Confidentiality and GDPR
All patient information is considered to be confidential and we comply fully with the Data Protection Act and Caldicott principles.
The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data. The Regulation applies from 25 May 2018, and will apply even after the UK leaves the EU.
The GDPR sets out the key principles about processing personal data, for staff or patients:
- Data must be processed lawfully, fairly and transparently,
- It must be collected for specific, explicit and legitimate purposes,
- It must be limited to what is necessary for the purposes for which it is processed
- Information must be accurate and kept up to date
- Data must be held securely
- It can only be retained for as long as is necessary for the reasons it was collected.
There are also stronger rights for patients regarding the information that practices hold about them. These include:
- Being informed about how their data is used
- Patients to have access to their own data
- Patients can ask to have incorrect information changed
- Restrict how their data is used
- Move their patient data from one health organisation to another
- The right to object to their patient information being processed (in certain circumstances).
All employees in the practice have access to this information in relation to their role, have confidentiality clauses in their contracts of employment and have signed a confidentiality agreement. All staff members adhere to the Confidentiality: NHS Code of Practice 2003.
Patient identifiable information may be given to other health and care professionals to enable continuity of care.
A copy of our Fair Processing & Privacy Notice is available from Reception or can be found here
Access to Records
You have a right under the Data Protection Act 1998 and the General Data Protection Regulation to access and/or view what information the surgery holds about you. This is known as a Subject Access Request.
Individuals wishing to exercise their right of access should:
- Make a written application to the Practice holding the records, including via email
- Provide such further information as the Practice may require to sufficiently identify the individual.
The Practice as “data controller” is responsible for ascertaining the purpose of the request and the manner in which the information is supplied.
Under GDPR the Practice must provide information free of charge. However, we can charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive. The fee must be based on the administrative cost of providing the information only.
The request must be complied with at least within one calendar month of receipt of the request. This period can be extended for a further two months where requests are complex or numerous; however the Practice must inform the individual within one month of receipt of the request and explain why the extension is necessary.
A copy of our Subject Access Request Policy can be obtained from Reception or can be found here
This also contains a request form.
If you feel you would like a chaperone present at your consultation, please ask at Reception or inform your Doctor/Nurse, who will be more than happy to arrange this for you.
Freedom of Information
Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.
Complaints & Suggestions
We are always trying to improve our service and would like to know if you have any suggestions or complaints. We have an ‘in-house’ complaints procedure – please contact the practice manager.
The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.