Brownhill Surgery takes your confidentiality and privacy rights very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) 2018.
How we handle your personal information
When you visit the surgery we want you to feel able to discuss anything with your doctor that might relate to your health. This may include sexual matters, your relationships, drugs, drinking, your mental health, your job etc. You need to feel that anything you inform us of will remain absolutely confidential.
The General Medical Council, whose rules on confidentiality apply to all doctors in the UK, enforces our duty of confidentiality to all patients. The practice is also registered under the Data Protection Act 2018.
We take great care to ensure that no information you give us is passed on either inadvertently or through the deception of others. This would include other family members unless we have your written consent.
Why we collect information about you?
In the National Health Service we aim to provide you with the highest quality of health care. To do this we must keep records about you, your health and the care we have provided or plan to provide to you.
The NHS in England uses patient information for different purposes and the main two are:
a: To provide direct care – To provide patients with the personal care and treatment they need.
b: For purposes beyond direct care – Where patients’ information is used alongside other patients’ information in statistics and research and analysis. This information is typically used to check that health and social care services are doing a good job; to provide the right services at the right time; and to support researchers in the development of new medicines and treatments.
How your information might be used
Sharing information for your direct care
Doctors do not discuss their patients with reception staff, but staff may type letters, file incoming hospital post and results and carry out a host of other administrative tasks on behalf of your doctor. They are not allowed to access your notes for any other purpose. All our staff are highly trustworthy and professional in their attitude to the responsibility that patient confidentiality places on them. The practice can audit access to records to ensure records are not accessed inappropriately.
Summary Care Record
Summary Care Record (SCR) is an electronic record that gives healthcare staff faster, easier access to essential information about you anywhere in the country, so that you can be given safe treatment during an emergency or when your GP surgery is closed.
You can opt out if you do not want your information to be used in this way. For further information visit the NHS summary Care Records page.
Sharing information for purposes beyond your direct care
Risk stratification is a process of identifying patients or groups of patients that are most likely to get a certain disease so that the right services can be provided to an individual or a population in general.
For example, “these patients are most likely to get diabetes in my GP practice, so I’m going to provide this care plan to those individuals” or “this number of patients is at risk of diabetes in this CCG, so I’m going to commission this service”.
Information to the Health Authority and other health organisations
Some information is sent electronically to the other parts of the NHS for administration and payment purposes. This can be statistical information that does not identify individuals or may include some personal details such as changes of address etc. in order to keep the practice list up to date. All NHS staff are bound by the same rules on data protection and confidentiality.
The practice is also requested by the NHS and Medical Research Council (MRC) to provide data for the clinical audit or research of certain diseases and conditions. This information will either be anonymous, so individuals cannot be identified or you will be asked for consent. You may be contacted to ask if you’re happy for your information to be used in this way. Your identifiable information will only be shared in this way where you have given your explicit consent.
Prescribing information is also requested to help compile statistics on how diseases are treated and the costs involved in treating some illnesses. All such information is anonymous; individual patients will not be recognisable from this information.
How long do we keep your information?
All records held by the NHS are subject to the Records Management Code of Practice for Health and Social Care Act 2016 (the Code). The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it. For further information please visit this NHS - Health and Social Care website.
Patient access to records
Request for access to health records
You have the right to see your own medical record, both hand written and entered onto the computer. It may be beneficial to contact the surgery to discuss this prior to requesting your notes.
Reports for other people
Sometimes you may need a report prepared by your doctor for someone else who is not involved in your care. This may be your employer, an insurance company or your solicitor. We will never release any information to any other party without your written consent. You have the right to see these reports before they are sent off. If you have any worries we recommend you ask to check them at the time.
What is Patient Online?
Patient Online allows you to access GP services from your computer, tablet or mobile phone, as well as through your local GP practice to:
- Book GP appointments online
- View a summary of your health records online
- Renew prescriptions online
How will Patient Online help me?
Online services will allow you to book and cancel appointments or request repeat prescriptions at a time that is convenient to you – day or night. It will help you to take greater control of your health and wellbeing by increasing online access to services. Evidence shows that patients who are informed and involved in their own care have better health outcomes and are less likely to be admitted to hospital.
How can I get access to my GP Record?
You will need to fill in a short form and bring proof of your identity into the GP surgery so that we can provide you with login details and with a password.
At Brownhill Surgery we currently offer the online services below:
- Booking appointments
- Repeat prescriptions
- Access to GP records
All persons who can access your record on computer are given a unique password. Different grades of staff have different levels of access. Staff should only have access to those parts of the computer record that they need to do their job. An audit trail of who has used the computer is kept within the computer system with every login recorded and identified by the user’s password. All computers have anti-virus software loaded, which is regularly updated to protect your medical record.
