General Data Protection Regulations
The General Data Protection Regulation (GDPR) is a new law that determines how your personal data is processed and kept safe, and the legal rights that you have in relation to your own data.
The regulation applies from 25 May 2018, and applies even now the UK has left the EU.
What GDPR will mean for patients
- Data must be processed lawfully, fairly and transparently
- It must be collected for specific, explicit and legitimate purposes.
- It must be limited to what is necessary for the purposes for which it is processed.
- Information must be accurate and kept upto date.
- Data must be held securely.
- It can only be retained for as long as necessary for the reasons it was collected.
There are also stronger rights for patients regarding the information that practices hold about them. These include;
- Being informed about how their data is used.
- Patients to have access to their own data.
- Patients can ask to have incorrect information changed.
- Restrict how their data is used.
- Move their patient data from one health organisation to another.
- The right to object to their patients information being processed (In certain circumstance)
Direct Care Privacy Notice
Emergencies Privacy Notice
CQC Privacy Notice
National Screening Privacy Notice
Payments Privacy Notice
Summary Care Records Privacy Notice
NHS Digital Privacy Notice
Public Health Privacy Notice
Risk Stratification Privacy Notice
Safeguarding Privacy Notice
Dr Stokes and Partners and all its staff are committed to maintaining confidentiality and protecting your data in accordance to the Data Protection Act.
All our staff are bound by confidentiality and they are aware of their responsibilities to keep your information safe. Every employee has on-going training and is aware that any break in their contractual obligations could lead to disciplinary action including dismissal.
We will not pass your information onto any outside 3rd party without your permission, this includes your family members, i.e spouse or parent. Health and Social Care professionals can share information in the best interests on the patient, this will only be done is exceptional circumstances (life or death or required by law)
Some of the information we hold about you is as follows;
- Information about you - Name, Address, Date of birth, Telephone number, email address, next of kin...
- information about treatment you have received at the surgery or other NHS authorities.
- Information on your Physical and Mental health
- Test results - Blood, Blood Pressure, x-rays, other labratory tests.
- Any Medication you have taken
- Details of appointments, consultations and letters relating to your visit to the practice
- Reports - Mental Health, Adult/Child Protection, Police reports, Solicitors (at your request)
Information held by us, may be used for clinical audit purposes, this information will be used to check the quality of the treatment you receive at the surgery.
Information about you could be extracted by NHS England/Clinical Commissioning Groups for statistical reasons - all data will be anonymised.
We may share data to help enhance the quality of your care with other organisations. This will only be done with your consent and it could be shared by phone, letter, email or online technology with the following organisations;
- NHS and Specialist Hospital trusts
- Ambulance Service
- Dentists, opticians, pharmacists etc
- The CCG (Clincal Commissioning Group) and NHS England
- Social Service, Health and Social Care direct and Local Authorities
- Voluntary and private Sector Providers
You as a patient can object to your data being shared with the above organisations but this could restrict the level of care we will be able to offer you.
You can request access you to Health records under the Data Protection Act (now GDPR) that the surgery holds for you and to request for any incorrect information to be rectified. These requests are always approved by one of our GP's.
If you wish to have access to your Health records;
- Please put this in writing to the Practice Manager, ensuring you state what information you require and provide enough data that we can identify you.
- There will be no fee for this unless there are multiple requests for the same information.
- Information will be sent to you within 40 days.
More information is available within our Privacy Notices which are attached above.