally to be used for statistical purposes. In these instances we take strict measures to ensure that individual patients cannot be identified

We use anonymous information, wherever possible, but on occasions we may use personal identifiable information for essential NHS purposes such as research and auditing.

However, this information will only be used with your consent, unless the law requires us to pass on the information.

Notification

The Data Protection Act 1998 & General Data Protection Regulations 2018 require organisations to notify the Information Commissioner of the purposes for which they process personal information.

You have the right

You have the right to confidentiality under the General Data Protection Regulations 2018 (GDPR), Data Protection Act 1998 (DPA), the Human Rights Act 1998 and the common law duty of confidence (the Disability Discrimination and the Race Relations Acts may also apply)

How we use your personal information leaflet

You also have the right to ask for a copy of all records about you 

  • Your request must be made in writing to the organisation holding your information
  • We are required to respond to you within a calendar month
  • You will need to give adequate information (for example full name, address, date of birth, NHS number etc.)
  • You will need to be specific about the time period you wish to access as we are unable to comply with excessive requests.
  • You will be required to provide ID before any information is released to you

If you think anything is inaccurate or incorrect, please inform the organisation holding your information. We have provided the form below to help you request an amendment to your records.

Record amendment request form