- Contact the practices' data controller via the surgery email: Brownhill.firstname.lastname@example.org.
- Write to the surgery addressing your letter to the Data Controller
- Ask to speak to the Practice Manager by telephoning the surgery on 01254 247477.
The Data Protection Officer for Brownhill Surgery is Hayley Gidman.
If for any reason you are unhappy with any of our data processing methods, you have the right to lodge a complaint with the ICO. For further information please visit ico.org.uk and select 'raising a concern'.
COVID-19 Privacy Notice
(This Privacy Notice is to run alongside our standard Practice Privacy Notice)
Due to the unprecedented challenges that the NHS and we, BROWNHILL SURGERY face due to the worldwide COVID-19 pandemic, there is a greater need for public bodies to require additional collection and sharing of personal data to protect against serious threats to public health.
In order to look after your healthcare needs in the most efficient way we, BROWNHILL SURGERY may therefore need to share your personal information, including medical records, with staff from other GP Practices including Practices within our Primary Care Network, as well as other health organisations (i.e. Clinical Commissioning Groups, Commissioning Support Units, Local authorities etc.) and bodies engaged in disease surveillance for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure.
The Secretary of State has served notice under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) to require organisations to process confidential patient information in the manner set out below for purposes set out in Regulation 3(1) of COPI.
Purpose of this Notice
The purpose of this Notice is to require organisations such as BROWNHILL SURGERY to process confidential patient information for the purposes set out in Regulation 3(1) of COPI to support the Secretary of State’s response to Covid-19 (Covid-19 Purpose). “Processing” for these purposes is defined in Regulation 3(2) and includes dissemination of confidential patient information to persons and organisations permitted to process confidential patient information under Regulation 3(3) of COPI. This Notice is necessary to require organisations such as BROWNHILL SURGERY to lawfully and efficiently process confidential patient information as set out in Regulation 3(2) of COPI for purposes defined in regulation 3(1)
Requirement to Process Confidential Patient Information
The Secretary of State has served notice to recipients under Regulation 3(4) that requires BROWNHILL SURGERY to process confidential patient information, including disseminating to a person or organisation permitted to process confidential patient information under Regulation 3(3) of COPI.
BROWNHILL SURGERY is only required to process such confidential patient information:
- where the confidential patient information to be processed is required for a Covid-19 Purpose and will be processed solely for that Covid-19 Purpose in accordance with Regulation 7 of COPI
- from 20th March 2020 until 30th September 2020.
A Covid-19 Purpose includes but is not limited to the following:
- understanding Covid-19 and risks to public health, trends in Covid-19 and such risks, and controlling and preventing the spread of Covid-19 and such risks
- identifying and understanding information about patients or potential patients with or at risk of Covid-19, information about incidents of patient exposure to Covid-19 and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from Covid-19
- understanding information about patient access to health services and adult social care services and the need for wider care of patients and vulnerable groups as a direct or indirect result of Covid-19 and the availability and capacity of those services or that care
- monitoring and managing the response to Covid-19 by health and social care bodies and the Government including providing information to the public about Covid-19 and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
- delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with Covid-19, including the provision of information, fit notes and the provision of health care and adult social care services
- research and planning in relation to Covid-19.
Recording of processing
A record will be kept by BROWNHILL SURGERY of all data processed under this Notice.
Sending Public Health Messages
Data protection and electronic communication laws will not stop BROWNHILL SURGERY from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.
It may also be necessary, where the latest technology allows BROWNHILL SURGERY to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.
Visitors to The Practice
We have an obligation to protect our staff and employees’ health, so it is reasonable for staff at BROWNHILL SURGERY to ask any visitors to our practice to tell us if they have visited a particular country, or are experiencing COVID-19 symptoms. This must only be in pre-approved circumstances and we would also ask all patients to consider government advice on the NHS 111 website and not attend the practice.
Where it is necessary for us to collect information and specific health data about visitors to our practice, we will not collect more information than we need, and we will ensure that any information collected is treated with the appropriate safeguards.
Review and Expiry of this Notice
This Notice will be reviewed on or before 30 September 2020 and may be extended by The Secretary of State. If no further notice is sent to BROWNHILL SURGERY by The Secretary of State this Notice will expire on 30 September 2020.
We are committed to protecting the privacy of all individuals using this website.
This policy explains how we use any personal information we collect from you through this website.
Collection of personal information
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.
We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:
We shall use your personal information to administer, and may respond to, your request.
We shall securely store the information you supply together with any response we may provide.
If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.
This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.
All data obtained by us is held and used in compliance with the Data Protection Act 2018.
This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.
Access to your personal information
You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.