This privacy notice explains why and what information we collect about you, and how that information may be used.
What we collect
We hold and maintain your medical record. Your GP record is the most complete picture of your health, taking history from care you receive in the practice, the community and in hospital.
- Details about you, such as address and next of kin
- Any contact this or your previous practices have had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Hospital and clinic letters, discharge summaries and care plans
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you and know you well
Your records are primarily used to facilitate the care you receive. However there are a number of crucial other uses for clinical data these include the ability to properly:
- Check the quality of care we provide to everyone (ie clinical audit, responding to complaints)
- Protect the health of the general public
- Monitor how we spend public money
- Train healthcare workers
- Carry out research
- Help the NHS plan for the future.
- Risk stratification
Other important information about how your information is used to provide you with healthcare
Registering for NHS Care
- All patients who receive NHS care are registered on national database.
- This database holds your name, address, date of birth and NHS Number but it does not hold information about the care you receive.
More information can be found at: https://digital.nhs.uk/ or the phone number for general enquires is 0300 303 5678
- The database is held by NHS Digital, a national organisation which has legal responsibilities to collect NHS data.
Identifying patients who might be at risk of certain diseases
- Your medical records will be searched by a computer program so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital.
- This means we can offer patients additional care or support as early as possible.
- This process will involve linking information from your GP record with information from other health or social care services you have used.
- Information which identifies you will only be seen by the practice.
- Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm. These circumstances are rare.
- We do not need your consent or agreement to do this.
Where you have a choice
NHS Research & Planning
Your health and adult social care information supports your individual care. It also helps the NHS to research, plan and improve health and care services in England.
Unless you have chosen to opt out, your confidential patient information can be used for research and planning. This online service allows you to make or change your decision at any time. You can also manage your choice in other ways, see link for more details.
To opt out: complete one of the following options:
Summary Care Record
The NHS in England uses an electronic record called the Summary Care Record (SCR) to support patient care.
It’s a copy of key information i.e. allergies and medication from your GP record and provides authorised healthcare staff faster, secure access to your essential information when it’s needed, for example when you attend accident & emergency.
To opt out: Ask a member of staff for an opt out form, or download the form below and hand it in to a member of the team.
Camden Integrated Digital Record
Camden is linking together your health and social care information. This is so that your care providers in Camden can view the information needed in one place, to provide you with better, more informed care.
This is a local initiative for Camden residents registered at a Camden GP practice. It has no relation to the Summary Care Record. No data will be shared with these or other third parties.
You can find more information about CIDR here.
To opt out: Ask a member of staff for an opt out form.
Information about the legislation that protects your data
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, the NHS Codes of Confidentiality and Security and the General Data Protection Regulation [GDPR].
We are registered with the Information Commissioners Office [ICO] and our registration number is: ZA467208
Data Protection Act 1998 and 2018
The Practice is registered with the Data Protection Agency and is bound by the rules governing the collection and storage of personal data. Your personal data will only be seen by professionals at the practice involved in providing your care. Occasionally anonymised health information is sent to the Primary Care Trust to support quality monitoring, public health analysis and post-payment verification.
Under the Data Protection Act 1998, you have the right of access to your health records. If you would like to your records, please speak to your Doctor or to Reception for further details.
The DPA 2018 means that you or your parent(s) / guardian(s) may have the right to:
- Ask to see the personal data we hold about you, such as health records.
- Ask us to correct information in your health records that you think is wrong or incomplete.
- Refuse or take away consent for us to share your health records with others – an example could be using your information for research purposes.
- Ask us to send your personal information to other healthcare providers.
General Data Protection Regulation [GDPR]
What is GDPR?
GDPR stands for General Data Protection Regulations and is a piece of legislation that superseded the Data Protection Act 1998 on Friday 25th May 2018. It not only applies to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:
Practices must comply with subject access requests.
Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous.
There are new, special protections for patient data.
The Information Commissioner’s Office must be notified within 72 hours of a data breach.
Higher fines for data breaches – up to 20 million euros.
The Six Data Protection Principles
The Practice processes personal data in accordance with the six Data Protection Principles for GDPR identified by the ICO, which means it will:
- Be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- Be processed fairly, lawfully and transparently;
- Be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
- Be collected and processed only for specified, explicit and legitimate purposes;
- Not be kept for longer than is necessary for the purposes for which it is processed; and
- Be processed securely.
There are also stronger rights for patients regarding the information that practices hold about them.
- Being informed about how their data is used.
- Patients to have access to their own data.
- Patients can ask to have incorrect information changed.
- Restrict how their data is used.
- Move their patient data from one health organisation to another.
- The right to object their patient information being processed (in certain circumstances).
What is “consent”?
Consent is permission from a patient – an individual’s consent is defined as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him/her being processed.”
The changes in GDPR mean that we must get explicit permission from patients when using their data. This is to protect your right to privacy, and we may ask you to provide consent to do certain things, like contact you or record certain information about you for your clinical records.
Individuals also have the right to withdraw their consent at any time.
Access to Medical Records
Subject Access Requests [SAR]
If you would like to see your medical record and what data we hold about you, you can contact reception to make a ‘subject access request’ we will then provide you with the data you have requested. We will respond to all SARs without undue delay, and in any event within one month of receipt of the request.
National Diabetes Audit
The National Diabetes Audit (NDA) is the one of the largest annual clinical audits in the world, integrating data from both primary and secondary care sources, making it the most comprehensive audit of its kind.
What does the NDA measure?
The National Diabetes Audit is a major national clinical audit which measures the effectiveness of diabetes healthcare against NICE Clinical Guidelines and NICE Quality Standards, in England and Wales. The NDA collects and analyses data for use by a range of stakeholders to drive changes and improvements in the quality of services and health outcomes for people with diabetes.
The NDA answers five key questions:
- Is everyone with diabetes diagnosed and recorded on a practice diabetes register?
- What percentage of people registered with diabetes received the nine National Institute of Health and Care Excellence (NICE) key processes of diabetes care?
- What percentage of people registered with diabetes achieved NICE defined treatment targets for glucose control, blood pressure and blood cholesterol?
- What percentage of people registered with diabetes are offered and attend a structured education course?
- For people with registered diabetes what are the rates of acute and long term complications (disease outcomes)?
If you would like to Opt out of the National Diabetes Audit, please inform a member of our staff. If you do not have Diabetes then you are not included in this audit.