Privacy Policy
What data do we hold about our Patients?
To enable us to provide effective healthcare to you we maintain a secure medical record in ‘Write Up’ (ISO27001:2013 certified). We will hold the following information:
Your contact details and details of your NHS healthcare practitioners which you have provided to us
The contents of any important health-related correspondence from you
Test Results (whether provided by you on paper or to us from our partner laboratories)
Our assessments and correspondence with you and your other healthcare providers.
Why do we hold and process your data?
Your medical record is very important as it is integral to your health care and our ability to offer you medical services. Records must be kept as accurate and up-to-date as possible. Your medical record is held on the computer (except for securely filed paper results awaiting filing to our computer system).
As well as being a chronological record of your health care with us, the computerised records allow us to perform other essential tasks with relative ease. For example, we can use the information to make sure we offer appointments for health reviews at the appropriate time, and for clinical audits, which is a useful tool for continually reviewing and improving the services we provide.
We will use any information submitted to provide you with medical care, administer the provision of appointments and communicate with other health professionals as requested by you.
When do we share your information?
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
To request other healthcare and related practitioners to provide further treatment for you
To inform your General Practitioner or other Health Specialist of treatment we have provided to you or of test results while in our care
To help you get other services e.g. from the benefits agency. This requires your consent. When we have a duty to others e.g. in child protection cases
To Care Quality commission staff upon inspection for them to assess the safety and quality of our services.
Reception and administration staff require access to your medical records to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff. Except for the above circumstances, your details are not passed on to any third parties.
Can I see the information you hold about me?
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Requests should be made through the Practice Manager.
In compliance with GDPR, patients have the right to:
Access all of their information plus any other content that forms part of the patient record, including notes and expect to be able to read them and understand what they mean without expert medical knowledge.
Know if their personal information has been forwarded to a third party (like a fellow healthcare professional, consultant, insurer or school).
Have any invalid information we hold about them corrected.
Apply to have their personal data deleted.
Ask us to refrain from further use (or processing) of their information.
Receive their information in an open electronic format.
Be notified if critical information about them is inappropriately accessed.
Applications for Data Deletion
For legal purposes, we maintain a record of our contact with patients for 7 years from our last clinic contact (or until the age of 21 years and 3 months in the case of any child in our care). Applications for deletion will be looked at individually and (if there has been minimal or no contact), then the request may be granted at our discretion.
For past patients, who no longer wish to remain on our contacts list and who do not wish their data to be accessed, their data will be stored (for the time specified above), in a secured form away from our patient database. During this time contact details will be removed from our systems and the records will not be accessed for any purpose other than defending a legal claim, should this need arise.
Contact and Communication
Patients contacting us via the practice email do so at their discretion and provide any such personal details at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use. Every effort has been made to ensure a safe and secure process is available for the email submission of data, but we advise patients that they are responsible for ensuring they transmit their personal details to us in a secure manner. Please contact us to discuss this before transmitting any sensitive personal data to the clinic.
Should we produce newsletters or wish to promote educational, health-related events and news, you can sign up for this service and can 'opt out' at any time from the emails you may receive from us.
Further data protection information can be obtained from the Information Commissioner's website.