The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly, lawfully and transparently.
As a practice we have policies and procedures in place ensuring all patient data is held securely and all information is strictly confidential.
What is a privacy notice and how does it apply to me?
A Privacy Notice tells people how organisations use information that they hold about them. A new law called the UK General Data Protection Regulation 2016, also known as UKGDPR, says that we need to provide you with this Privacy Notice and let you know:
- What information we hold about you
- How we keep this especially important information safe and secure and where we keep it
- How we use your information
- Who we share your information with
- What your rights are
- When the law gives us permission to use your information
Why does the law give you permission to use my details?
The law gives us permission to use your information in situations where we need it to take care of you. Because information about your health is very personal, sensitive and private to you, the law is very strict about how we use it.So, before we can use your information in the ways we have set out in this Privacy Notice, we have to have a good reason in law, which is called a ‘lawful basis’. Not only do we have to do that, but we also have to show that your information falls into a special group or category, because it is very sensitive. By doing this the law makes sure we only use your information to look after you and that we do not use it for any other reason.
If you would like more information about this please ask to speak to our Data Protection Officer (DPO) mentioned in this Privacy Notice who will explain this in more detail.
About us…
We, at the Brewood Medical Practice at Kiddemore Green Road, Brewood are responsible for collecting, storing and handling your information when you registered with us as a patient. Because we do this, the law says we are Data Controllers. Sometimes we may use your information for a particular purpose and when we do so, the law says we are Data Processors.
What information do you hold about me?
We hold information about you such as:
- Your name
- Address
- Mobile number
- Information about your parent(s) or person with parental responsibility
- All your health records
- Appointment records
- Visits to see your GP
- Treatments you have had
- Medicines prescribed for you and any other information to help us look after you
How do you keep it safe?
- The law says that we must do all we can to keep your information private, safe and secure.
- We use secure computer systems and we make sure that any written information held about you is under lock and key and kept in a safe place. This includes taking great care with any passwords we use which we change on a regular basis. We also train our staff to respect your privacy and deal with your information in a manner that makes sure it is always kept and dealt with in a safe way.
What do you do with my information?
- We only usually use your information to help us care for you. That means we might need to share your information with other people who are concerned and involved with looking after your health.
- We might need to share your information with the police, courts, social services, solicitors and other people who have a right to your information, but we always make sure that they have a legal right to see it (or have a copy of it) before we provide it to them.
Who else will see my information?
- Usually only doctors, nurses and other people who work with us are allowed to see your information.
- Sometimes though, if you need to go to the hospital or be seen by a special doctor, we will share your information with them but this only so that we can take care of you.
- Sometimes we might be asked to take part in medical research that might help you in the future. We will always ask you or your parent(s) or adult with parental responsibility if we can share your information if this happens.
- Possibly the police, social services, the courts and other organisations and people who may have a legal right to see your information.
What are my rights?
- If you want to see what information we hold about you then you have a right to see it and you can ask for it.
- To ask for your information you will usually need to put your request in writing and tell us what information you want us to give you.
- We usually need to answer you within one month. Your parent(s) or adult with parental responsibility can help you with is if you need help.
- Usually we will give this to you free of charge.
- If you think there are any errors in the information we hold about you then you can ask us to correct it but the law says we can’t remove any of the information we hold about you even if you ask us to. This is because we need this information to take care of you.
- You have a right to ask us not to share your information.
- If you would like to talk to us about not sharing your information, even if this means you don’t want us to share your information with your parent(s) or adult with parental responsibility, please let us know. We will be happy to help.
What if I have a question?
- A member of our staff/receptionist will be happy to talk to you about any questions you may have and we will do our best to help you.
- The Surgery has a person called a Data Protection Officer (DPO) who deals with all queries about patient information. Our receptionist may put you in touch with this person who will listen to your concerns and give you the advice you need.
- Our DPO is called Paul Couldrey and he can be contacted at Couldrey@me.com.
What if I have a serious complaint about how you look after my information?
- We will always do our best to look after your information and to answer your questions.
- If you are still not happy with something we have done with your information you can speak to our DPO.
- If our DPO has not been able to help you or if you prefer not to speak to our DPO then you have a right to pass your complaint to an organisation called the Information Commissioner’s Office (ICO) who will look into what has gone wrong. For more information visit ico.org.uk
Updates to this privacy notice
- The law says we must keep all information we provide in this Privacy Notice up to date.
- This Privacy Notice was last updated on 1.7.2022 and will be reviewed on 8.10.2022.
Additional GDPR information:
GDPR Data Protection Impact Assessment
GDPR Practice Responsibilities
How We Use You Information Leaflet
National Data Opt Out Programme
NHS Digital have developed a national data opt-out system to give patients the opportunity to make an informed choice about whether they wish for their personal identifiable information to be used for research and planning purposes. The national data opt-out will not apply to, or affect the necessary usages of data for the patient’s individual care and treatment.
The national data opt-out was introduced on 25 May 2018, providing a facility for individuals to opt-out from the use of their data for research or planning purposes. This is provided in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs. The service will initially be in beta, while we ensure the service design is optimal.
Individual preferences will be collected from 25 May 2018 onwards and all health and care organisations are required to apply preferences in all research and planning situations in which confidential patient information is used. NHS Digital will apply these preferences with immediate effect.
The national data opt-out will replace the previous ‘type 2’ opt-out, which required NHS Digital to refrain from sharing a patient’s confidential patient information for purposes beyond their direct care. Any person with an existing type 2 opt-out will have it automatically converted to a national data opt-out from 25 May 2018 and will shortly receive a letter giving them more information and a leaflet explaining the new national data opt-out. We will continue to collect and convert type 2 opt-outs during the beta phase.
What is the opt-out?
The opt-out system will allow patients to directly express an opt-out preference of their personal identifiable information being used for:
- research purposes – such as finding ways to improve treatments; and
- planning purposes – such as data use to improve delivery of health services.
The national data opt-out choice can be viewed or changed at any time by using the online service at NHS.uk – Your NHS Data Matters.
