Data Protection Officer:
Dr Sarah Davies
What Data do we hold about or Patients? To enable us to provide effective healthcare to you we maintain a secure medical record in ‘Write Upp’ (ISO27001:2013 certified). We will hold the following information:
- Your contact details and details of your NHS healthcare practitioners which you have provided to us
- The contents of any important health-related correspondence from you
- Test Results (whether provided by you on paper or to us from our partner laboratories)
- Our assessments and correspondence with you and your other healthcare providers.
Why do we hold and process your data?
Your medical record is very important as it is integral to your health care and our ability to offer you medical services. Obviously it is essential that records are kept as accurately as possible and are up-to-date. Your medical record is held on the computer (except for securely filed paper results awaiting filing to our computer system).
As well as being a chronological record of your health care with us, the computerised records allow us to perform other essential tasks with relative ease. For example, we can use the information to make sure we offer appointments for health reviews at the appropriate time, and for clinical audit, which is a useful tool for continually reviewing and improving the services we provide.
We will use any information submitted to provide you with medical care, administer the provision of appointments and communicate with other health professionals as requested by you.
When do we share your information?
The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:
- To request other healthcare and related practitioners to provide further treatment for you
- To inform your General Practitioner or other Health Specialist of treatment we have provided to you or of test results while in our care
- To help you get other services e.g. from the benefits agency. This requires your consent. When we have a duty to others e.g. in child protection cases
- To Care Quality commission staff upon inspection for them to assess safety and quality of our services.
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff. Except for the above circumstances, your details are not passed on to any third parties.
Can I see the information you hold about me?
In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Requests should be made through the Practice Manager.
In compliance with GDPR, patients have the right to:
- Access all of their information plus any other content that forms part of the patient record, including notes and expect to be able to read them and understand what they mean without expert medical knowledge.
- Know if their personal information has been forwarded to a third-party (like a fellow healthcare professional, consultant, insurer or school).
- Have any invalid information we hold about them corrected.
- Apply to have their personal data deleted.
- Ask us to refrain from further use (or processing) of their information.
- Receive their information in an open electronic format.
- Be notified if critical information about them is inappropriately accessed.
Applications for Data Deletion
For legal purposes, we maintain a record of our contact with patients for 7 years from our last clinic contact (or until the age of 21 years and 3 months in the case of any child in our care). Applications for deletion will be looked at individually and (if there has been minimal or no contact), then the request may be granted at our discretion.
For past patients, who no longer wish to remain on our contacts list and who do not wish their data to be accessed, their data will be stored (for the time specified above), in a secured form away from our patient database. During this time contact details will be removed from our systems and the records will not be accessed for any purpose other than defending a legal claim, should this need arise.
Contact and Communication
Patients contacting us via the practice email do so at their own discretion and provide any such personal details at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use. Every effort has been made to ensure a safe and secure process is available for the email submission of data, but we advise patients that they are responsible for ensuring they transmit their personal details to us in a secure manner. Please contact us to discuss this before transmitting any sensitive personal data to the clinic.
We will not use your details for the purposes of product marketing but will request your permission to use contact details to keep in touch with you about your appointments, share updates to your medical records and important news about clinic closures or organisational changes.
Should we produce newsletters or wish to promote educational, health-related events and news in the future, we will ask for your permission for us to contact you with this information separately (this is not a core part of our service).