Data Protection

Data Protection

Information we hold about you

In order to provide the right level of care, we are required to hold personal information about you.  We use computer systems (the NHS GP record) and occasionally paper records to help us to look after your health needs.  All of our practice team share responsibility accuracy and safe-keeping of that information. 

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

Please help to keep your NHS GP record up to date by informing us of any changes to your personal circumstances.  See My NHS for how to do so.


Confidentiality and Data Use within the Practice

All of our staff have access to your NHS GP records to enable them to do their jobs.  They are able to see all the information contained within your NHS GP record, which may include information from other NHS organisations who have shared their notes with us. 

All of our staff have been properly trained in confidentiality issues and are governed by both legal and contractual duty to keep your information private.  Our staff have training and regular updates on Confidentiality, Data Handling and the Caldicott Principles, which guide healthcare workers in data confidentiality and data sharing. 

Information you give one member of our team may recorded in your NHS GP record and therefore visible by other people in our practice who are involved in your care. 


Information shared for healthcare purposes

If you have agreed to share it, the NHS GP record system may be used by some NHS organisations other than your GP surgery.  Before accessing your NHS GP record, each service will ask you for permission to view it.  Anyone who you permit to access your NHS GP record will have access to all the information recorded in it.  Regardless of their role, any NHS staff who is able to view your NHS GP record will have been appropriately trained by their organisation and will be governed by both legal and contractual duty to keep your details private.

In addition to the shared NHS GP record, we may share your information with other healthcare organisations outside of our practice who are involved in your care, if the information is required to provide you with appropriate healthcare.  Where possible we will discuss that with you first.


Information shared for any other purpose 

If we are asked to share information with another organisation for any purpose other than your healthcare, we will seek your permission first (except when required for statutory reasons - see below). 

There may be times you are required to give written consent for us to release information e.g. medical reports for insurance, solicitors.


Information we are required by law to share

In some circumstances we may be required by law to share your information to statutory or other official bodies, for example if a court order is presented; or in the case of signficant public health risk.  Where we are required by law to share information, we may sometimes do so without discussing it with you first.


Information sharing over the telephone / email / SMS

To ensure your privacy, we will not disclose any information unless we are sure that we are talking to you. 

Information will not be disclosed to family, friends or spouses unless we have prior written consent to do so.

We do not leave messages with others, or messages on answerphones, unless we are sure that answerphone is yours and that you are happy for us to us it.

We may use SMS text messaging services to contact you about your healthcare.  Please be aware that if you pass your SIM card on to someone else you must let us know, or otherwise risk your private messages going to that person by mistake.


Access to view your information

Under GDPR, you have a right to see the information we hold about you (including your NHS GP record) if you wish.  This is called a "Subject Access Request".  Please contact reception if you wish to discuss this.  Where the Subject Access Requests are excessive, we have the right to charge you.

Most patients find it more helpful to be given access to see their NHS records themselves, via our online portal SystmOnline.  This allows them to see any information which is later entered in their notes, as often as they wish.  See here for more information

IT systems in use at the Practice

The following IT systems are in use at the practice:

  • Shared NHS GP record (sharing information between NHS community services involved in your care e.g. GP, Community Nursing, Physiotherapy)
  • Electronic Referrals System (sharing your demographic details and selected medical history with another healthcare provider)
  • SystmOnline (patient online GP portal)
    • View your contact details and update them
    • Electronic Appointment Booking (the facility to book routine appointments online and, similarly, to cancel appointments)
    • Online requesting of repeat prescriptions (online access to your current medication lists)
    • View your NHS GP record (the facility to view your GP records online; includes results and letters to and from the GP)  
  • Electronic Prescription Service (sharing your medication details with community pharmacies) 
  • NHS Summary Care Record (uploading details of your current medication and allergies to the national “spine” so that these are available for doctors involved in your care elsewhere - these are mostly emergency services).  You are able to opt out of this service - please contact reception.
  • GP to GP transfers (the electronic transfer of records from practice to practice when you register with a new GP practice)