Information Governance

Data Protection

The Practice takes our responsibilities associated with Data Protection seriously please find below a copy our Privacy Notice which tells you how we handle and use your personal information. In addition to this should you require access to your information we would appreciate if you could complete a copy of Practice’s application form to access your records and follow the instructions on the form.

Data Provision Notice ( DPN )

All GP practices in England are legally required to share data with NHS Digital for this purpose under the Health and Social Care Act 2012 (2012 Act). More information about this requirement is contained in the data provision notice issued by NHS Digital to GP practices. You can find Privacy Notice for DPN is here Type 1 Opt-out Privacy Notice

Type 1 Opt Out

A type 1 opt out prevents information being shared outside a GP practice for purposes other than direct care.

Patient data from GP medical records kept by GP practices in England is used every day to improve health, care and services through planning and research, helping to find better treatments and improve patient care. The NHS is introducing an improved way to share this information – called the General Practice Data for Planning and Research data collection.

NHS Digital will collect, analyse, publish and share this patient data to improve health and care services for everyone. This includes:

informing and developing health and social care policy
planning and commissioning health and care services
taking steps to protect public health (including managing and monitoring the coronavirus pandemic)
in exceptional circumstances, providing you with individual care
enabling healthcare and scientific research

Any data that NHS Digital collects will only be used for health and care purposes. It is never shared with marketing or insurance companies. NHS Digital will not collect any patient data for patients who have already registered a Type 1 Opt-out in line with current policy. If this changes patients who have registered a Type 1 Opt-out will be informed.

If you do not want your patient data shared with NHS Digital, you can register a Type 1 Opt-out with us. You can register a Type 1 Opt-out before 1 September 2021. You can also change your mind at any time and withdraw a Type 1 Opt-out.

If you have already registered a Type 1 Opt-out with your GP practice your data will not be shared with NHS Digital.

If you wish to register a Type 1 Opt-out with your GP practice before data sharing starts with NHS Digital, this should be done by returning this form to us by 23 August 2021 to allow time for processing it. If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this.

If you register a Type 1 Opt-out after your patient data has already been shared with NHS Digital, no more of your data will be shared with NHS Digital. NHS Digital will however still hold the patient data which was shared with us before you registered the Type 1 Opt-out.

Type 2 Opt Out

A type 2 opt out prevented information being shared outside NHS Digital for purposes beyond the individual’s direct care. If you do not want NHS Digital to share your identifiable patient data with anyone else for purposes beyond your own care, then you can also register a National Data Opt-out (also known as Type 2 Opt out). Your GP surgery can not do this for you.

You can learn more about how NHS Digital uses your data here: General Practice Data for Planning and Research: GP Practice Privacy Notice – NHS Digital

Our ICO Registration Number is: ZA089402

Our Data Protection Officer is Umar Sabat he can be contacted at dpo.swl@nhs.net

How We Use Your Information

Healthcare professionals in our practice record information about the care we provide. The type of information that is recorded includes the following:

Demographics, e.g. address, telephone number, e‐mail, date of birth, gender, etc.

What you tell us when you see us in consultations e.g. about your physical health etc.

Diagnoses, investigations, treatments, referrals, family background.

Social information e.g. housing status, alcohol, smoking data

Third party sources e.g. hospital letters, A&E attendances, relatives, carers, insurance companies, solicitors

What We Already Share About You:

We share different types of information about our patients. These include:

Personal information about you and your illness, when needed for your direct care, e.g. referral to hospital, consultants, district nurses, health visitors, midwives, counsellors, the summary care record

Patient identifiable information to public health, in order to arrange programs for: childhood immunisations, communicable diseases, cervical smears, retinal screening

With explicit consent, personal information to other organisations outside the NHS, e.g. insurance companies, benefits agencies

Limited information about you, if relevant, to protect you and others, e.g. to social services child protection investigations

Under certain acts of parliament to protect you and others e.g. court order

Summary information which is anonymised (can not identify you) e.g. quality and outcome frameworks (QoF), medical research and clinical audit.

It is also important to understand that currently a limited amount of patient information or data is used mostly at local level to help design health services or undertake clinical audit. Some information is used at a national level. Information from lots of individual patients allows the NHS to build a picture of what is happening to the nation’s health. The majority of this information is anonymised before it leaves the healthcare professional, in other words no one can identify who the information relates to.

How we protect your personal information:

Currently, your GP is responsible for protecting your information and to do this they comply with the Data Protection Act 1998 (DPA). As part of the DPA, all healthcare professionals have an obligation only to share information on a need to know basis. For further information on the DPA please go to:
www.legislation.gov.uk/ukpga/1998/29/contents

The physical storage of information is on secure servers which are protected. Access to the information is by authenticated password. The number of people who have access to your information is limited to members of the practice team and in a few instances some pre-agreed data is shared with other health care professional e.g. District Nurses but on a need to know basis.

If you would like to view our Confidentiality Code of Practice Policy, please contact us to arrange.