Privacy Notice (May 2018)
North Beverley Medical Centre has a legal duty to explain how we use any personal information we collect about you, as a registered patient, at the practice. Staff at this practice maintain records about your health and the treatment you receive in electronic and paper format.
This Privacy Notice explains why North Beverley Medical Centre collects information about you, how that information may be used and which organisations the information will be shared with to ensure you receive the best possible care. North Beverley Medical Centre may change this notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 14th May 2018.
What information do we collect about you?
Your healthcare records contain information about your health and any treatment or care you have received previously (e.g. Hospital, GP surgery, Walk-In clinic etc.). NHS health records may be electronic, on paper or a mixture of both. At North Beverley Medical Centre we use an electronic medical records system called EMIS which has been accredited to the highest standards for use in GP Practices. We use a combination of working practices and technology to ensure that your information is kept confidential and secure. Your healthcare record may include the following information:
· Biographical details about you, such as address, date of birth and family details
· Details of your contact with us such as appointments with our GP’s and nurses
· Notes and reports about your health including diagnosis and treatment
· Details about your treatment and care including prescriptions
· Results on investigations, such as laboratory blood tests, x-rays, etc.
· Relevant information from other health professionals e.g. District Nurse, Health Visitor, Social Worker, relatives or those who care for you
How we will use your information
Your data is collected for the purpose of providing direct patient care to ensure you receive the best possible care. However, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases such as the Clinical Practice Research Datalink and QResearch or others when the law allows.
In order to comply with its legal obligations, this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2012. Information is used to inform national campaigns regarding uptake of screening and immunisation programmes e.g. breast screening, cervical screening, childhood immunisation and the national Flu campaign.
Additionally, this practice contributes to national clinical audits and will send the data that is required by NHS Digital when the law allows. This may include demographic data, such as date of birth, and information about your health which is recorded in coded form; for example, the clinical code for diabetes or high blood pressure.
Processing your information in this way and obtaining your consent ensures that we comply with Articles 6(1)(c), 6(1)(e) and 9(2)(h) of the GDPR.
Maintaining confidentiality and accessing your records
We are committed to maintaining confidentiality and protecting the information we hold about you. Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation has a legal duty to keep it confidential. For the purposes of managing your health and Health Risk Screening we may need to share your information e.g. by making a referral with your consent to the following organisations :
- Hull & East Yorkshire Hospital Trust
- Humber Foundation Trust
- Other NHS Trusts and providers of services commissioned by NHS England such as:
- Community Nurses and/or Community Matrons from City Health Care Partnership or the Humber NHS Foundation Trust.
- Representatives from Adult Community Services in Hull City Council and East Riding of Yorkshire Council
- Voluntary Support Organisations commissioned by NHS Hull & NHS East Riding of Yorkshire
We will not disclose your information to any third party without your permission unless there are exceptional circumstances or the law requires information to be passed on e.g. the Public Health (Control of Disease) Act 1984, the Public Health (Infectious Diseases) Regulations 1988 and the Road Traffic Act 1988. Anyone who receives information from us is also under a legal duty to keep this information confidential.
We may also be obliged to reveal information about you if we believe you are a risk to yourself or others or if we believe a child or a vulnerable adult would be harmed if we did not reveal the information. We may also have to disclose information to prevent disorder or crime or if we are instructed to by a Court order.
General Data Protection Regulation (GDPR)
We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO). You have a right to access the information we hold about you, and if you would like to access this information, you will need to complete a Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. Furthermore, should you identify any inaccuracies, you have a right to have the inaccurate data corrected.
Summary Care Record
A summary of your basic details along with information about your medication is updated daily from the practice to the Summary Care Record on the NHS Spine. This is to allow other health professionals with access to the NHS Spine e.g. in A&E to have easy access to this information if they need it. You can opt out of the summary care record if you wish, please contact our reception team if you wish to do this.
Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including North Beverley Medical Centre; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
Your information may be shared if you have received treatment to determine which Clinical Commissioning Group (CCG) or Council (such as the East Riding of Yorkshire) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
You have a right to object to your information being shared. Should you wish to opt out of data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information; this is done by registering a Type 1 opt-out, preventing your information from being shared outside this practice.
In accordance with the NHS Codes of Practice for Records Management, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration. Records of the deceased are returned promptly to Patient Data Services so requests for access are usually directed to them not the practice.
What to do if you have any questions
1. Contact the practice’s data controller via email at email@example.com. GP practices are data controllers for the data they hold about their patients
2. Write to the data controller at North Beverley Medical Centre, Pighill Lane, Beverley, HU17 7JY
3. Ask to speak to the Practice Manager or Deputy Practice Manager
The Data Protection Officer (DPO) for North Beverley Medical Centre is the Practice Manager.
In the event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’.
When someone visits our website our website provider collects standard internet log information and details of behaviour patterns. This is done so we can identify the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone.
We do not make any other attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source.
If we do want to collect personally identifiable information through our website, we will make it clear when we collect the personal information and will explain what we intend to do with it. Security
Links to other websites
This privacy notice does not cover the links within our site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Privacy Notice May 2018 - Link to PDF Document