CONFIDENTIALITY AND DATA PROTECTION
General Data Protection Regulation
Privacy Statement for Patients
Subject Access Request Form for Health Records
Subject Access Request Leaflet
WHAT THE GENERAL DATA PROTECTION REGULATION (GDPR) MEANS FOR PATIENTS
Your Data: Your Medical Records Are Processed for Direct Patient Care
- Must be processed lawfully, fairly and transparently
- Collected for specific, explicit and legitimate purposes
- Limited to what is necessary for the purposes for which it is processed
- Must be accurate and kept up to date
- Must be held securely
- Retained for as long as is necessary for the reason it was collected
- To be informed about how your own data is used
- Have the right to request access to your own data
- Have the right to request incorrect information is changed
- To restrict how your data is used within reason
- The right to object to personal information being processed
How We Use Your Medical Records
- This Practice handles medical records according to the laws on data protection and confidentiality.
- We share medical records with health professionals who are involved in providing you with care and treatment. This is on a need to know basis and event by event.
- Some of your data is automatically copied to the Emergency Care Summary.
- We may share some of your data with local out of hours / urgent or emergency care service.
- Data about you is used to manage national screening campaigns such as Flu, Cervival Cytology and Diabetes Prevention.
- Data about you, usually de-identified, is used to manage the NHS and make payments.
- We share information when the law requires us to do so, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people.
- Your data is used to check the quality of care provided by the NHS.
- We may also share medical records for medical research.
Further information is available from the Practice Reception team regarding:
- Who can access your GP Record
- The right to access
- The right to object
- The right to rectification
- Practice Privacy Statement - see download/view link above
Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.
Subject Access Requests (GDPR, Data Protection Act 1998 and Access to Health Records Act)
- To be processed 1 month from time of request receipt
- Can be extended 2-3 months in certain circumstances, but we will keep you informed of our progress
- No fee for initial request
- Fee may apply for repeated or excessive requests (>20 printed pages)
- Request by completing form available from Practice Reception (or download via link at page header), via writing, or email
- Provide consent and x2 forms of identification (ID)
- Return completed form to the Practice Reception
- Our Receptionist will check your ID and consent
- Information requested will be available for witness or printed / copied as appropriate
- GPs will review the information and redact third party information and anything that they feel may be detrimental to the Patient.
- Reception staff will contact you to advise when your documents are ready for collection.
- Patients must collect the documents personally, with proof of ID required at time of collection.
- Signature will be required confirming that the security of the information becomes the Patient responsiblity once received.
Freedom of Information
Information about the General Practioners and the Practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the Practice Manager.
We make every effort to give the best service possible to everyone who attends our practice.
However, we are aware that things can go wrong resulting in a patient feeling that they have a genuine cause for complaint. If this is so, we would wish for the matter to be settled as quickly, and as amicably, as possible.
To pursue a complaint please contact the Practice Manager (firstname.lastname@example.org) who will deal with your concerns appropriately. Further written information is available regarding the complaints procedure from Practice Reception.
Zero Tolerance Policy
The NHS operate a Zero Tolerance Policy with regard to violence and abuse and the Practice has the right to remove violent patients from the list with immediate effect in order to safeguard Practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the Patient in writing of their removal from the list and record in the Patient’s medical records the fact of the removal and the circumstances leading to it.